🗒️Release notes
release_v24.10.1 (latest)
Improved version control systems integration: delayed comments, deletion of previous comments, including findings from other branches in pull requests
UPDATE
Some notifications now include user information
UPDATE
Small fixes in importers
UPDATE
release_v24.09.1
Webhook based integration with GitHub and GitLab: push events trigger scans, merge requests trigger comments
NEW
Reworked Assets table in product
UPDATE
Added configuration of default job sequence
NEW
Improved Job list in Auditor settings
UPDATE
Minor UI bug fixes
UPDATE
release_v24.08.4
Date Selection for Temporarily Accepted Findings: Introduced a date select feature for temporarily accepted findings, allowing users to specify a review date.
NEW
Russian Portal Translation: The portal is now available in Russian.
NEW
Added Assets to Jira Issue Descriptions: Improved Jira integration by automatically including relevant assets in the issue description.
NEW
Improved Swagger: Updated and improved Swagger documentation, making it easier for developers to understand and use the API.
UPDATE
Bugfix: Products were not visible on validation rule creation screen
UPDATE
Bugfix: Filtering by tags resulted in duplicate products
UPDATE
Bugfix: Wrong triage status after re-verifying a result
UPDATE
release_v24.08.3
Status event notifications: Now include findings IDs
NEW
CWE Filter: Displays total number of findings per CWE
NEW
Added Days Accepted for Temporary Risk Accepted Findings
NEW
Added asset creation for the Asset Audit endpoint: The Assets Audit Endpoint has been enhanced with the ability to create assets, streamlining asset management within the audit process.
NEW
Notifications: Now use application/json content type
NEW
Select different triage statuses for top CWE recommendations
NEW
Added integrations to Patch Request for Findings endpoint
NEW
release_v24.08.2
Custom field for findings and basic deduplication: Introduced the ability to add custom fields to findings, along with basic deduplication functionality.
NEW
SSL configuration for notifications: Added SSL configuration options for notifications, improving the security and reliability of notification delivery.
UPDATE
Minor bug fixes: Various minor issues have been addressed to improve system stability and performance.
UPDATE
release_v24.08.1
New statuses: Introduced new statuses (Temporarily Risk Accepted, Permanently Risk Accepted) to better categorise and manage risk acceptance in findings.
NEW
Autovalidator actions for new findings statuses: Added autovalidator actions to handle the newly introduced issue statuses.
NEW
Jira Issue Status Mappings for New Issue Statuses: Implemented mappings for Jira issue statuses to reflect the new issue statuses.
NEW
Configurable Two-Way Binding for Jira Issue Statuses: Enabled configurable two-way binding for Jira issue statuses.
NEW
Status change event added for notifications: Added a status change event to trigger notifications to keep users informed of any changes to issue statuses.
NEW
Enhanced findings automation filters: Improved findings automation filters.
UPDATE
Minor bug fixes: Various minor bugs have been addressed to improve overall system performance and reliability.
UPDATE
release_v24.07.3
Added support for Common Weakness Enumeration (CWE): Allows users to focus on the most common security issues.
NEW
Refactored importers to support CWE: Importers have been refactored to include CWE support, allowing for more comprehensive and detailed analysis of security issues.
NEW
Added preview of assets and products for selected findings: Added the ability to preview assets and products associated with selected findings, providing a clearer understanding of the impact and context of each issue.
NEW
Organisation removed from repository URL configuration: Simplified repository URL configuration by removing the organisation parameter. The portal can now automatically retrieve most information from the repository asset, streamlining setup and configuration.
UPDATE
Minor bug fixes: Various minor bugs have been addressed to improve overall system performance and reliability.
UPDATE
release_v24.07.2
UI improvements: Made several improvements to the user interface for a more intuitive and user-friendly experience.
UPDATE
Jira Webhooks Improvements: Improved integration with Jira webhooks for more reliable and efficient issue tracking and management.
