We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal
📅 March 27, 15:30–17:50 SGT
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Auto-update Charts in Word
Previously, to include charts in Word templates, VBA macros were necessary to be able to update the charts in exported reports. This was a problem for the Mac users among us, as the relevant VBA is not supported in Office for Mac. We have now tweaked the reporting engine so that the source Excel sheets for charts in Word can be filled in with filters so they will auto-update during the export process from Dradis. The supported filters support the majority of use cases we have seen, such as issue counts by CVSS score, severity, type, category, host, etc.
Gateway comments
Do you use the Dradis Gateway? We have now improved this collaboration feature! Comments are already supported within Dradis projects, but now comments have reached the Gateway as well. If you are an Admin or Author on a project, you can choose to make a comment public (available on Gateway) or not (only visible to your team members within the project). Gateway contributors are able to view your public comments and submit their own comments on issues and other content inside the Gateway.
Qualys Asset Scans
Dradis now supports Qualys Asset Scans! This expands our Qualys coverage to include:
- Qualys Vulnerability Scans (Vuln)
- Qualys Web Application Scans (WAS)
- Qualys Asset Scans (ASSET)
Release Notes
- Comments: Show public comments for issues in a project
- Mintcreek: Add breadcrumb navigation
- Uploads: Allow subsequent file uploads from the same scanner without needing to re-select the scanner
- Upgraded gems:
- nokogiri, rails
- Bugs fixes:
- Document Properties: Set focus to property name/value inputs when clicking the edit icon
- Editor:
- Add keyboard shortcut support for windows and linux
- Allow comparing document property values with “==” operator
- Allow text selection expansion using shift-click
- Issues: Show correct links in the “Send To” menu
- Subscriptions: Show correct Subscribe/Unsubscribe link after a new comment is posted
- Tables: Prevent columns state from resetting after 2 hours
- Teams: Prevent displaying trashed projects
- Tylium: Remove extra left padding from the first line of content in a code block
- Upload: Show pre upload validation for Qualys
- Integration enhancements:
- Openvas: Update Node label parsing. Include :hostname and :asset_id properties.
- Qualys: Add Qualys Asset Scanner (ASSET) support
- Reporting enhancements:
- Word: Charts in Word can now be exported without the need for macros
- Security Fixes:
- Low: Password reset token can be reused in a 5-minute window