We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal  
Business Hall – Arsenal Station 3
📅 April 3, 10:05am-11:20am

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

Project Soft-Delete and Instance Level Trash

Previously, once you deleted a project or a team, it was gone forever! We have now added soft-delete and an instance-level trash. So, if you delete a project or team, you can find it in your instance’s Trash, and you can recover it from there.

Choose Which Fields to Display by Default in Projects

In recent versions of Dradis, new projects will display all fields for Issues and Evidence in their respective tables by default. This can lead to a cluttered view. You can update which columns to display, but this is stored on a per-project basis. Now, you can select which Issue and Evidence fields to display by default in the Report Template Properties for your project’s associated report template in Templates –> Reports. Simply switch the toggle to “Show” to whichever fields you want to display by default, and that will apply instance-wide from then on. Of course, if you have project-specific preferences, or if you have multiple people working on the same project but with different preferences of which columns to display, each user can still manually set their preferences on a per-project basis as before.

Improved Evidence Creation from the Issue Level

Dradis lets you add Evidence directly from Issues by going to the Evidence tab of an Issue and hitting the “+ New Evidence” button. Previously that only allowed you to add a blank piece of Evidence or adding a Note template with no customised content. Now, you can customise the content right in the “Add New Evidence” form and choose where to put it, including in new nested Nodes.

Release Notes

• Editor: Support fields with the same name in the Fields View
• Increased table loading performance on Issues, Evidence, and Notes for projects with a lot of issues, evidence, or notes
• Issues:
  • Display evidence in a table
  • Load evidence tab content asynchronously
  • Multi-delete evidence at the issue level
  • Update evidence content while creating evidence records at the issue-level
• Notifications Navbar Dropdown:
  • Improve font-sizes
  • Wrap long notifications links
• Projects:
  • Generate default report content when updating the report template
  • Truncate long team name badges in active project cards
• Report Templates: Add Show option to display certain evidence and issue fields by default in tables
• Trash: Allow projects and teams to be soft deleted
• Tylium:
  • Import CSS manifests from addons
  • Move ‘…’ (more actions) menu closer to the content affected by the actions of the menu
  • Move the ‘Edit’ action out of the ‘…’ (more actions) menu for issues, evidence, notes, etc.
  • Remove extra left padding from the first line of content in a code block
  • Remove height restriction from code blocks
  • Simplify issues table columns
  • Updates focus state outline color
• Upgraded gems:
  • mini_racer, puma, rails
• Bug fixes:
  • Comments: Show sticky toolbar when adding long comments
  • Issues: Send To menu updates when new plugins are installed
  • Fixes background services from not restarting after upgrades
  • Liquid drops: Allow author collection to be called in ProjectDrop
  • Methodology: Fix misformatted cards when saving a methodology as a template
  • Redirect back to issue when updating evidence from the issue level
  • Rules Engine: Allow authors with “update” permission to sort rules
  • Tables: Prevent the select all button from selecting filtered out rows when a filter is been applied
  • Subscriptions: Fixed a caching issue preventing users from subscribing or unsubscribing after the first cache was stored
• Integration enhancements:
  • Dradis Projects:
    • Fixes missing parent nodes during template and package imports
    • Fixes missing nodes for attachments during template and package imports
  • Gateway:
    • Bug fixes:
      • Fixes ‘authors’ call for the atlantia theme
      • Fixes missing attachments crashing Gateway
      • Select a default pane when Authors edit a Gateway project instead of loading a mostly blank screen
  • Nexpose:
    • Add the Hostname Node property from the name rather than site-name tag
  • Nipper:
    • Add Nipperv1 fields to issues
  • PDF Export:
    • Add Thor task for console export
    • Add view hook for Export#index
  • Qualys:
    • Add ‘element.qualys_collection’ as issue field
    • Add Qualys Web Application Scanner (WAS) support
  • Remediation Tracker:
    • Bug fixes: Hide the tickets’ “edit” and “delete” buttons for unauthorized users
  • SAML:
    • Add PingIdentity support
    • Add SAML logo to Log in button
    • Increases log verbosity on errors
  • Scheduler
    • No longers shows disabled projects in the calendar
  • VSTS:
    • Format issue content when sending to VSTS
• REST/JSON API enhancements:
  • Projects/Teams:
    • Discard Projects through the DELETE endpoint
    • Hide discarded projects/teams from endpoints
• Security Fixes:
  • Low: Authenticated author broken access control: read access to screenshots

Not using Dradis Pro?

