Release notes
Last updated
Was this helpful?
Last updated
Was this helpful?
Subscribe to our
release_v25.05.1 (latest)
release_v25.04.1
release_v25.03.1
release_v25.02.2
release_v25.02.1
release_v25.01.1
release_v24.12.2
release_v24.12.1
release_v24.11.3
release_v24.11.2
release_v24.11.1
release_v24.10.2
New token-based authorization for Jira NEW
Job sequence per asset NEW
Reworked version control comments mode settings UPDATE
New auditor job settings NEW
Minor bugfixes UPDATE
release_v24.10.1
Improved version control systems integration: delayed comments, deletion of previous comments, including findings from other branches in pull requests UPDATE
Some notifications now include user information UPDATE
Small fixes in importers UPDATE
release_v24.09.1
Webhook based integration with GitHub and GitLab: push events trigger scans, merge requests trigger comments NEW
Reworked Assets table in product UPDATE
Added configuration of default job sequence NEW
Improved Job list in Auditor settings UPDATE
Minor UI bug fixes UPDATE
release_v24.08.4
Date Selection for Temporarily Accepted Findings: Introduced a date select feature for temporarily accepted findings, allowing users to specify a review date. NEW
Russian Portal Translation: The portal is now available in Russian. NEW
Added Assets to Jira Issue Descriptions: Improved Jira integration by automatically including relevant assets in the issue description. NEW
Improved Swagger: Updated and improved Swagger documentation, making it easier for developers to understand and use the API. UPDATE
Bugfix: Products were not visible on validation rule creation screen UPDATE
Bugfix: Filtering by tags resulted in duplicate products UPDATE
Bugfix: Wrong triage status after re-verifying a result UPDATE
release_v24.08.3
Status event notifications: Now include findings IDs NEW
CWE Filter: Displays total number of findings per CWE NEW
Added Days Accepted for Temporary Risk Accepted Findings NEW
Added asset creation for the Asset Audit endpoint: The Assets Audit Endpoint has been enhanced with the ability to create assets, streamlining asset management within the audit process. NEW
Notifications: Now use application/json content type NEW
Select different triage statuses for top CWE recommendations NEW
Added integrations to Patch Request for Findings endpoint NEW
release_v24.08.2
Custom field for findings and basic deduplication: Introduced the ability to add custom fields to findings, along with basic deduplication functionality. NEW
SSL configuration for notifications: Added SSL configuration options for notifications, improving the security and reliability of notification delivery. UPDATE
Minor bug fixes: Various minor issues have been addressed to improve system stability and performance. UPDATE
release_v24.08.1
New statuses: Introduced new statuses (Temporarily Risk Accepted, Permanently Risk Accepted) to better categorise and manage risk acceptance in findings. NEW
Autovalidator actions for new findings statuses: Added autovalidator actions to handle the newly introduced issue statuses. NEW
Jira Issue Status Mappings for New Issue Statuses: Implemented mappings for Jira issue statuses to reflect the new issue statuses. NEW
Configurable Two-Way Binding for Jira Issue Statuses: Enabled configurable two-way binding for Jira issue statuses. NEW
Status change event added for notifications: Added a status change event to trigger notifications to keep users informed of any changes to issue statuses. NEW
Enhanced findings automation filters: Improved findings automation filters. UPDATE
Minor bug fixes: Various minor bugs have been addressed to improve overall system performance and reliability. UPDATE
release_v24.07.3
Added support for Common Weakness Enumeration (CWE): Allows users to focus on the most common security issues. NEW
Refactored importers to support CWE: Importers have been refactored to include CWE support, allowing for more comprehensive and detailed analysis of security issues. NEW
Added preview of assets and products for selected findings: Added the ability to preview assets and products associated with selected findings, providing a clearer understanding of the impact and context of each issue. NEW
Organisation removed from repository URL configuration: Simplified repository URL configuration by removing the organisation parameter. The portal can now automatically retrieve most information from the repository asset, streamlining setup and configuration. UPDATE
Minor bug fixes: Various minor bugs have been addressed to improve overall system performance and reliability. UPDATE
release_v24.07.2
UI improvements: Made several improvements to the user interface for a more intuitive and user-friendly experience. UPDATE
Jira Webhooks Improvements: Improved integration with Jira webhooks for more reliable and efficient issue tracking and management. UPDATE
CVSS Rules in Admin Interface: Added the ability to manage Common Vulnerability Scoring System (CVSS) rules directly in the admin interface for easier configuration and updates. NEW
Stability improvements: Audit schedules are now more stable UPDATE
Bug fixes: Various minor bugs have been addressed to improve overall system performance and reliability. UPDATE
Maintenance Some microservices removed: Some microservices have been removed from the system. UPDATE
release_v24.07.1
Grouping feature for Auto Validator: A new grouping feature has been added to the Auto Validator, allowing users to organise and categorise validation results more efficiently. NEW
Minor bugfixes UPDATE
release_v24.06.3.1
Minor bugfixes UPDATE
Select Items Using Shift Key: Added the ability to select multiple items using the Shift key. NEW
Nessus Importer: Introduced a new Nessus importer feature, enabling seamless integration with Nessus for importing and managing vulnerability data. NEW
