• Implemented a feature that allows users to override the severity of vulnerabilities detected in DAST scans (Read more on individual vulnerability's and global severity changes)
• Implemented screenshot capture during DAST scans to improve visibility of the scanning process and authentication failures (Read more)
• Compliance classification information is now included in vulnerability details to support regulatory alignment and audit readiness (Read more)
• Added support for automatic user provisioning during IdP-initiated SAML SSO login
• Added CircleCI integration (Read more)
• Improved API Insights dashboard to respect user access restrictions, preventing users from viewing results for targets they don't have permission to access. Only users who have access to all targets can view the dashboard (Read more)
• Users can now add bulk comments and tags to vulnerabilites (Read more)
• Enabled users to re-register multiple times using the same NTA token, improving registration flexibility
• Users can now add API specs via URL reference in target settings, allowing the scanner to pull specs at runtime from targets not accessible to Invicti cloud services (Read more)
• NTA now automatically shuts down after multiple failed connection attempts to Invicti Platform (Read more)
• Dark mode is now available
• Added preview capability for REST API specifications (OpenAPI, Swagger, RAML) after uploading (Read more)
• WAFs detected by DAST scanner are reported in the Scan activity log
• Auto-scalable agents (Read more)

Improvements

• Discovered and inventoried APIs can now be exported directly from the API catalog view, allowing users to download their full API inventory
• Enabled users to re-register multiple times with the same NTA token
• Improved the user experience after creating or linking a target in the API security platform, ensuring users land in the API catalog with an informative success message.
• Users can now preview uploaded or linked API specifications directly within the target configuration.
• When the API Security add-on license is added or removed, engine-based discovery is automatically enabled or disabled accordingly to reflect the current license state.
• APIs can now be added as reference URLs even when the endpoint is not reachable from the cloud, supporting the use of internal or private URLs.
• The Kong Konnect integration has been upgraded to use the latest API v3.
• The time-zone picker in user profile settings has been upgraded and now includes India Standard Time (GMT +5:30).
• AI-powered features are now enabled by default for all new accounts, with account owners given the option to disable them at the time of account creation.
• The Scan Preparator now supports proxy configuration for remote backend access, enabling internal scanning agents to reach backend services through a proxy.
• The LSR engine now forwards screenshot data captured during scans to the UI, making visual scan evidence available directly in the interface.
• The ICBD component has been updated to run on Node.js 20.x (LTS), ensuring compatibility with the latest long-term support release.

Resolved issues

• Fixed an issue where creating a target from a discovered AWS API failed.
• Resolved an issue where the API target detail view returned an incorrect number of operations.
• GraphQL and other unsupported API spec types are no longer incorrectly displayed in API Hub.
• Fixed an issue where the API Hub Swagger page failed.
• Resolved an issue where default sorting and manual sorting changes of API operations were not applied correctly.
• Fixed an issue where the API Target Source type displayed in the UI did not match the value set when uploading from the target configuration.
• Fixed a communication issue between DAST and Inventory services when updating a target agent.
• Fixed an issue where the Exemptions list failed to display more than 50 users.
• Fixed an issue where the internal scanner was generating excessive request volume.
• Resolved an issue where LSR scans with restrictions and imported files failed to complete successfully.

2025

This section summarizes all Invicti Platform on-premises releases, including new features, improvements, and fixes as they’re added.

To install Invicti Platform on-premises, follow the comprehensive Helm setup documentation, which covers:

• Architecture overview and system requirements
• Prerequisites and Kubernetes cluster configuration
• Step-by-step installation instructions
• Post-installation setup and configuration
• Troubleshooting guidance