Invicti AppSec release notes

This document highlights the new features, improvements, and fixed issues introduced in Invicti AppSec across recent releases. Each update focuses on enhancing usability, security coverage, and integration capabilities for security teams.

2026​

This section summarizes all releases, features, improvements, and fixes for 2026 as they're added.

Release v1.110​

Release date: 27 February 2026

New features​

• A Product column has been added to the Vulnerability Database, improving visibility and classification capabilities.
• A Start Scan option has been added to Accunetix 360. It is now configurable whether to initiate scans directly from the platform or only retrieve existing scan results.
• A Group by Issue toggle has been introduced for fAST Static and fAST SCA. Users can now modify the deduplication behavior and control how vulnerabilities are grouped.
• Deeplink support has been added for Semgrep Enterprise.

Improvements​

• An Export feature has been added to the Calendar page. Additionally, performance and visual improvements have been implemented. The Calendar page now provides more detailed feedback to users.
• Pagination has been added to the AppSec Duplicates pages. As a result, results are now returned significantly faster compared to the previous list view.
• New fields have been added to Custom Integrations to support extended configuration capabilities.
• Vulnerability data details for the Invicti Platform have been enhanced to provide more comprehensive information.
• The hash mechanism used for SCA vulnerabilities has been improved to enhance consistency and accuracy.
• Pagination has been added to the Roles page. In addition, Search and Filtering capabilities have been implemented, enabling easier navigation and management in organizations with a large number of roles.
• Missing filters in Workflows have been completed. Conditions have been added to filters where the “Doesn’t Contain” operator was previously unavailable.
• Formatting improvements have been applied to Policies and Automation Rules to ensure a more consistent and structured configuration experience.
• Visual improvements have been applied to the Vulnerability Database. Width and overlap issues have been resolved to enhance layout consistency and readability.

Bug fixes​

• Background adjustments have been implemented in Dark Mode to improve visibility in areas where contrast was previously insufficient.
• Page freezing issues experienced during filter selection within Infrastructure have been resolved, resulting in improved performance and responsiveness.
• An issue affecting Code Snippets in SARIF reports has been resolved.
• A duplicate issue problem within Correlation Assistant has been fixed.
• Deduplication issue specific to Coverity has been resolved.
• Issues impacting Vulnerability Summary metrics on Infrastructure Dashboards have been fixed.
• Mapping issues identified in Seeker IAST have been resolved.
• An issue where the Per Page filter was reset after the Scan Queue refreshed has been fixed.

Release v1.109​

Release date: 27 January 2026

New features​

• An Assign To option has been added to Issue Criteria rules, allowing rules to be activated for specific users only.
• Qwietᴬᴵ SAST integration is now available.
• A native integration for JFrog SCA is now available. Previously, this integration was supported only via import..

Improvements​

• The performance of Dependency Check when using an NVD Token has been improved. To further enhance performance, the Use Cache option is now enabled by default.
• The AI models available in Pentest AI selection have been reorganized. The model used for Google Gemini has been updated.
• System filters have been updated. In addition to adding missing filters, several existing filters have been improved.
• The Sysdig integration has been refactored. Hash calculation algorithms have been updated.
• The algorithm used to fetch branches in GitHub Enterprise has been improved. By retrieving data in larger batches, rate limit issues have been mitigated.
• The SBOM endpoint in API v3 now operates only on projects that the token owner has permission to access.
• Mapping algorithms for CSPM scanners have been enhanced.
• Reachability Analysis has been introduced for the OSV Scanner, along with the addition of License Extraction support.
• Search algorithms on GitLab have been improved.

Bug fixes​

• Alignment issues in the Descriptions of Invicti vulnerabilities have been fixed.
• An issue where the AWS Inspector region was not displayed correctly has been fixed.
• An issue preventing Automation Rules from being saved when the save button was clicked multiple times during creation has been fixed.
• An issue where emails were sent to users not included in the recipient list has been fixed.
• An issue causing Asset Management list pagination to break active asset filters when Per Page was set to 30 or higher has been fixed.
• Vulnerability filtering issues in Group View have been resolved, where excluded flags (such as CVSS > 5) were still displayed.
• The scan execution flow has been improved to prevent scans from remaining stuck in the Analyze phase after reaching the configured maximum scan duration.
• An Out of Memory issue in the Calendar view has been fixed. Additionally, scan duration values in exported scan CSV files have been corrected to match the data shown on the dashboard.
• An issue where deduplicated Qualys scans appeared during configuration but did not execute or appear in scan lists has been fixed.
• An issue related to the data structure of the Project ID in Coverity has been fixed.

