Category Archives: Dradis_Pro

Posts about features, announcements and updates of Dradis Professional Edition.

New in Dradis Pro v4.14

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Associate and sync content between issues and Issue Library entries

Issues and Issue Library entries are now synced. When you add an Issue to your project from the Issue Library, it is synced up with the original Issue Library entry. That way, you can identify when the two are out of sync and, if needed, sync them back up.

You can update either the Issue in your project to match the Issue Library entry, or update Entry to match your Issue Library entry – it works both ways!

This link between the issue and the entry is also created when you send an already existing Issue from your project to the Issue Library. Managing your reusable Issues has never been as easy as it is now!

Quality Assurance for Issue Library

We implemented QA for the Issue Library. You can now review your Issue Library entries and perform quality assurance on them.

When entries are marked as “Ready For Review”, they’re available in the new QA view. You can edit them, change their state, and keep track of changes with the version history.

Liquid support for Issue Sort fields

Liquid support for Issue sorting fields. When you export a report to Word, you can set a numeric sorting field, and your issues will be sorted in descending order on export.

This update allows that field to contain Liquid in the Val values without affecting the sort order. The result of the Liquid code will be used in the sorting, not the Liquid code itself.

Release Notes

  • Issue Library:
    • Associate issues with Issue Library entries
    • Sync content between associated issues and Issue Library entries
    • Implement a Quality Assurance view for Issue Library entries
  • Kit Import:
    • Use file name sequencing when a template file with the same name exists
  • Upgraded gems:
    • concurrent-ruby, et-orbi, fugit, puma, rexml
  • Bug fixes:
    • Report Templates:
      • Fix confirmation on deleting a report template
    • Spelling:
      • Restore functionality of native browser back/forward buttons
  • Integration enhancements:
    • Business Intelligence:
      • Show search results in a data table
  • Reporting enhancements:
    • Word:
      • Allow fields that contain Liquid to be used as an export sorting field
      • Ignore Tag field when auto-generating word template properties

Not using Dradis Pro?

New in Dradis Pro v4.13

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Liquid updates

Dradis v4.13.0 expands what you can do with Liquid content. Support for Liquid drops has been expanded so that they are available at more levels. For example, perhaps you want to have an auto-magically generated text in an Executive Summary ContentBlock that summarises recommendations for Issues and their respective Evidence locations, in order of severity? Now you can do that!

In addition, we have tweaked the Word exporter so that Liquid content is evaluated before Word filters. That means that you can use Liquid syntax to programmatically set filters. For example, perhaps you have filters in your Word template that separate Internal and External Issues. Now you can use Liquid to, for example, specify that if an Issue is found on a Node beginning in 192. then the Type should be set to “Internal”.

Or perhaps you want to select which ContentBlock sections to display based on the Project type as defined in a document property? Now, with some Liquid code in the relevant ContentBlock filter sections, you can do that!

Project Scheduler integration

The Project Scheduler is one of our most downloaded add-ons, and a frequently requested feature has been integrated with third-party calendars. This is now implemented in v4.13.0! The Scheduler now has a secure link to a .ics that will let you integrate the Dradis Project Scheduler with apps like Outlook, Thunderbird, and Apple Calendar. The .ics file can of course also be downloaded rather than linked.

Auto-generate Word report template properties

Correct configuration of Word templates’ Report Template Properties is essential to ensure that projects are correctly generated, validated, and exported. With our recent Mappings Manager overhaul with per-template mappings, the correct configuration of report template properties is also essential to tool uploads. To make this process easier for you, Dradis can now auto-detect report template properties when you upload a report template to your Dradis instance. If you create or tweak your own templates, and don’t want to go through a fiddly .rb file to configure a new Kit each time, this feature is for you!

