Monthly Archives: February 2023

New in Dradis Pro v4.7

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Inline Code Support

We already supported code blocks, but now, you can use @ symbols to create in-line code inside of your Dradis project:

When you export this to a Word report that has a custom InlineCode character style, you’ll get that code styled automatically:

Custom Tag Management

Previously, you could create custom tags by editing the XML of the project template directly. That’s still an option if you happen to enjoy dealing with XML. Otherwise, you can now use the UI for that whole process. There’s even a color picker so that you can get just the right shade for your custom tags.

From the project level, you can also manage your tags and create, edit, or delete them as needed:

Opt-in Usage Analytics

Prior to v4.7, we had no way to receive usage data from your instance other than a ping to our licensing server when you first activate the instance. In v4.7, we have rolled out optional usage analytics that you can share with us. Yes, optional!

For full transparency, you can see exactly what you would be sending to us in the event log. It’s all anonymized data like “someone exported a Word report” or “someone logged in as a contributor” that is designed to help us understand how teams are using Dradis and should not reveal anything sensitive, not even your email address.

Of course, you can always opt out of sharing this data with us if you prefer. We’re excited to have a bit more information about how you’re currently using Dradis so that we can make the product even better for everyone in the future.

Release Notes

  • Configurations: Add usage tracking and sharing
  • Content Blocks:
    • Add auto-caching
    • Add image upload button to source view toolbar
  • Issues: Display the results from importers in a Datatable
  • Rubocop CI:
    • disable EnforcedShorthandSyntax rule under Style/HashSyntax cop
  • Tylium:
    • Add breadcrumbs to Revision History view
    • Add secondary sidebar toggling functionality
    • Remove Recent Activity tabs and add View History link to the dots menu
    • Tags: Add tag management
  • Nginx:
    • Remove support for TLSv1.0 and TLSv1.1
    • Add support for TLSv1.3
  • Integration enhancements:
    • Burp: Add support for large base64 response
    • Nessus: Clean up code tags in description fields
    • Netsparker: Add issue.classification_owasp2021 as a new avaiable field
    • JIRA: Fix configurations page requiring JIRA token
    • Remediation Tracker
    • Add a sidebar with a back link and info pane for contributors
    • Hide ticket actions from other addons for contributors
    • SAML: Fix assets on login for some providers
  • Upgraded gems:
    • nokogiri, rails, rails-html-sanitizer, sanitize, sinatra
  • Bug fixes:
    • Business Intelligence: Prevent tracking of discarded projects/teams in dashboard
    • Issues: Prevent multiple action cable subscriptions when going back to the issues table
    • Project: Pre-select the project template when project creation fails
    • Methodologies: Ensure params are validated when moving list/card
    • Issuelib: Avoid partial matches being found when importing tool output
  • Reporting enhancements:
    • Word:
      • Add support for inline code
      • Ignore character properties inside Code paragraphs
      • Use ‘DradisData’ as sheet name for embedded chars
  • REST/JSON API enhancements:
    • Author: Add author field for content blocks, notes, issues, and evidence

Not using Dradis Pro?