2025​

This section summarizes all releases, features, improvements, and fixes for 2025 as they're added.

Release v1.108​

Release date: 15 December 2025

New features​

• Dark Theme is now available.
• Dependency-Track integration is now available.
• Opengrep integration is now available.
• Export action is now available on the Scans page.

Improvements​

• Info header added to the API Endpoints Page. It shows Total Endpoint Count & Details with Vulnerability Counts.
• Insecure option is added to the CISA KEV + EPSS Integration.
• App Password is replaced by API Tokens in Bitbucket Integration.
• SCA Deduplication Flow has been improved.
• Import Support is now available for Sonatype.

Bug Fixes​

• An issue causing incorrect vulnerability limitations for Wiz has been fixed.
• Issues with Jira Issue Type requests on the Issue Assignment page have been fixed.
• An issue where scans were dropped from the Calendar has been fixed.
• The 4me Test Connection endpoint issue has been fixed.

Release v1.107​

Release date: 10 November 2025

New features​

• Customizable Jira issue templates for Enterprise users
• Automation Rule cloning with “Copy of” prefix
• Fixed Packages field in custom SCA integrations
• Webhooks to push audit log events externally in real time
• Flagging API to manage and retrieve vulnerability flags in bulk
• API v2 endpoints to set and retrieve True Positive requests by vulnerability
• API v2 endpoints to list and bulk update vulnerability flags
• Retest option for Acunetix 360 integration
• Retest scan support for Invicti Platform integration
• Branch field in issue body for issue managers
• CLI support for adding labels to projects
• Option to pull all vulnerabilities from HackerOne
• Custom fields for Azure DevOps Server issue manager
• Target image and project fields in vulnerability table views

Improvements​

• Posted vuln summary as PR comment instead of overwriting description.
• Improved route discovery accuracy from source code.

Bug Fixes​

• Made scan parameter deletion synchronous to fix error handling issues.
• Fixed issue assignment bug where vulnerabilities from similar components were grouped into one ticket.
• Fixed Rapid7 scan start and project search.
• Fixed issue with project update API not saving source field.
• Fixed missing Business Criticality field in project APIs.
• Fixed issue causing empty results in Dependency-Check scans.
• Fixed missing separator between Kondukto Link and DeepLink in issues.
• Fixed branch retention hierarchy to prioritize project-level rules correctly.
• Fixed Semgrep data mismatch in ASPM.
• Fixed blank detail issue in Severity update automation rule.
• Fixed 4me assignment bug.
• Fixed Checkmarx KDT scans without projectId.

Release v1.106​

Release date: 24 September 2025

New features​

• Added Invicti Unified Platform integration with support for project listing, profiles, and scan creation.
• Added Mend SAST integration with project retrieval and scan support
• Added Azure OpenAI support as a new LLM provider.
• Added source code–based API endpoint discovery with SAST linkage.
• Added CVSS Vector field to optional parameters in issue assignment settings.
• Added ability to link vulnerabilities to existing issues at product and global levels (previously only available at project level).

Improvements​

• Added meta titles across all pages
• Updated design of sidebar and login page.
• Removed direct dependency restriction from services.
• Switched Threat Intelligence sync from Redis to NATS.
• Added event status checks for rescan.
• Added support for building custom Kubernetes
• Improved SBOM Radar service performance.
• Improved Sysdig integration to avoid duplicate vulnerabilities.
• Changed KDT scanner mappings to use IDs.
• Simplified license data handling in container services.
• Replaced Redis with NATS for Threat Intelligence sync communication.
• Added new fields to Semgrep SAST vulnerabilities
• Added CVSS Vector field to optional parameters in issue assignment settings.
• Added Confirmed field to vulnerability models and synced it to Jira as a label

Bug Fixes​

• Fixed SonarQube scan failures caused by incorrect project ID handling.
• Fixed issue where long vulnerability names were not fully visible or editable in the UI.
• Fixed missing API endpoint filter on the Scan Vulnerability page.
• Fixed Mend API authentication and updated integration configuration defaults.
• Fixed Amazon Inspector integration issues.
• Fixed Fortify suppression and vulnerability visibility issues.