Release Notes

  • Liquid: Make project-level collections available for Liquid syntax
  • Validations: Evaluate Liquid syntax before validating the fields
  • Upgraded gems: nokogiri, rails, redcloth, rexml
  • Bug fixes:
    • Business Intelligence:
      • Prevent the “Business Intelligence” navigation label overflowing (in Project and Team forms) on mid-size view ports
      • Prevent the “Compare” chart y-axis label from being covered by chart data
    • Navigation: Restore functionality of native browser back/forward buttons
    • Rules Engine: Prevent issues from getting multiple tags
    • Tables: Enable sorting by validation column status
    • Word: Prevent EvidenceCounter filters from being ignored
  • Integration enhancements:
    • Calculators: Add CVSS/Dread calculators to the Tools Manager
    • Rules Engine: Process Liquid syntax before matching field condition
  • Reporting enhancements:
    • Word:
      • Auto-generate fields for uploaded templates
      • Process Liquid before generating the Word report
      • Remove the NoSpacesInNodesValidator
      • Skip QA validation when exporting all the records
  • Security Fixes:
    • Medium: Authenticated (author) horizontal privilege escalation affecting attachments

Not using Dradis Pro?

New in Dradis Pro v4.12

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

New Mappings Manager

Dradis v4.12.0 contains a complete overhaul of how the Mappings Manager works. Mappings Manager configurations for each upload plugin (e.g. Nessus, Burp, Qualys…) are now directly associated with a particular report template and its associated report template properties. This means that you can have separate plugin mappings for separate report templates.

The editor itself has also been overhauled to be more user-friendly. Rather than having to manually type out the Dradis fields needed using their #[Field]# syntax, you can now pick “Source Fields” and “Dradis Fields” from dropdowns. Of course “Custom Text” and “Custom Field” options are also available.

This overhaul should also make it more straightforward to configure the Mappings Manager for report templates in Kits.

Your existing Mappings Manager configurations will be migrated to the new format on upgrade.

CVSSv4 Calculator

We heard you, now we support a CVSSv4 calculator right in the application!

Of course CVSSv3.0 and CVSSv3.1 are still supported as well. Pick your preferred version from the dropdown. You can have the outputs of multiple calculator versions in the same Issue if you like.

API Attachments

New funcionalities have been added to the API Attachments endpoint. You can now get the size, created_at, and (by popular request) a download link with an API call!

AWS and Azure images now officially supported

After a long time in Beta, we are now able to offer our Dradis images for AWS and Azure as officially supported by us, as long as our documented AWS or Azure deployment methods are followed.

Release Notes

  • Attachments: Add size, created_at, and download link to the API
  • Kits: Automate creating Mappings
  • Mappings Manager: Map fields from scanner integrations to Dradis fields
  • Upgraded gems:
    • nokogiri, rails
  • Bugs fixes:
    • Avatars: Allow both .jpg and .jpeg formats
    • Projects: Fix redirection when updating an issue or content block
    • Sidebar: Prevent version number from overlapping listed records
  • New integrations:
    • Pentera
  • Integration enhancements:
    • CVSS Calculator: Add CVSS v4 support
    • Integration Manager: Clarify integration status after enabling/disabling
    • Veracode:
      • Create evidence for every instance of <flaw>
      • Use cweid as the issue identifier
  • Reporting enhancements:
    • Word: Accept scope parameter in command line export
    • Excel: Accept scope parameter in command line export
  • Security Fixes:
    • High: Authenticated author path traversal on attachment rename

Not using Dradis Pro?

A Year of Updates [2023] – Dradis Pro

Dradis exists to give pentesting teams more time to do what they do best, cutting the busywork from cybersecurity projects by automating pentest reporting and streamlining collaboration.

To achieve this, we’re continually improving the product. Fixing bugs and adding/improving features. 

2023 was a busy year at Dradis, with dozens of bugs fixed, and a bunch of new and improved features.

Improved reporting and testing features

  • Inline code support
  • Adding liquid content to Word and HTML reports
  • Improved filters in Word templates
  • Mappings Manager available for Azure DevOps and Jira 
  • Quality assurance 
  • Custom tag management

Improved admin and support features

  • Archiving projects – rather than moving them into the trash
  • Opt-in usage analytics 
  • Improved administrator powers

Improved reporting and testing features

Inline Code Support

v4.7

We already supported code blocks, but now, you can use @ symbols to create in-line code inside of your Dradis project:

Screenshot of the Dradis Pro inline code support feature update

When you export this to a Word report that has a custom InlineCode character style, you’ll get that code styled automatically:

Screenshot of the inline code output in Dradis Pro

Liquid Dynamic Content in Word and HTML reports

v.4.9

We have already supported Liquid content in Dradis Gateway templates for a while – now we are bringing Liquid Dynamic Content to Word and HTML reports as well.