UPDATE
CVSS Rules in Admin Interface: Added the ability to manage Common Vulnerability Scoring System (CVSS) rules directly in the admin interface for easier configuration and updates.
NEW
Stability improvements: Audit schedules are now more stable
UPDATE
Bug fixes: Various minor bugs have been addressed to improve overall system performance and reliability.
UPDATE
Maintenance Some microservices removed: Some microservices have been removed from the system.
UPDATE
release_v24.07.1
Grouping feature for Auto Validator: A new grouping feature has been added to the Auto Validator, allowing users to organise and categorise validation results more efficiently.
NEW
Minor bugfixes
UPDATE
release_v24.06.3.1
Minor bugfixes
UPDATE
release_v24.06.3
Select Items Using Shift Key: Added the ability to select multiple items using the Shift key.
NEW
Nessus Importer: Introduced a new Nessus importer feature, enabling seamless integration with Nessus for importing and managing vulnerability data.
NEW
UI Improvements: Made several enhancements to the user interface for a more intuitive and user-friendly experience.
UPDATE
Minor Fixes: Addressed various minor bugs to improve system performance and reliability.
UPDATE
release_v24.06.2
Bulk Audits for Assets: Introduced the ability to perform bulk audits on assets, allowing users to efficiently manage and review multiple assets simultaneously.
NEW
Linear Regression Based Suggestions: Implemented linear regression analysis to provide intelligent suggestions and predictions.
NEW
Improved Stability: Made several under-the-hood improvements to enhance the overall stability of the system.
UPDATE
release_v24.06.1
Monthly risk trend line: Introduced a monthly risk trend line to help track and visualise risk changes over time.
NEW
Recommendations: Added a recommendation feature to provide actionable insights and suggestions for risk mitigation.
NEW
Importers for Hadolint and Dependency Track: New importers have been added to support Hadolint and Dependency-Track, enabling seamless integration and data import.
NEW
Filters for findings: Implemented filters for findings by product and asset tags, making it easier to narrow and focus on specific areas of interest.
NEW
release_v24.05.1
New/Fixed Counters per Asset and Scanner: The audit view now includes updated counters for each asset and scanner, providing more accurate and detailed insights.
UPDATE
Customizable Dashboard Metrics: Easily customize your dashboard with metrics for different products, product types, products with tags, and more.
NEW
New Dashboard: Introducing a new dashboard for better user experience and enhanced data visualization.
UPDATE
Cloud Account as an Asset Type: Now supports cloud accounts (AWS, GCP, Azure) as asset types. Scanning these accounts is now straightforward and well-documented.
NEW
Asset Transfer Between Products: You can now transfer assets between products along with their findings. This means that if you change the product, all issues will remain consistent per repository, domain, host, and cloud account.
NEW
release_v24.04.1
New Screen for Assets: Added a new screen to manage assets more effectively.
NEW
Even More Stability: Implemented further improvements to enhance the stability of the system.
UPDATE
Minor Bug Fixes: Addressed various minor bugs and issues.
UPDATE
release_v24.03.3
Groups functionality : You can now create your own groups and filter your findings by these groups
NEW
Jira issues to reports: Reports now include issue information from Jira
NEW
PHPCodeSniffer importer: An importer for PHPCodeSniffer has been added
NEW
Improved automation processes
UPDATE
Copy button for Auditor jobs: Added Copy button for Auditor jobs
NEW
Tag management screen: Added tag management screen
NEW
release_v24.03.2
Backend performance: Enhanced backend performance for a faster system operation.
UPDATE
Concurrency setting for db_helper: Added concurrency settings for the db_helper to optimise database queries when dealing with large datasets or concurrent requests.
NEW
release_v24.03.1
Advanced filtering options: Users can now filter finds using the new Automation parameter, which includes auto-resolve by scanner settings, auto-verify and auto-reject by rule, affected by CVSS rule. This allows you to monitor and analyse your discoveries in more detail.