UI Improvements: Made several enhancements to the user interface for a more intuitive and user-friendly experience. UPDATE
Minor Fixes: Addressed various minor bugs to improve system performance and reliability. UPDATE
Bulk Audits for Assets: Introduced the ability to perform bulk audits on assets, allowing users to efficiently manage and review multiple assets simultaneously. NEW
Linear Regression Based Suggestions: Implemented linear regression analysis to provide intelligent suggestions and predictions. NEW
Improved Stability: Made several under-the-hood improvements to enhance the overall stability of the system. UPDATE
Monthly risk trend line: Introduced a monthly risk trend line to help track and visualise risk changes over time. NEW
Recommendations: Added a recommendation feature to provide actionable insights and suggestions for risk mitigation. NEW
Importers for Hadolint and Dependency Track: New importers have been added to support Hadolint and Dependency-Track, enabling seamless integration and data import. NEW
Filters for findings: Implemented filters for findings by product and asset tags, making it easier to narrow and focus on specific areas of interest. NEW
New/Fixed Counters per Asset and Scanner: The audit view now includes updated counters for each asset and scanner, providing more accurate and detailed insights. UPDATE
Customizable Dashboard Metrics: Easily customize your dashboard with metrics for different products, product types, products with tags, and more. NEW
New Dashboard: Introducing a new dashboard for better user experience and enhanced data visualization. UPDATE
Cloud Account as an Asset Type: Now supports cloud accounts (AWS, GCP, Azure) as asset types. Scanning these accounts is now straightforward and well-documented. NEW
Asset Transfer Between Products: You can now transfer assets between products along with their findings. This means that if you change the product, all issues will remain consistent per repository, domain, host, and cloud account. NEW
New Screen for Assets: Added a new screen to manage assets more effectively. NEW
Even More Stability: Implemented further improvements to enhance the stability of the system. UPDATE
Minor Bug Fixes: Addressed various minor bugs and issues. UPDATE
Groups functionality : You can now create your own groups and filter your findings by these groups NEW
Jira issues to reports: Reports now include issue information from Jira NEW
PHPCodeSniffer importer: An importer for PHPCodeSniffer has been added NEW
Improved automation processes UPDATE
Copy button for Auditor jobs: Added Copy button for Auditor jobs NEW
Tag management screen: Added tag management screen NEW
Backend performance: Enhanced backend performance for a faster system operation. UPDATE
Concurrency setting for db_helper: Added concurrency settings for the db_helper to optimise database queries when dealing with large datasets or concurrent requests. NEW
Advanced filtering options: Users can now filter finds using the new Automation parameter, which includes auto-resolve by scanner settings, auto-verify and auto-reject by rule, affected by CVSS rule. This allows you to monitor and analyse your discoveries in more detail. NEW
Jira due date: Added support for setting Jira due date, providing more flexibility in task management. NEW
Bugfix and performance improvement: Addressed issues related to load handling, ensuring smoother performance under varying workloads. UPDATE
Notifications Webhook Feature: Get notified about results that match specific filters. NEW
Role search: Search role with the addition of search by title functionality. NEW
Improved CVSS 3.1 integration: We've updated our scoring system to use environment scores instead of base scores for CVSS 3.1. NEW
Bug Squashing:We've addressed several minor bugs to ensure a smoother user experience. UPDATE
Automatic Product Selection: Simplify scheduling by letting tags do the work for you. NEW
Jira Components: Integrate seamlessly with Jira for better project management. NEW
Bulk Jira Issues Link: Save time by linking multiple Jira issues at once. NEW
CVSS: We've added support for Common Vulnerability Scoring System (CVSS) to provide more comprehensive vulnerability assessment. Now, you can better understand the severity of vulnerabilities and prioritize your remediation efforts effectively. NEW
Product Business Criticality Filter: Introducing a new filter option that allows you to streamline your findings based on product business criticality. Easily identify and focus on vulnerabilities impacting your most crucial business assets, enabling you to mitigate risks efficiently. UPDATE
Bug Fixes: We've squashed some minor bugs to ensure smoother functionality and a more seamless user experience. UPDATE
Bug Fixes and Hotfixes: This release includes updates addressing various bugs and implementing necessary hotfixes to enhance the overall stability and performance of the system. UPDATE
SSO Roles Mapping: Easily configure Single Sign-On (SSO) roles mapping for seamless role alignment with external identity providers NEW
Django Admin Panel Access: Grant customized access to the Django admin panel for specified users, enhancing administrative control NEW
Product Filter Enhancement: Improved usability with an updated interface for product filtersUPDATE
Multiple Subgroups Support in Repositories: Now supports multiple subgroups within repositories for a more comprehensive organizational structureUPDATE
Customizable Basic Deduplication Criteria: Introducing the ability to customize basic deduplication criteria for more precise and tailored results NEW
Preservation of Dot Symbol in filepath: Dot symbols at the beginning of filepaths are now preserved, maintaining file reference integrityUPDATE
