How many Dradis projects did you create this year? How many Issues did you find? Which were the most commonly found Issues? What was the most common severity of the Issues that you found?
Credit for this script idea goes to Marc Ligthart. His teammate reached out via the support inbox to see if we could create a quick “Year in Review” script that would list out the following:
1. Count of Projects created this year 2. Total Critical/High/Medium/Low Issues (by Tag) 3. Top 10 most found Issues (by title) 4. Top 10 most found Critical/High/Medium Issues (by title)
Example output from the year in review script
You can already head over to our scripting repo and check out the Year in Review script. To use it:
1. SCP the file you your instance (e.g. to the /tmp folder)
2. Run the following in the command line as “dradispro”: $ cd /opt/dradispro/dradispro/current/ $ RAILS_ENV=production bundle exec rails runner /tmp/year_in_review.rb
The output will list out the yearly review for all of the projects present on your Dradis instance.
Now, for the fun part? We want your feedback. If you like this idea, you’ll like version 2.0 even better. We want to include this functionality as part of the existing Business Intelligence Dashboard within Dradis. But first, we want to hear from you. What else would you like to see in a summary view like this in the BI Dashboard? What other metrics would be helpful for your team or what isn’t particularly useful about the current output? Please email our support team directly with feedback! We’re excited to continue working with you in 2020 and get you some more valuable insights into your Dradis usage along the way.
Now you can have your notifications emailed to you when you aren’t working in a Dradis project. Each user can adjust their notification settings to receive them individually as they happen, in a daily digest, or not at all. Get started using email notifications by configuring the mail server on your Dradis Pro instance.
A few @mention enhancements are in this release, including loading an @mentioned user’s profile photo or gravatar so you quickly spot who is in the conversation.
Burp Suite Issue severity
The way that Burp Suite handles severity is different than other integrations. Burp assigns severity to each instance of an issue as evidence and doesn’t assign severity to the issue directly. As a result, this was leading to several pieces of evidence with different severity levels for an issue with no assigned severity in Dradis. Now, Dradis will assign the issue severity using the highest evidence severity level.
Table Sorting
Finding the information you are looking for in a long table is easier with table sorting. Tables in Dradis can be sorted by any column. Click on the column heading of your choice and presto, change-o the table is sorted.
Release Notes
Email notifications
Add notification settings to decide how often to get email notifications
Add a smtp.yml config file to handle the SMTP configuration
Preserve SMTP configuration on updates
Various mention related improvements:
Enhance the mentions box in comments to close when it is open and the page is scrolled.
Fix bug that prevents the mentions dialog from appearing after navigating through the app.
Fix elongated avatar images so they are round once again.
Added avatar images to mentions in comments.
Load Gravatars for users whose email has been set up with gravatar.
Add and update methodology download links to Dradis Portal
Enhancement when adding new nodes to copy node label data between the single and multiple node forms.
All tables can be sorted by column
Bugs fixed:
Fix handling of pipe character in node property tables
Fix projects count not updating in teams view
Fix error on team page when showing primary team
Fix overflow issue where the content would expand out of view
Fix page jump when issues list is collapsed
Fix conflicting version message when updating records with ajax
Fix hamburger dropdown menu functionality.
Fix node merging bug when `services_extras` properties are present
Fix cross-project info rendering
Prevent content block group names to be whitespaces only
Fix displaying of content blocks with no block groups
Limit project name length when viewing a project
Removed bullet style in node modals
Validate parent node project
Integration enhancements:
Burp: Make `issue.severity` available at the Issue level
Nessus: Fixed bullet points formatting to handle internal text column widths
Nexpose: Wrap ciphers in code blocks
Netsparker: Fix link parsing of issue.external_references
Jira: Loading custom (required) fields from JIRA by IssueType and Project
REST/JSON API enhancements:
Fix disappearing owner when assigning authors to a Project using the API
Set the “by” attribute for item revisions when using the API