NEW
Jira due date: Added support for setting Jira due date, providing more flexibility in task management.
NEW
Bugfix and performance improvement: Addressed issues related to load handling, ensuring smoother performance under varying workloads.
UPDATE
release_v24.02.3
Notifications Webhook Feature: Get notified about results that match specific filters.
NEW
Role search: Search role with the addition of search by title functionality.
NEW
Improved CVSS 3.1 integration: We've updated our scoring system to use environment scores instead of base scores for CVSS 3.1.
NEW
Bug Squashing:We've addressed several minor bugs to ensure a smoother user experience.
UPDATE
release_v24.02.2
Automatic Product Selection: Simplify scheduling by letting tags do the work for you.
NEW
Jira Components: Integrate seamlessly with Jira for better project management.
NEW
Bulk Jira Issues Link: Save time by linking multiple Jira issues at once.
NEW
release_v24.02.1
CVSS: We've added support for Common Vulnerability Scoring System (CVSS) to provide more comprehensive vulnerability assessment. Now, you can better understand the severity of vulnerabilities and prioritize your remediation efforts effectively.
NEW
Product Business Criticality Filter: Introducing a new filter option that allows you to streamline your findings based on product business criticality. Easily identify and focus on vulnerabilities impacting your most crucial business assets, enabling you to mitigate risks efficiently.
UPDATE
Bug Fixes: We've squashed some minor bugs to ensure smoother functionality and a more seamless user experience.
UPDATE
release_v24.01.1.1
Bug Fixes and Hotfixes: This release includes updates addressing various bugs and implementing necessary hotfixes to enhance the overall stability and performance of the system.
UPDATE
release_v24.01.1
SSO Roles Mapping: Easily configure Single Sign-On (SSO) roles mapping for seamless role alignment with external identity providers
NEW
Django Admin Panel Access: Grant customized access to the Django admin panel for specified users, enhancing administrative control
NEW
Product Filter Enhancement: Improved usability with an updated interface for product filters
UPDATE
Multiple Subgroups Support in Repositories: Now supports multiple subgroups within repositories for a more comprehensive organizational structure
UPDATE
Customizable Basic Deduplication Criteria: Introducing the ability to customize basic deduplication criteria for more precise and tailored results
NEW
Preservation of Dot Symbol in filepath: Dot symbols at the beginning of filepaths are now preserved, maintaining file reference integrity
UPDATE
UI Flag for Archived Repositories: Added a new UI flag to indicate archived repositories on the import screen, streamlining repository management.
NEW
release_v23.12.4
Load optimization
Added reject status for jira
Deduplicator fixed for assets
Reworked product filter by tags
release_v23.12.3
Added affected products for repo url configs
Added token auth for endpoints
Added loading repos from gitlab and github
release_v23.12.2
Repository link logic optimization
UI improvements (for assets in general)
New finding fields (repository, docker image, domain, host)
Assets are passed to report generator
release_v23.12.1
Reworked assets and git repo url
release_v23.11.1
Auditor integrations
Findings file path fixed
Assign tags fixed
Added finding filters by product and product type
release_v23.10.1
Added new fields for sso configurations
Improved sso error handling
Reworked bulk actions
Added branch for findings
Added downloading risk overview in .csv
Importer fix
release_v23.09.2
Added SSO integrations
Added prowler importer
Minor bug fixes
release_v23.09.1
Added report generation
release_v23.08.3
Added global rules for Auto Validator and Deduplicator
Added new scanners: - GitLab Gemnasium - GitLab KICS - GitLab Gitleaks - GitLab OWASP Zap
- GitLab Bandit - GitLab ESLint - GitLab Semgrep
release_v23.08.2
Added possibility to specify jira issue types
Added jira priority-severity mapping
Added jira status mapping
Added possibility to reopen a resolved finding
release_v23.08.1
Added new functionality to the scanner settings: Findings Grouping
Fixed incorrect work of basic deduplicator and autocloser with dependency and url fields
release_v23.07.2
Resolved an issue where products were being erroneously created with default settings in the common product type, even when the user lacked access to this specific product type.