Want to refer to document properties like dradis.client inside a ContentBlock? Want to show the count of evidence inside the text of an Issue? Want to use conditionals like “If this property is in Spanish, export this issue in Spanish instead of English”? Now you can!

Better filters in Word templates

v.4.9

We now have two more filtering options available in Word: Filters with spaces, and filters on Nodes.

Filtering with spaces means you can use double quotes in both field names and filter values. For example, you can filter by “CVSS Base"|(9.0..10.0) or Category|"A1 Injection“.

Nodes can be filtered by Node Properties. For example, if you have a Node property for type with values of internal/external, you can filter a Node by type|internal to only see content for internal-type Nodes.

Mappings Manager for Azure DevOps and Jira

v4.10

What was previously the Plugin Manager is now the Mappings Manager as we’ve extended the functionality to Azure DevOps and Jira. You told us that you usually have a pattern for the data that you send to these external tools. For example, you’d want a specific set of fields from your Dradis issue to go into your Jira card’s description.

Screenshot of the Mappings Manager for Azure DevOps and Jira in Dradis pro

The Mappings Manager allows you to configure that mapping so that the next time you send an Issue to Azure DevOps or Jira, the editor will pre-populate with the data from your Issue in the exact format you specified. You’ll still have the ability to edit it before sending the Issue to Azure DevOps or Jira if needed.

Screenshot of an issue being mapped to Azure DevOps

Quality Assurance

v4.8

Review/approve Issues and Content Blocks before including them in reports.

The goal here was to give you a way to differentiate between “I’ve reviewed this issue” and “I haven’t reviewed this issue yet”.

Screenshot showing how you can review/approve Issues and Content Blocks before including them in pentest reports.

You can use the new QA view to look at your “Ready for review” Issues and Content Blocks and review them before including them in reports.

Dradis v4.8.0 has a Quality Assurance feature to approve Issues and Content Blocks before reporting

Then, on the Export page, the default is to export just the Published records. But, you can also export All if that makes more sense for your team’s workflow.

Dradis Pro Export Manager Screenshot

Custom Tag Management

v4.7

Previously, you could create custom tags by editing the XML of the project template directly. That’s still an option if you happen to enjoy dealing with XML. Otherwise, you can now use the UI for that whole process. There’s even a color picker so that you can get just the right shade for your custom tags.

Screenshot of Custom Tag Management
 in Dradis Pro

From the project level, you can also manage your tags and create, edit, or delete them as needed:

Screenshot of tags management overview

Improved admin and support features

Archiving projects – rather than moving them into the trash

v4.10

Previously, we had active projects or projects in the Trash and nothing in between. You asked for another way to organize projects and we delivered! Now, you can archive projects as well. Archiving a project does not delete a project, but leaves it in the Archive tab of the Projects view. This way you can maintain an uncluttered view of active projects without needing to send inactive projects to the trash.

Screenshot of managing and archiving projects

Opt-in Usage Analytics

v4.7

Before v4.7, we had no way to receive usage data from your instance other than a ping to our licensing server when you first activate the instance. In v4.7, we have rolled out optional usage analytics that you can share with us. Yes, optional!

For full transparency, you can see exactly what you would be sending to us in the event log. It’s all anonymized data like “someone exported a Word report” or “someone logged in as a contributor” that is designed to help us understand how teams are using Dradis and should not reveal anything sensitive, not even your email address.

Opt in usage analytics screenshot

Of course, you can always opt out of sharing this data with us if you prefer. We’re excited to have a bit more information about how you’re currently using Dradis so that we can make the product even better for everyone in the future.

Tester Administration

v4.8

We’ve also added better in-app tester administration. If a user gets locked out of their account with too many incorrect login attempts, Admin users will now be able to unlock their account with 1 click.