Release v1.105​

Release date: 26 August 2025

New features​

• Automated Branch Deletion is now available. Previously, merged or deleted branches could be removed from Kondukto using the Sync Branches button. With the new design, branches outside the defined set are now automatically deleted from the system if no new scans are received within the specified number of days. Organization-wide default branches (e.g., master, main, develop, release) can be defined so that they are preserved even if they do not receive scans during freeze periods.
• fAST and fSCA integrations introduced with BlackDuck’s new Polaris Platform are now available.
• Bulk cancellation of scans is now available on the Scans Queue page.

Improvements​

• An Opened By filter was added to issue details. When an automation rule is triggered, Opened By is displayed as Kondukto Automation.
• The Vulnerability Details section UI was improved to enhance visual readability.
• A Suppressed With Empty Description filter was added for the Won’t Fix, False Positive, and Risk Accepted vulnerabilities. As a result, items without a description that are marked as RA, FP, or Won’t Fix can now be filtered.
• The Bulk Schedule Scan action on the Asset Management page has been enhanced. Previously, scans could only be scheduled; now, the RRule of an already scheduled scan can be modified.
• The in use and has fix filters were added for Sysdig.
• Redis performance was improved

Bug Fixes​

• All panic errors occurring in AWS Inspector scans have been resolved.
• The issue of the ampersand character in team names from Okta not being supported has been fixed.
• The miscalculation of the average in the Score Snapshot graph has been corrected.
• Errors encountered while creating Scan Parameters via KDT on Checkmarx One AST have been resolved.
• Errors from Semgrep CE when adding Semgrep Rule Repos through Azure have been fixed.
• The issue of the ID being shown instead of the name of the Default Preset in Checkmarx has been fixed.
• The issue of results not appearing in listings when there was an exact match has been fixed.
• The absence of Risk Accepted filters in the Get Vulnerabilities endpoint has been fixed.
• The problem of the IP address appearing in the Deeplink for the Coverity Server has been fixed by implementing CID.

Release v1.104​

Release date: 14 July 2025

New features​

• Added Scan Tag field to associate and filter custom tags in scans, webhooks, and issue managers.
• Added License Risk condition support for SBOM-based workflow rules and count filters.
• Added Issue Kind support for Coverity scans with filtering and automation.
• Added AI-powered Pentest PDF Import feature with file upload, analysis tracking, and vulnerability import support.
• Added support for grouping vulnerabilities from multiple projects into a single issue.
• Added Gemini and Mistral AI integrations with token-based authentication and UI support.
• Added Dependency Name field to SCA issue bodies

Improvements​

• Masked tokens and passwords in integrations with proper validation warnings
• Added password strength indicator to user creation, edit, and change password views
• Improved completed scans page performance by separating count and data requests
• Projects page now remembers selected sort options in both gallery and list views.
• Added search box to the role permissions list for easier navigation.
• Added event deduplication to prevent duplicate entries in the scans queue.
• Added report check before Docker exit status validation.

Bug Fixes​

• Fixed broken filters on Product Scans page for project, scanner, and scan type selections.
• Fixed APIv2 vulnerabilities endpoint performance and increased page limit.
• Fixed issues with suppression filters not working as expected.
• Fixed Product Score Snapshot to show average risk score instead of total.
• Fixed PrismaCloud CS scan list display and selection issues in the UI.
• Fixed cloud filter issue in Amazon Security Hub CSPM integration.
• Fixed missing or incorrect tool summary display when 'All Branches' is selected.
• Fixed Start Scan field not saving in Checkmarx One SCA parameters.
• Fixed project creation issue when multiple Azure Repo ALM instances exist.

Release v1.103​

Release date: 16 June 2025

New features​

• Added support for .context file usage in OWASP ZAP Headless scans for authenticated testing.
• Added filtering by ALM and Issue Tracker instances on the Asset Management page.
• Added OpenAI integration under AI Tools, allowing users to test the connection and select a default model using their API key.
• Added the ability to select roles as recipients when configuring email alerts in project settings.
• Added Add Infra Group as a bulk action on the Asset Management page to assign infrastructure groups to multiple projects.
• Added integration for Crowdstrike CSPM under cloud security scanners.
• Added Crowdstrike Infra integration with project listing and scan support.
• Added Salt Security integration with scan and host listing support.
• Added an option to delete SBOM components and related vulnerabilities.
• Added VPR score support for Nessus findings in filters, rules, and exports.

Improvements​

• Enhanced login error messages to clearly inform users in case of network connectivity issues.
• Projects page now remembers the user’s selected view mode and pagination settings between sessions.
• Added additional filter options to Workflow Filters.
• UI version is now sourced from an environment variable instead of Git metadata.