Addressed the problem with case-sensitive fields in severity mapping.
jwt token expiration date moved from the body to cookies.
Added slicing to metrics.
release_v23.07.1
Resolved the issue causing a bug related to product deletion
release_v23.06.2
RBAC Support:
Role-Based Access Control (RBAC) is now supported, providing improved user management and access control.
A new "Users and Roles" tab has been added, allowing easy management of users and roles within the portal.
Affected Products field in Auto Validator and Deduplicator rules:
Auto Validator and Deduplicator rules now include an "Affected Products" field.
Users can associate specific products with rules, granting greater flexibility and customization.
Role-based permissions control user interactions with rules based on product availability:
Rule are hidden, if it has no available products for the user.
Rule are viewable and product association management allowed if at least one product in this rule is available for the user, but rule editing is restricted.
Full control granted if all products in a rule are available for the user.
Tag support for products:
Tags can now be added to products from the product's "Options" page, allowing for better organization and categorization of application assets.
New filters on "Product" page:
Two new filters, "Tags" and "Not tags," have been introduced on the "Product" page. These filters enable easy searching and filtering of products based on assigned tags, streamlining navigation and management.
AWS Security Hub importer:
We are excited to introduce the new AWS Security Hub importer, seamlessly integrating your AWS security ecosystem with the AppSec Portal.
Import security findings from AWS Security Hub directly into the portal, enhancing your vulnerability management process.
Enhanced SLA violation filtering:
The "SLA Violated" filter has been enhanced to allow filtering findings based on the type of SLA violation.
You can now filter findings by Verification SLA violated, Assign SLA violated, or Resolve SLA violated.
Auto Validator and Deduplicator enhancements:
The Auto Validator rules now supports searching findings based on specified values in the Vulnerable URL, Dependency fields and by Import Source (internal or external at your option).
Deduplicator rules have been enhanced with new criteria to determine the equality of original and duplicate findings — "Same dependency" and "Same vulnerable URL".
Additionally, Deduplicator rules now offer the ability to search findings for specified values in the Vulnerable URL, Dependency fields, and by Import Source, with the option to choose internal or external finding’s sources.
release_v23.06.1
Added symkey deletion via
Changed entrypoint number of threads
release_v23.05.3
Resolved the issue causing a bug related to product deletion
release_v23.05.2
Metrics added
Added possibility to add scanner reports via UI
Nuclei importer updated
The maximum allowable length for the description in a search result has been increased to 3000 characters.
Realease_v23.05.1
Introducing the new "Scanners" page with enhanced functionality:
Added settings for each scanner:
including the auto-closer feature for previously identified findings that are not present in new scanner reports.
implemented a custom Jira description feature for more readable scanner descriptions.
Introduced a custom severity mapping feature for mapping severity types specific to each scanner.
Additionally, the following new features have been implemented:
"Finding" view now includes the ability to insert and delete images in findings, which can be exported to corresponding Jira tasks.
New product settings features:
Added ability to set product-related tags and push those tags to the corresponding Jira tasks.
Added a toggle button to push the product title to Jira task labels.
Other changes and improvements include:
Added a health check for the back container.
Transitioned from using fixtures to migrations.
Implemented various minor bug fixes.
release_v23.04.5
Implemented minor bug fixes to address various issues.
release_v23.04.4
Deployed a hotfix to resolve the Jira authentication issue within the product WRT (Web-based Reporting Tool).
release_v23.04.3
Added WRT history for every product with updates every 24 hours.
Bug hotfixes and minor improvements.
Added toggle button "delete tasks for rejected findings" in Jira integration page.
Last updated