Screenshot of Dradis pro admin manager

v4.11 – the latest release

We’ve continued releasing updates in 2024, here’s an overview of our latest release:

  • Improved version history
  • Fixed liquid dynamic content preview in the editor
  • Fixed export crashing with links with trailing special character
  • Fixed link formatting for hyperlinks in inline code blocks

Check out the full release notes.

Not using Dradis Pro?

New in Dradis Pro v4.11

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Bug Fixes

Dradis v4.11.0 is full of bug fixes and technical updates. You may not see brand new features or changes to the UI but we fixed many, many different things behind the scenes. We also updated some behind-the-scenes aspects like the rails version.

Improved version history

We’ve improved the version history and the way that it displays. Previously, the entire line/paragraph would be marked as changed, even if a single word was changed. Check out the new and improved version!

Fixed liquid dynamic content preview in the editor

We’ve also improved the way that Liquid Dynamic Content previews in the editor

Fixed export crashing with links with trailing special character

Previously, exports would crash if you included a link with a trailing special character. No more!

Fixed link formatting for hyperlinks in inline code blocks

We’ve also fixed the formatting of links inside code blocks so that they appear in the report exactly how you’d expect them to appear.

Release Notes

  • Assets: Add importmap-rails to handle js libraries
  • Liquid: Add LiquidAssignsService
  • nginx: Add HTTP/2 support
  • Revision history: Improve version history for content with carriage return
  • Tylium: Show liquid content in editor preview
  • Web-server: Replace unicorn with puma in production
  • Validation: Display attachment validator errors when viewing/editing a record
  • Flash alert: Allow the ‘license about to expire’ alert to be dismissed for the session
  • Upgraded gems:
    • rails, resque-scheduler
  • Bug fixes:
    • Code blocks: Remove extra padding and background for code elements outside of projects
    • Contributors: Expire one time token after login
    • Evidence: Prevent loading old Evidence template content at the Issue level
    • Methodologies: validate presence of content
  • Integration enhancements:
    • Authentication Integrations: Use the AuthenticationStrategies class for Rails 7 support
    • Burp: Fix compatibility with nokogiri >= 1.15
    • Nexpose:
      • Add port/protocol to evidences
      • Use the details in <os> as the OS node property
      • Import `vulnerability.risk_score` as a new Issue field
      • Allow multiple evidence with the same test id & node address
    • Qualys: Add support for the output for Qualys WAS API 3.13 and later
  • Reporting enhancements:
    • Word:
      • Fix export crashing with links with trailing special characters
      • Skip link formatting for hyperlinks in inline code blocks
  • Security Fixes:
    • Low: Authenticated (author) information disclosure
      • After a user has been removed from a project, they may still get notifications for Issues they were subscribed to, resulting in the disclosure of Issue titles.
    • Low: Information Disclosure in the Output Console of Upload Manager

Not using Dradis Pro?

New in Dradis Pro v4.10

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Validate your projects before your export

How many times have you gone to export a report and realized later that there was an error that the validator caught, you just didn’t validate first? Now, the validation is built into the exporter so that you’ll always get a heads-up about possible problems and can fix them before exporting the report. In the case of false positive validator warnings, you’ll have the option to bypass the errors and continue with the export.

If there are no validation errors, the export will proceed with no extra clicks necessary!

Mappings Manager for Azure DevOps and Jira

What was previously the Plugin Manager is now the Mappings Manager as we’ve extended the functionality to Azure DevOps and Jira. You told us that you usually have a pattern for the data that you send to these external tools. For example, you’d want a specific set of fields from your Dradis issue to go into your Jira card’s description.

The Mappings Manager allows you to configure that mapping so that the next time you send an Issue to Azure DevOps or Jira, the editor will pre-populate with the data from your Issue in the exact format you specified. You’ll still have the ability to edit it before sending the Issue to Azure DevOps or Jira if needed.

Archiving projects

Previously, we had active projects or projects in the Trash and nothing in between. You asked for another way to organize projects and we delivered! Now, you can archive projects as well. Archiving a project does not delete a project, but leaves it in the Archive tab of the Projects view. This way you can maintain an uncluttered view of active projects without needing to send inactive projects to the trash.