Bug Fixes​

• Fixed Infra Group filter search in Workflow Actions.

Release v1.102​

Release date: 12 May 2025

New features​

• Added a new comparison report that allows using customizable templates to compare projects, products, business units, and teams.
• Added Global Vulnerability Filter to apply a pre-defined filter across all projects and products for AppSec and Infra findings.
• Added "Fixed Packages is not empty" as a new filter for Issue Assignment Automation Rules, allowing tickets to be created only for vulnerabilities that have known fixes.
• Added support for creating, editing, and deleting custom email notification templates for Enterprise customers. Default templates are now editable and reusable in automation rules.
• Added Coverity On-Prem integration as a new SAST scanner, including project listing, scan configuration, and connection testing support.
• Added two new permissions for custom roles: Edit User Roles and Sync ALM Projects/Branches.
• Added support for mapping SCA and Container Security findings with CNAPP tools (Sysdig) data to detect deployed vulnerabilities and trigger automation rules.
• Added Select All option on the Assets Management page to apply actions across all pages, including support for exclusions.
• Added Cycurfuzz support under the new Fuzzing category with KDT-based JSON/HTML report import capability.
• Added Crowdstrike CS integration as a new Container Security (CS) scanner, including image binding, scan configuration, and test connection support.
• Added option to run scheduled scans on default branches of multiple projects from the Assets Management page.
• Added a scheduled service to automatically close issues in the issue manager if the corresponding vulnerabilities are marked as Closed in Invicti ASPM.

Improvements​

• Improved AKTO integration to prioritize scan results over Swagger imports.
• Made columns on the Assets Management page resizable for better usability.
• Vulnerabilities from DAST, API Security, and Pentest scans are now auto-mapped to updated endpoints. Clicking counts redirects to the related vulnerability list.
• Added Code Flow section for CodeQL findings in the vulnerability details view.
• Selected item count is now shown on vulnerability tables, similar to the asset management page.
• Updated SonarQube integration to allow manual selection of the system edition (Community, Developer, Enterprise) during scanner setup.

Bug fixes​

• Fixed an issue where the Teams tab wasn't visible on the user screen for roles without the appropriate permission.
• Fixed an issue where the ALM sync button was visible to users without proper sync permissions.
• Addressed permission issues in SonarQube integration by reintroducing required admin-level access for branch scanning support.
• Fixed an issue preventing Tenable.sc scans from being triggered in newly created projects.
• Fixed an issue with directory creation for the comparison report template.

Release v1.101​

Release date: 12 March 2025

New features​

• The "Exploitable" filter is now available in the Vulnerability Table, Automation Rules, and Highlighted Vulnerabilities sections, enhancing visibility and prioritization of exploitable risks.
• Automated Labeling and Notification Scheduler is a new scheduler that automatically applies or removes labels from projects based on customizable rules, such as creation date, last scan date, business criticality, infrastructure group, and vulnerability flags, either individually or in combination.
• Trivy now provides secret scanning results for IaC, enhancing security by detecting sensitive data within your IaC configurations for better compliance and risk management.

Release v1.100​

Release date: 3 March 2025

New features​

• Dependency Tree/View and Transitive/Direct Component Fields Additions is now available in SBOMs. The new view displays component relationships using the "depends on" structure from CycloneDX and SPDX standards, allowing better visualization of dependencies. Additionally, components can now be marked as transitive or direct, with flexibility to vary by project.
• The new query parameter "Dependency File" Filter in Vulnerability Tables is now available on vulnerability tables, allowing filtering by Dependency File (SCA file name).
• OpenAPI Spec (Swagger File) Parsing and "API Endpoints" Tab enable the display of HTTP endpoint details, such as method, path, and vulnerability count, by parsing a single Swagger file per project and presenting the data in a table under the project's "API Endpoints" tab.
• Severity Update and Auto Flagging tags enable condition-based actions to be applied to vulnerabilities immediately and automatically after each scan/import. Multiple flags can be selected, with all actions, severity changes, and flags logged in the Vulnerability Change Log and audit trail.
• The integration with Blackduck and Coverity Seeker now includes advanced settings for user permissions. Team leads can be granted permission to either scan instances or create new instances.
• Control API Endpoint Import for Non-Supported Files – Unsupported files are now supported and can be imported successfully.

