Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.
Liquid updates
Dradis v4.13.0 expands what you can do with Liquid content. Support for Liquid drops has been expanded so that they are available at more levels. For example, perhaps you want to have an auto-magically generated text in an Executive Summary ContentBlock that summarises recommendations for Issues and their respective Evidence locations, in order of severity? Now you can do that!
In addition, we have tweaked the Word exporter so that Liquid content is evaluated before Word filters. That means that you can use Liquid syntax to programmatically set filters. For example, perhaps you have filters in your Word template that separate Internal and External Issues. Now you can use Liquid to, for example, specify that if an Issue is found on a Node beginning in 192. then the Type should be set to “Internal”.
Or perhaps you want to select which ContentBlock sections to display based on the Project type as defined in a document property? Now, with some Liquid code in the relevant ContentBlock filter sections, you can do that!
Project Scheduler integration
The Project Scheduler is one of our most downloaded add-ons, and a frequently requested feature has been integrated with third-party calendars. This is now implemented in v4.13.0! The Scheduler now has a secure link to a .ics that will let you integrate the Dradis Project Scheduler with apps like Outlook, Thunderbird, and Apple Calendar. The .ics file can of course also be downloaded rather than linked.
Auto-generate Word report template properties
Correct configuration of Word templates’ Report Template Properties is essential to ensure that projects are correctly generated, validated, and exported. With our recent Mappings Manager overhaul with per-template mappings, the correct configuration of report template properties is also essential to tool uploads. To make this process easier for you, Dradis can now auto-detect report template properties when you upload a report template to your Dradis instance. If you create or tweak your own templates, and don’t want to go through a fiddly .rb file to configure a new Kit each time, this feature is for you!
Release Notes
- Liquid: Make project-level collections available for Liquid syntax
- Validations: Evaluate Liquid syntax before validating the fields
- Upgraded gems: nokogiri, rails, redcloth, rexml
- Bug fixes:
- Business Intelligence:
- Prevent the “Business Intelligence” navigation label overflowing (in Project and Team forms) on mid-size view ports
- Prevent the “Compare” chart y-axis label from being covered by chart data
- Navigation: Restore functionality of native browser back/forward buttons
- Rules Engine: Prevent issues from getting multiple tags
- Tables: Enable sorting by validation column status
- Word: Prevent EvidenceCounter filters from being ignored
- Business Intelligence:
- Integration enhancements:
- Calculators: Add CVSS/Dread calculators to the Tools Manager
- Rules Engine: Process Liquid syntax before matching field condition
- Reporting enhancements:
- Word:
- Auto-generate fields for uploaded templates
- Process Liquid before generating the Word report
- Remove the NoSpacesInNodesValidator
- Skip QA validation when exporting all the records
- Word:
- Security Fixes:
- Medium: Authenticated (author) horizontal privilege escalation affecting attachments
Not using Dradis Pro?
- Automated reports, generate the same reports your clients know and love in a fraction of the time.
- Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
- Deliver consistent results. Never forget any steps, always know what has been covered and what is still ahead.
- Everyone on the same page: all information available across the team.
- Dradis Pro is reliable, with over 10 years of history, and has a top-notch dedicated support team.