New Methodologies REST API endpoint

You can now access Methodology data including Boards, Lists, and Cards via the REST API.

Release Notes

  • Report Template Properties: Add fields with “String” type by default
  • Tylium: Consolidate sidebars
  • Integration Manager:
    • Add error handling for enabling/disabling and installing incompatible files
    • Add the HTML Exporter to the Tools Manager
  • Plugin Manager: Add support for Liquid content in templates
  • Users: Add support for longer TLDs in user emails
  • Projects: Allow archiving of projects
  • Upgraded gems:
    • font-awesome-sass, nokogiri, puma, rails, sanitize, selenium-webdriver
  • Bug fixes:
    • Activity Feed:
    • Correctly render icons for each activity in the feed
    • Export:
    • Prevent exporting reports when the exporter doesn’t have any templates
    • Exclude blank and n/a values from range filters
    • QA: Enable @mentions and formatting toolbar for comments in QA show views
  • Integration enhancements:
    • Azure DevOps: Implement Mappings Manager for Azure DevOps
    • HTML Export
    • Add to the Tools Manager
    • Fix default templates
    • Prevent exporting reports without any HTML templates
    • JIRA
    • Add support for Liquid when sending issues to JIRA
    • Implement Mappings Manager for JIRA
    • Implement ticket assignment when sending issues to JIRA
    • Fix Author authorization when sending an issue to JIRA
    • Send attachments included in an issue to JIRA
    • WPScan: Import “version” findings with status: outdated
  • Reporting enhancements:
    • Word: Validate project before export
  • REST/JSON API enhancements:
    • Boards, Lists, Cards: add initial implementation
  • Security Fixes:
    • Medium: Authenticated (author) broken access control: read access to system files

Not using Dradis Pro?

Dradis v4.8.0 has a Quality Assurance feature to approve Issues and Content Blocks before reporting

New in Dradis Pro v4.9

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Liquid Dynamic Content in Word and HTML reports

We have already supported Liquid content in Dradis Gateway templates for a while – now we are bringing Liquid Dynamic Content to Word and HTML reports as well.

Want to refer to document properties like dradis.client inside a ContentBlock? Want to show the count of evidence inside the text of an Issue? Want to use conditionals like “If this property is in Spanish, export this issue in Spanish instead of English”? Now you can! For example, the following will export into an Issue:

#[Description]#
Global:
{{ project.name }} for {{ team.name }} team
{{document_properties.available_properties}}
 
Tag Name:
{% for tag in issue.tags %} {{ tag.name}} {%endfor%}
 
CVSSv3 score:
{{ issue.fields['CVSSv3.BaseScore'] }}
 
Evidence:
{% for evidence in issue.evidence %} {{ evidence.fields["Label"] }} {%endfor%}
 
The {{ issue.title }} issue has {{ issue.evidence.size }} instances of Evidence
 
Evidence count per node:
{% for node in issue.affected %}
{{ node.label}} has {{node.evidence.size}} instances of evidence
{% endfor %}

It would give a result like the following:

Better filters in Word templates

We now have two more filtering options available in Word: Filters with spaces, and filters on Nodes.

Filtering with spaces means you can use double quotes in both field names and filter values. For example, you can filter by "CVSS Base"|(9.0..10.0) or Category|"A1 Injection".

Nodes can be filtered by Node Properties. For example, if you have a Node property for type with values of internal/external, you can filter a Node by type|internal to only see content for internal-type Nodes.

DuoWeb and ServiceNow support in the Integration Manager

We have changed the way our integrations work, so you can now install DuoWeb and ServiceNow right in the Integration Manager. No need to use the command line to install 2FA! You can also configure Duo and ServiceNow, as well as integrations like Azure DevOps, right in the Integration Manager.