Improvements​

• Trivy Operator Configuration Audit Support added for Trivy operator configuration audit-type findings, with results similar to the Kubescape tool output.
• Team Restriction for Custom Roles introduces a new toggle, "Use teams to restrict accessible projects and users" for custom roles inherited from Admin. When enabled, it restricts users to view only the teams, projects, vulnerabilities, and users associated with their team memberships, and limits access across the Global Dashboard, Teams Section, Vulnerability DB Team Filter, Scans Team Filter, Reports Section, and Users Menu. This toggle can't be used with the "Use Business Units" toggle.
• In Trivy Operator Scanner now includes Fetch Exposed Secrets option in the integration.
• TLS authentication for email integration now supports self-signed certificates.

Bug fixes​

• The default item size for Infra profiles has been updated, and the pagination size is now fixed.
• The issue with saving Checkmarx scan parameters during project creation has been fixed, and the tag selection endpoint now functions correctly.
• The functionality to edit existing Trivy Operator integrations has been restored, ensuring smooth operation as expected.
• The process of adding a new pentest has been updated to disable the End Date selection for 'In Progress' or 'Scheduled' statuses, with a warning message indicating the End Date isn't required.
• The issue with mismatched data displayed on the dashboard after relogging has been resolved.

Release v1.99​

Release date: 3 February 2025

New features​

• Custom Flags is now available. Flags can now be automatically added to vulnerabilities that meet specific criteria, allowing automation rules to be applied based on these flags. Additionally, these flags can now be pushed as labels to Issue Managers.
• ASVS column has been added to the Vulnerabilities page.
• More granular permissions under Automation Setup and Workflow sections can now be granted to custom roles.
• Custom fields on Azure DevOps Cloud and Server issue manager are now supported.
• Scan Duration Threshold configuration is now available under Project Settings > Scanners. With this configuration, when a scan takes longer than this time limit, it's automatically canceled by Invicti ASPM to prevent hanging scans.
• OSV Scanner can now be run by providing an SBOM file via KDT.

Improvements​

• Discovered by filter is now available.
• Plugin and family filters added to Correlation Assistant for enhanced vulnerability correlation and analysis.
• Projects Issue Assignment page is now divided into two tabs for better performance.
• Dashboard-Worker Service performance improved for Infra Dashboards.
• Scanner Integration page performance has been improved.
• Per Page Selection added to Products, Scans Queue, Completed Scans, Failed Scans, and Imports pages for better pagination control.

Bug fixes​

• The issue preventing Infra Profiles from being searchable on the Scans screen has been fixed.
• SBOM Inspection now runs immediately upon importing a new SBOM, instead of waiting 12 hours.
• The bug in Checkmarx where scan parameters weren't being created for the correct branch has been fixed.
• The bug where the Notifier Email Template was broken has been fixed.
• The bug where the session expired unexpectedly when a user had multiple tabs open has been fixed.
• The bug in Trivy Operator where vulnerabilities weren't being fetched correctly has been fixed.
• The bug where Nuclei JSON import via KDT was failing has been fixed.
• The bug where Invicti ASPM was posting duplicate comments on Jira issues has been fixed.
• The bug where the Checkov scanner wasn't functioning properly has been fixed.

2024​

This section summarizes all releases, features, improvements, and fixes for 2024 as they're added.

Release v1.98​

Release date: 25 December 2024

New features​

• Sysdig CSPM Integration is now available.
• Multiple vulnerabilities can now be linked to tickets in the Issue Manager.
• A separate page has been created for pentests. Additional details such as start and end dates, and current status can now be assigned to pentests.
• A Host FQDN based view has been added to Infra group views.
• Tickets in the Issue Manager can now be unlinked from vulnerabilities.
• The Add Screenshot section for vulnerabilities has been updated to Add Attachment. It now supports various formats such as PDF, HTML, and video.

Improvements​

• Column sizes on vulnerability tables can now be adjusted.
• Manually added findings can now be reopened by Admins and Team Leads.
• The Project Mapping structure of Azure Issue Manager has been improved.
• User permissions can now be applied at the project level.
• Azure Issue Manager Project Field structure has been improved.
• Snyk Target Mode structure has been improved.
• Importing Infrastructure Vulnerabilities through KDT has been enabled.

Bug fixes​

• The "Approve Risk Accepted" permission has been removed from product owners and custom roles inheriting from the product owner role.

Release v1.97​

Release date: 26 November 2024

New features​

• Semgrep Enterprise SAST & SCA Integration is now available.
• Orca integration is now available.
• Service Core Issue Manager integration is now available.
• A setting to define the inactivity timeout duration for user logout was added to Global Settings.
• The Issue Responsible feature was added for Infra Groups.
• Prisma Cloud CS now supports multiple instances.
• The Fetch Projects feature has been added for Veracode.
• Team Lead Integrations is available for Rapid7 Insight VM / Nexpose.