UI Flag for Archived Repositories: Added a new UI flag to indicate archived repositories on the import screen, streamlining repository management. NEW
Load optimization
Added reject status for jira
Deduplicator fixed for assets
Reworked product filter by tags
Added affected products for repo url configs
Added token auth for endpoints
Added loading repos from gitlab and github
Repository link logic optimization
UI improvements (for assets in general)
New finding fields (repository, docker image, domain, host)
Assets are passed to report generator
Reworked assets and git repo url
Auditor integrations
Findings file path fixed
Assign tags fixed
Added finding filters by product and product type
Added new fields for sso configurations
Improved sso error handling
Reworked bulk actions
Added branch for findings
Added downloading risk overview in .csv
Importer fix
Added SSO integrations
Added prowler importer
Minor bug fixes
Added report generation
Added global rules for Auto Validator and Deduplicator
Added new scanners: - GitLab Gemnasium - GitLab KICS - GitLab Gitleaks - GitLab OWASP Zap
- GitLab Bandit - GitLab ESLint - GitLab Semgrep
Added possibility to specify jira issue types
Added jira priority-severity mapping
Added jira status mapping
Added possibility to reopen a resolved finding
Added new functionality to the scanner settings: Findings Grouping
Fixed incorrect work of basic deduplicator and autocloser with dependency and url fields
Resolved an issue where products were being erroneously created with default settings in the common product type, even when the user lacked access to this specific product type.
Addressed the problem with case-sensitive fields in severity mapping.
jwt token expiration date moved from the body to cookies.
Added slicing to metrics.
Resolved the issue causing a bug related to product deletion
RBAC Support:
Role-Based Access Control (RBAC) is now supported, providing improved user management and access control.
A new "Users and Roles" tab has been added, allowing easy management of users and roles within the portal.
Affected Products field in Auto Validator and Deduplicator rules:
Auto Validator and Deduplicator rules now include an "Affected Products" field.
Users can associate specific products with rules, granting greater flexibility and customization.
Role-based permissions control user interactions with rules based on product availability:
Rule are hidden, if it has no available products for the user.
Rule are viewable and product association management allowed if at least one product in this rule is available for the user, but rule editing is restricted.
Full control granted if all products in a rule are available for the user.
Tag support for products:
Tags can now be added to products from the product's "Options" page, allowing for better organization and categorization of application assets.
New filters on "Product" page:
Two new filters, "Tags" and "Not tags," have been introduced on the "Product" page. These filters enable easy searching and filtering of products based on assigned tags, streamlining navigation and management.
AWS Security Hub importer:
We are excited to introduce the new AWS Security Hub importer, seamlessly integrating your AWS security ecosystem with the AppSec Portal.
Import security findings from AWS Security Hub directly into the portal, enhancing your vulnerability management process.
Enhanced SLA violation filtering:
The "SLA Violated" filter has been enhanced to allow filtering findings based on the type of SLA violation.
You can now filter findings by Verification SLA violated, Assign SLA violated, or Resolve SLA violated.
Auto Validator and Deduplicator enhancements:
The Auto Validator rules now supports searching findings based on specified values in the Vulnerable URL, Dependency fields and by Import Source (internal or external at your option).
Deduplicator rules have been enhanced with new criteria to determine the equality of original and duplicate findings — "Same dependency" and "Same vulnerable URL".
Additionally, Deduplicator rules now offer the ability to search findings for specified values in the Vulnerable URL, Dependency fields, and by Import Source, with the option to choose internal or external finding’s sources.
Added symkey deletion via
Changed entrypoint number of threads
Resolved the issue causing a bug related to product deletion
Metrics added
Added possibility to add scanner reports via UI
Nuclei importer updated
The maximum allowable length for the description in a search result has been increased to 3000 characters.
Introducing the new "Scanners" page with enhanced functionality:
Added settings for each scanner:
including the auto-closer feature for previously identified findings that are not present in new scanner reports.
implemented a custom Jira description feature for more readable scanner descriptions.
Introduced a custom severity mapping feature for mapping severity types specific to each scanner.
Additionally, the following new features have been implemented:
"Finding" view now includes the ability to insert and delete images in findings, which can be exported to corresponding Jira tasks.
New product settings features:
Added ability to set product-related tags and push those tags to the corresponding Jira tasks.
Added a toggle button to push the product title to Jira task labels.
Other changes and improvements include:
Added a health check for the back container.
Transitioned from using fixtures to migrations.
Implemented various minor bug fixes.
Implemented minor bug fixes to address various issues.
Deployed a hotfix to resolve the Jira authentication issue within the product WRT (Web-based Reporting Tool).
Added WRT history for every product with updates every 24 hours.
Bug hotfixes and minor improvements.
Added toggle button "delete tasks for rejected findings" in Jira integration page.