Release Notes

  • AccessTokens: allow the storage of per-user encrypted tokens
  • QA: Show state changes in activity feed
  • Sessions: Store :secret_key_base in encrypted configuration file
  • Tylium: Extend support for Liquid Dynamic Content
  • Upgraded gems:
    • bootstrap, popper_js, simple_form
  • Bugs fixes:
    • Issue Library: Prevent rendering navbar over top of the fullscreen editor
    • QA: Redirect to correct view when changing states on QA edit views
    • Users: Force logout for users with locked accounts
  • Integration enhancements:
    • Acunetix: Parse inline code, not just code blocks
    • Burp: Adds strong and code tags parsing
    • CSV: Fix CSV Upload for files with special characters
    • Nessus:
      • Parse code tags as inline code
      • Add plugin_type as an available Issue field
    • Nexpose:
      • Parse inline code, not just code blocks
      • Wrap ciphers in the ssl-weak-message-authentication-code-algorithms finding
    • Qualys: Adds Request/Response Evidence fields for Web Application Scans (WAS)
    • Azure DevOps: Switch authentication from PAT to OAuth2
    • Duo 2FA:
      • Migrate to UI-based configuration
      • Add to Integrations Manager
    • ServiceNow:
      • Migrate to UI-based configuration
      • Add to Integrations Manager
  • Reporting enhancements:
    • Word
      • Add support for filtering nodes by properties
      • Add support for the notextile tag
      • Allow multi-word fields/values in the content control filters with double quotes
      • Extend support for liquid dynamic content in Word reports
      • Warn of missing blank lines around a screenshot only when it’s not the first or last item in a field

Not using Dradis Pro?

Dradis v4.8.0 has a Quality Assurance feature to approve Issues and Content Blocks before reporting

New in Dradis Pro v4.8

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Quality Assurance

Review/approve Issues and Content Blocks before including them in reports.

The goal here was to give you a way to differentiate between “I’ve reviewed this issue” and “I haven’t reviewed this issue yet”.

You can use the new QA view to look at your “Ready for review” Issues and Content Blocks and review them before including them in reports.

Then, on the Export page, the default is to export just the Published records. But, you can also export All if that makes more sense for your team’s workflow.

Tester Administration

We’ve also added better in-app tester administration. If a user gets locked out of their account with too many incorrect login attempts, Admin users will now be able to unlock their account with 1 click.

Release Notes

  • Quality Assurance: Review/approve Issues and Content Blocks before including them in reports
  • Tester Administration: Add unlock button to UI for locked Testers
  • Integration enhancements:
    • JIRA: Add support for Jira Data Center v8.4+
  • Upgraded gems:
    • rack, rails, time
  • Bug fixes:
    • Kits: Enable import of kit with no project template
  • Security Fixes:
    • Medium: Authenticated (author) persistent cross-site scripting

Not using Dradis Pro?

New in Dradis Pro v4.7

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Inline Code Support

We already supported code blocks, but now, you can use @ symbols to create in-line code inside of your Dradis project:

When you export this to a Word report that has a custom InlineCode character style, you’ll get that code styled automatically:

Custom Tag Management

Previously, you could create custom tags by editing the XML of the project template directly. That’s still an option if you happen to enjoy dealing with XML. Otherwise, you can now use the UI for that whole process. There’s even a color picker so that you can get just the right shade for your custom tags.

From the project level, you can also manage your tags and create, edit, or delete them as needed:

Opt-in Usage Analytics

Prior to v4.7, we had no way to receive usage data from your instance other than a ping to our licensing server when you first activate the instance. In v4.7, we have rolled out optional usage analytics that you can share with us. Yes, optional!

For full transparency, you can see exactly what you would be sending to us in the event log. It’s all anonymized data like “someone exported a Word report” or “someone logged in as a contributor” that is designed to help us understand how teams are using Dradis and should not reveal anything sensitive, not even your email address.

Of course, you can always opt out of sharing this data with us if you prefer. We’re excited to have a bit more information about how you’re currently using Dradis so that we can make the product even better for everyone in the future.