Improvements​

• Markdown support was added for the Description field of manually added findings.
• The Issue Assignment page was refactored, and performance issues caused by an excessive number of fields in large organizations were resolved.
• A toggle has been added to change the scan structure, ensuring that Targets can be scanned without issues in Snyk SCA.

Bug fixes​

• SAML users weren't redirected to their last page after logging out, and the logging back bug has been fixed.
• SBOM Radar couldn't inherit the insecure setting from the Blackduck bug has been fixed.
• The Infra Group Names not updating Project Cards bug has been fixed.
• The Requester Filter bug on the Suppression Requests page has been fixed.
• Multi-Instance Listing bug on Nessus Profiles bug has been fixed.

Release v1.96​

Release date: 24 October 2024

New features​

• The Fetch Projects feature has been added for Checkmarx One SCA.
• Invicti ASPM now supports SARIF import for supported SAST tools.

Improvements​

• The date and time selection structure in the dashboard tables has been improved.
• Dashboard performance has been optimized, ensuring faster load times.
• Recommendations information can now be retrieved from Microsoft Defender for Cloud.

Release v1.95​

Release date: 9 October 2024

New features​

• Prowler integration is now available.
• Adding Custom Integrations is now available for the CSPM, DAST scanner category.
• When GitHub Enterprise is integrated, GitHub Secret Scanner, Dependabot, and CodeQL scans can be automatically created.
• The Fetch Projects feature has been added for Checkmarx One and Invicti. Projects can now be onboarded through these platforms.
• The list view is available on the projects page.
• Prisma Cloud CSPM now supports multiple instances.
• Screenshots can now be added by the developer role.

Improvements​

• The selected date range can now be applied to all similar charts on the Dashboard with a single click.
• Team Leads can now be granted permission to fetch projects from ALM.
• The path filter flag has been added to Checkmarx scans triggered through KDT.
• Environment filters added to automation rules.
• The Mandiant fields have been improved.
• The Last scan date filter added an asset management and projects page.
• The Checkmarx SCA now supports import.
• The Nuclei version has been updated.
• The notification templates have been updated.
• Team names now support the characters "[ ]".

Bug fixes​

• The structure that allows custom rule users inherited from the admin to access all projects has been fixed.
• The bug where users with Team Lead and Pentester roles couldn't see files of custom-assigned projects has been fixed.
• The issue with the Issue Description bug in Trello has been fixed.

Release v1.94​

Release date: 16 September 2024

New features​

• Trivy Operator integration is now available.
• The Correlation Assistant has been added. With the Correlation Assistant, similar vulnerabilities can be grouped and merged into a single ticket when an issue is created.
• SBOM Radar now has trigger options. Users can select which scans (SAST, SCA, CS, or IaC) trigger SBOM Radar scans.
• The Disable Clone Operation option has been added to the Source Control section of projects. By disabling the Git Clone operation for larger projects, the system load can be reduced.
• Custom Integrations is now available for the Infra scanner category.

Improvements​

• Master vulnerabilities can now be distinguished in the vulnerability list by a Crown icon, and when clicked, the associated child findings can be viewed.
• New Group Views have been added. It's now possible to create Group Views based on File/Path/Resource, CVE ID, CWE Name, Scanner, and Severity.
• The Issue Assignment Endpoint has been added to the API for GitLab Cloud, GitLab On-Prem, and GitHub.
• Dashboard performance has been improved.
• The capacities of Bulk Actions on the Asset Management page have been expanded.
• The Select All option has been added for instances when creating a scan for Microsoft Defender for Cloud.
• The vulnerability mapping for Seeker has been improved.

Bug fixes​

• The bug encountered when exporting Infra vulnerabilities of projects via the API has been fixed.
• The bug where QualysVM would only retrieve scans from the last 30 days by default via the API has been fixed.
• The Last Scan Date bug on the project card, which occurred when all scan-parameters in a project were deleted, has been fixed.
• The bug where findings marked as Ignored in Snyk weren't visible has been fixed.
• The bug caused by Jira's Team Endpoint only retrieving a maximum of 100 teams has been fixed.
• The bug where the names of Custom Roles were displayed incorrectly in SSO Integrations has been fixed.

