Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Cross-references in Word reports

A frequent report template request is being able to cross-reference Issues, so that you can have a summary table of issues in one part of the finished report that links to each full Issue description later in the report. Previously we have implemented this using VBA macros; now you can do it right in the Word template using content controls, no VBA needed!

You can create links in summary tables, or even refer to specific issues in other blocks of text (such as Content Blocks) with links directly to each individual issue you want to reference. For example, maybe you have a “Most urgent issues” content block? Now you can refer to those individual issues with links in text.

Reach out to us if you would like us to implement cross-referencing in your Word report templates, or if you currently have a VBA macro implementation of cross-referencing that you want to replace with the built-in cross-referencing feature.

Custom Tag Order

You have been able to customise tags in Dradis for a while; now you can sort them dynamically as well. For example, maybe you have your own custom “Resolved” tag as well as your typical High/Medium/Low tags, and you want Resolved issues sorted first. Now you can do that! Change your mind and want to see High issues first? Re-order the tags and you’re done.

Kit Updates

We refreshed our built-in Kits with updated templates for reports, projects, issues, and more. We also included integration mappings and rules, along with an OWASP Top 10 methodology update.

Kits can be deployed immediately on an instance (no upload required) and can be used immediately with some tool output for which mappings are included. Other tweaks like CVSSv4 support are also included.

Release Notes

• Projects: Add `Owner` column to projects data table
• Tags: Add custom ordering
• Welcome Kit:
  • Add HTML report template
  • Add issue and evidence templates
  • Add integration mappings
  • Add project template
  • Add rules for Rules Engine
  • Update OWASP Top 10 methodology to latest version (2021)
  • Update report templates
• Upgraded gems: net-scp, net-ssh, rexml
• Bug fixes:
  • Dashboard: refresh cache on recent project changes
  • Word export: allow charts to be edited post-export
• Integration enhancements:
  • Gateway: Process Liquid in content block, evidence, issue and note text by default when rendering template
  • SAML: Bump ruby-saml dependency to 1.17
• Reporting enhancements:
  • Word:
    • Add support for cross-references
    • Add support for mismatched nested lists
• Security Fixes:
  • High: Authenticated (author) persistent cross-site scripting

Not using Dradis Pro?

Dradis exists to give pentesting teams more time to do what they do best, cutting the busywork from cybersecurity projects by automating pentest reporting and streamlining collaboration.

To achieve this, we’re continually improving the product. Fixing bugs and adding/improving features. 

Let’s look back on the updates that shaped Dradis Pro in 2024. From major feature rollouts to smaller, user-requested enhancements, our focus remained on delivering tools that help streamline workflows and improve reporting efficiency.

v4.12: Enhanced Mappings Manager and CVSSv4 Support

Released in May 2024

• Overhauled Mappings Manager: We’ve revamped the Mappings Manager to associate configurations directly with specific report templates and their properties. This change allows for distinct plugin mappings tailored to each report template, streamlining your reporting process.
• CVSSv4 Calculator Integration: Responding to user feedback, we’ve integrated a CVSSv4 calculator into Dradis Pro. You can now assess vulnerabilities using CVSSv4, with the flexibility to include outputs from multiple calculator versions within the same issue.
• API Enhancements for Attachments: The API now provides additional functionalities for attachments, including access to size, creation date, and direct download links, enhancing automation and integration capabilities.
• Official AWS and Azure Support: Our Dradis images for AWS and Azure have transitioned from beta to officially supported status, ensuring reliable deployments when following our documented methods.

v4.13: Advanced Liquid Support and Scheduler Integration

Released in August 2024

• Expanded Liquid Functionality: We’ve broadened Liquid support, making Liquid drops available at more levels. This enhancement enables dynamic content generation, such as auto-generated executive summaries that summarize recommendations based on issue severity and evidence locations.

• Project Scheduler Calendar Integration: The Project Scheduler now offers secure links to .ics files, facilitating integration with third-party calendar applications like Outlook, Thunderbird, and Apple Calendar. This feature ensures seamless scheduling and project management across platforms.

• Auto-Detection of Word Report Template Properties: To simplify template configuration, Dradis Pro can now auto-detect report template properties upon template upload. This automation reduces manual setup, ensuring accurate project generation, validation, and export.

v4.14: Issue Library Synchronization and Quality Assurance

Released in October 2024

• Synchronized Issues and Issue Library Entries: We’ve introduced synchronization between project issues and Issue Library entries. This feature allows for real-time updates and consistency, enabling you to sync content between associated issues and library entries seamlessly.

• Quality Assurance for Issue Library: A new QA view for the Issue Library lets you review, edit, and manage entries with version history tracking. This addition ensures that reusable issues maintain high quality and consistency across projects.

• Liquid Support for Issue Sorting Fields: We’ve added Liquid support for issue sorting fields, allowing you to use Liquid code within sorting fields without affecting the sort order. The evaluated result of the Liquid code determines the sorting, providing dynamic and customized report organization.

v4.15 – the latest release

We’ve continued releasing updates in 2025, here’s an overview of our latest release:

🔑 What’s New in v4.15:

• Cross-Reference Links: Automatically generate links in Word reports for better navigation.
• Custom Tag Sorting: Sort Issues by Tags in a custom order to prioritize what matters most.
• Updated Built-In Kits: Access refreshed templates for reports, projects, issues, and more.

Check out the full release notes.

Not using Dradis Pro?

• Cybersecurity consultancies; deliver insights to your clients faster, with consistent and accurate results every time
• Corporate security teams; reduce time to remediation and enhance collaboration with automated, centralized processes