Release Notes

  • Configurations: Add usage tracking and sharing
  • Content Blocks:
    • Add auto-caching
    • Add image upload button to source view toolbar
  • Issues: Display the results from importers in a Datatable
  • Rubocop CI:
    • disable EnforcedShorthandSyntax rule under Style/HashSyntax cop
  • Tylium:
    • Add breadcrumbs to Revision History view
    • Add secondary sidebar toggling functionality
    • Remove Recent Activity tabs and add View History link to the dots menu
    • Tags: Add tag management
  • Nginx:
    • Remove support for TLSv1.0 and TLSv1.1
    • Add support for TLSv1.3
  • Integration enhancements:
    • Burp: Add support for large base64 response
    • Nessus: Clean up code tags in description fields
    • Netsparker: Add issue.classification_owasp2021 as a new avaiable field
    • JIRA: Fix configurations page requiring JIRA token
    • Remediation Tracker
    • Add a sidebar with a back link and info pane for contributors
    • Hide ticket actions from other addons for contributors
    • SAML: Fix assets on login for some providers
  • Upgraded gems:
    • nokogiri, rails, rails-html-sanitizer, sanitize, sinatra
  • Bug fixes:
    • Business Intelligence: Prevent tracking of discarded projects/teams in dashboard
    • Issues: Prevent multiple action cable subscriptions when going back to the issues table
    • Project: Pre-select the project template when project creation fails
    • Methodologies: Ensure params are validated when moving list/card
    • Issuelib: Avoid partial matches being found when importing tool output
  • Reporting enhancements:
    • Word:
      • Add support for inline code
      • Ignore character properties inside Code paragraphs
      • Use ‘DradisData’ as sheet name for embedded chars
  • REST/JSON API enhancements:
    • Author: Add author field for content blocks, notes, issues, and evidence

Not using Dradis Pro?

New in Dradis Pro v4.6

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Integration and Tool Manager

Now you can install and upgrade integrations (such as DuoWeb and Jira) and tools (such as the Gateway and the Remediation Tracker) directly in the Dradis application – no need to use ssh or the command line! Simply browse to the Integration and Tool Manager in Dradis v4.6, Get the tool, and then Enable it. Then you should be good to go!

Instance Dashboard

Want a better overview of what is going on in your Dradis instance after login? The new Instance Dashboard gives you an at-a-glance overview of Projects, Tickets, and Tasks assigned to you; a list of the newest unread notifications; and and overview of what’s new in the latest version of Dradis.

As a new feature, please do let us know if there are other things you would like to see or change on the instance dashboard once you start using it.

Permanently delete items in Trash

As of v4.2 of Dradis, you could soft-delete projects and teams so they end up in an Instance Trash. However, to permanently delete items in trash, you needed to use the command line. Not anymore! Now you can permanently delete items in Trash straight from the UI.

New Kits

We have long had a few templates and kits available for download at the Dradis Users Portal. We have overhauled some of these kits and made them available directly from the Dradis UI. Simply go to Templates –> Kit Upload, and either upload a kit file as you normally would, or click the Upload button under your preferred preinstalled testing kit.

Release Notes

  • Dashboard: See active projects, notifications, assignments, and what’s new in one view
  • Integration and Tool Manager: Add UI for installing and managing integrations
  • Kits:
    • Add selection of kits to choose from
    • Enable import of kit with no templates
  • Mintcreek: Adjust element contrast ratios to be WCAG 2.1 compliant
  • Navbar:
    • Split the Addons menu into Integrations and Tools menus
    • Remove inaccessible addon’s menu items for contributors
  • Notes: Remove category selection from form UI
  • Projects: Update active projects empty state
  • Trash: Delete projects and teams permanently
  • Rubocop: lint changed files since previous commit
  • Upgraded gems:
    • nokogiri
  • Bugs fixes:
    • Comments: Align comment header content in Safari
    • Content Blocks: Fix revision history links
  • New integrations:
    • Core Impact
    • Veracode
  • Integration enhancements:
    • Implement enable/disable feature for Gateway, JIRA, Remediation Tracker, Scheduler, and VSTS
    • JIRA:
      • Add view for editing configuration
      • Hide link in addons menu for contributors
    • VSTS:
      • Add view for editing configuration
      • Issues: add WorkItem Status and Comment feed
  • REST/JSON API: new v2 released
    • Projects: undiscard and permanently delete from trash.
    • Teams:
      • Undiscard and permanently delete from trash.
      • Deprecate the “/clients” endpoint, use “/teams”
      • Deprecate the “client_since” attribute, use “team_since”

Not using Dradis Pro?