Release v1.93​

Release date: 21 August 2024

New features​

• A Custom Role has been added. New roles can now be created in Invicti ASPM by removing desired permissions from the existing roles.
• A Daily Sync feature has been added to SAST Tools and ALMs. When the feature is enabled, it automatically fetches projects on a daily basis.
• Trello is now available on Issue Managers.

Improvements​

• The Mandiant fields have been improved.
• Invicti ASPM now supports multiple Redis instances.
• The Custom Integration addition process has been enhanced. A more user-friendly interface has been implemented, allowing for previewing added fields.

Bug fixes​

• The issue with special characters in Seeker's Version Name has been resolved.
• The Redis:nil issue that occurred with simultaneous scans has been fixed.

Release v1.92​

Release date: 25 July 2024

New features​

• Armo integration is now available.
• Scheduled scan support was added to APIv2.
• Custom field selection support was added to Jira.

Improvements​

• Cloud filters are now available for AWS Security Hub scans.
• The deduplication flow was improved. When a new child vuln. is discovered, Kondukto now replaces the parent vuln. with the new child vuln. and the parent vuln becomes a child vuln.
• Gitmatcher performance was significantly boosted by optimizing the project directory loop.
• Wiz's sync performance was improved. The data flow was adjusted to occur every 24 hours to avoid hitting the rate limit.
• Project filters were improved for Snyk SCA, CS, and IaC.
• IP address can also be entered in the Smtp field under Email integrations.
• The “cancel scan” capability was added to the KONDA agent for Fortify and Sonarqube.
• Calendar week is added to the New vs Closed Trend chart.
• Path field is now captured from Syft.
• Name search under SAST project creation now works with "contains" instead of "exact match".
• A tooltip is now available upon hovering on the project names under scan paramaters.
• Metadata "is blank" and "is not blank" filters are now available.

Bug fixes​

• The truffleHog import bug has been fixed.
• The JSON object array issue in the custom scanner was resolved.
• Team filter bug under assets mgmt. page is fixed.
• Severity trend chart bug is fixed.
• Description and target image field bugs are fixed for Red Hat ACS.

Release v1.91​

Release date: 28 June 2024

New features​

• Adding Custom Integrations is now available for the IaC scanner category.

Improvements​

• It is now possible to filter vulnerabilities by "Historical Status" on Vulnerability DB
• Risk Accepted vulnerabilities are also now counted by the Burndown Charts on the Project, Product, and Dashboard Pages.
• Team Leads now can manage the Assets Management Page.
• The vulnerability ALM paths are now linked to the shown path from ALM's.

Bug fixes​

• The SBOM Components License Risk filter bug has been fixed.
• A bug affecting the Audit Logs has been fixed.
• The bug that occurs on the Commiter Benchmark page on the Export button has been fixed.

Release v1.90​

Release date: 28 June 2024

New features​

• Adding Custom Integrations is now available for SAST, SCA, and CS scanner categories.
• Auto Labels are now available in Global Settings for projects with distinguished components to be labeled automatically.

Improvements​

• Incremental scan imports with Semgrep are now available using the kdt tool with the "-i" flag.
• Custom issue titles when creating issues are now available for Jira, Github, and Azure DevOps Services.
• Multiple instance integration on Tenable SC is now available.
• Multiple instance integration on AWS Security Hub is now available.
• If a user is inactive for 15 minutes, the system will now automatically log out the user.

Bug fixes​

• "Meta Data", and "Docker Registry Path" errors on Trivy Scan creation on UI have been fixed.
• The UI "Import Vulnerabilities" page bug when searching for tools has been fixed.

Release v1.89​

Release date: 16 May 2024

New features​

• Microsoft Azure Mail is now available on Notification Tools.
• Team Lead Integrations is available for Microsoft Azure DevOps & Issue Manager.

Improvements​

• Project Limit / Project Used is now visible on the UI.
• The pentest structure has been improved. The "Engagement" field has been added to facilitate management. The person who added the pentest can edit the findings.
• The resolution page is now supported for the JIRA Issue Manager.

Release v1.88​

Release date: 25 April 2024

New features​

• Added Team Lead Token option for Microsoft Defender. Once activated, Team Leads can integrate their instances.
• Severities can now be bulk updated.

Improvements​

• The UI has been responsive and more stable at low resolutions or in small window modes.
• Notification settings have been updated. It is now possible to choose whether Kondukto will notify you about completed or failed scans.

Bug fixes​

• The Sync Branches button did not work due to missing details of Open-Source projects bug has been fixed.

Release v1.87​

Release date: 3 April 2024

New features​

• Wiz CSPM is now available on Scanners.
• Cdxgen is now available as a Generator tool for SBOMRadar.
• "Feature Branch Management" is now available in project settings, and it is now possible to provide an "Environment" for project scans.

Improvements​

• The LDAP attribute utility and TLS-supported LDAP connections are now available on SSO integrations.
• "Observed in the Wild" has been disabled for systems without Mandiant TI.

Release v1.86​

Release date: 13 March 2024

New features​

• Red Hat Advanced Cluster Security scanner integration is now available.

Improvements​

• Now, the latest sort for the Vulnerabilities page in Projects is being saved to ease the display of vulnerabilities.
• It is now possible to exclude quality findings from Coverity with a toggle while triggering scans on the Scanners page.
• The Default Branch filter is added on Committer Benchmark view as default.
• The "m score" field has been added on the Vulnerability DB page for Mandiant-integrated versions.
• It is now possible to use "Only upgrade or only downgrade the severity of vulnerabilities" options under EPSS TI integrations.

Bug fixes​

• Presentations of the Dashboard PDF downloaded reports have been fixed.
• The "Product Owner" cannot see the Export button on the Projects Vulnerabilities bug has been fixed.

Release v1.85​

Release date: 23 January 2024

New features​

• "Net New Vulnerabilities", "Suppressed Vulnerabilities", and "New Vulnerabilities" charts are now available on the global dashboard.
• Using "True Positive" toggle on vulnerabilities is now possible.
• 4me Issue Manager integration is now available.
• Contrast IAST and Contrast SCA integrations are now available.

Improvements​

• Severity Minus & Plus labels can now be added to Infra Profiles.
• Binding project branch selection is now available for SonarQube.
• Project Manager Page now has a new name, "Asset Manager" with additional filters.
• The "Namespace" field is now available for "Seeker" vulnerabilities.
• It is now possible to link vulnerabilities to an existing issue without creating another issue on Jira.
• It is now possible to delete vulnerabilities, "scanparams", SBOM scans, and components that are discovered on branches deleted on Cloud and On-Prem versions of GitLab, Azure, and Bitbucket.
• Black Duck and Mend can now be used to generate SBOM and inspect vulnerabilities on SBOM Radar.

Bug fixes​

• The snippet path for Sonarqube vulnerabilities is now fixed.
• The ALM link problem on Sonarqube is now fixed.
• Infra Group Names representation in vulnerabilities bug has been fixed.
• The metadata UI bug on the Scanners Page for Checkmarx and Snyk has been fixed.
• The vulnerability filter bug that appears when using the branch filter has been fixed.

Release v1.84​

Release date: 25 January 2024

New features​

• Ivanti Heat Software is now available as Ivanti on Issue Managers.
• New vs. Closed Trend Charts are now available on Project, Product, and Global dashboards.
• Representation of the highest vulnerability as color for Secrets, Code, Artifact, Test, and Cloud symbols is now available on AppSec vulnerabilities on Project Dashboards.

Improvements​

• AI recommendations are now available with a code-snippet sharing option.
• Coverity snippets have been improved.
• It is now possible to delete related vulnerabilities, "scanparams", SBOM scans, and components by Syncing GitHub ALM of deleted projects branch.
• It is now possible to import JSON and YAML file types on the Projects Files Page.
• Kondukto now adds a comment and changes the priority on Jira accordingly after the severity of a vulnerability is changed on Kondukto.

Bug fixes​

• SecureFlag detail lacks in vulnerabilities bug fixed.
• Mattermost integration showing duplicate link bug fixed.

Release v1.83​

Release date: 11 January 2024

New features​

• The Automation Rules section in Workflows is now available, covering Security Criteria, Alert Rules, Issue Criteria, and Suppression Rules.
• The Highlighted Vulnerabilities section is now available under Workflows.

Improvements​

• All scheduled Scans on Queue can now be canceled on the Scans Page.
• Audit Logs have been improved.
• The Vulnerability Export capabilities have been improved.
• You can now manage Parent Work Item Types of Issues under Issue Assignment of a Project.

Bug fixes​

• AppSpider Pro preset file upload bug fixed.
• Issue Assignment selections bug fixed.
• The CVE ID field Bug on the Advanced Filter on the Vulnerabilities page is fixed.
• The project name appears on the Infra vulnerabilities bug fixed.
• Bugs occurring when exporting vulnerabilities have been fixed.
• The suppression rule is not triggered by the Infra vulnerabilities bug fixed.