We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal  
Business Hall – Arsenal Station 3
📅 April 3, 10:05am-11:20am

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

Move Evidence

Previously, you could only move Notes from one Node to another. Now, we’ve extended this behavior to Evidence as well. Have an instance of Evidence that actually belongs to a different Node? Just open the instance of Evidence, click Move (it’s in the 3 dots icon in the top right of the screen) and move it to the correct Node. That’s it!

Download Report Templates

Do you need to make a report template update or send us a copy of the report template? What happens if you didn’t create the report template to begin with or the template is old enough that you don’t even know where your local copy could be hiding? Previously, SCP was your only option to download a copy of a report template on your instance. Now, just head to Templates > Reports in the header and click the download button next to any report template to get your own local copy.

IssueLibrary Templates + Comments

IssueLibrary entries are great! But, creating them from scratch can be a pain without a format to work with. Now, when you create your IssueLibrary entries, you can select a Note template. No more blank page paralysis or trying to remember whether that field is called “Recommendation” or “Recommendations”, you can select your Issue template and just populate it with the data that you need.

Then, once your IssueLibrary entries are created, you can use comments to have a conversation with the rest of your team. Ask questions, offer suggestions, or just leave celebratory emoji comments! 🎉

Release Notes

• Contributors:
  • Create a new Team (optionally) when creating a new Contributor
• Editor:
  • Insert an appropriate single or multiline tag for blockquotes and code blocks
  • Limit the content height for easier access to the Create/Update button
  • Quote text from comments and resource content (cards, evidence, issues, notes, etc)
• Evidence:
  • Create a new issue (optionally) when creating new evidence
  • Move evidence across nodes
• Liquid drops:
  • Add available_properties method to DocumentProperties drop
• Projects:
  • Sort templates by title in project form
• Project Validation:
  • Add missing attachments validation for Textile screenshots
• Report templates:
  • Add functionality to download templates
• Report Template Properties validation
  • Disable bulk validation in Issues and Evidence tables if the “Validation” column is hidden
  • Move bulk validation in Issues and Evidence tables to a background job
• Tables:
  • Add selector to change the number of records displayed
• Tylium:
  • Import CSS manifests from addons
  • Remove height restriction from code blocks
• Upgraded gems:
  • brakeman, nokogiri, puma, rails
• Bugs fixes:
  • Account Lockout:
    • Send password reset instructions on account lockout
  • Conflict resolver
    • Apply the correct warning when a conflict happens on edit
  • Custom Properties:
    • Remove Custom project properties header in team show
  • Document Properties
    • Allow document properties to have a value and be nested at the same time.
  • Methodologies:
    • Ensure boards don’t nest when the instance has been inactive
  • Nodes:
    • Remove extra HTML tag causing the methodology tab to break after a board is added
  • Tables
    • Prevent columns state from resetting
• Integration enhancements:
  • CVSS Calculator:
    • Settings: show/hide the calculator in the Issues view
    • Toggle between CVSSv3.0 and CVSSv3.1
  • Dread Calculator:
    • Settings: show/hide the calculator in the Issues view
  • Gateway
    • Deliverables:
      • Allow macro enabled word and excel filetypes
      • Allow the CSV filetype
    • Projects:
      • Add “Created” and “Updated” columns to the Gateway projects table
      • Show theme versions when selecting a project theme
    • Themes:
      • Atlantia:
        • Check for the existence of document properties before rendering the value
        • Remove newlines from issue titles
        • Show untagged issues
        • Wrap text in code blocks
    • Bug fixes:
      • Allow Authors to enable their own projects for Gateway
  • Issue Library:
    • Add comments to entries
    • Add subscriptions to entries
    • Create entry from note templates
    • Notify users of updates
  • Jira:
    • Bugs fixes:
      • Issue form: Prevent app from crashing when submitting without project or issue type
  • Nessus:
    • Add product_coverage & cvss3_impact_score as available Issue fields
  • Nexpose:
    • Update HTML tag cleanup to better cover UnorderedList and URLLink tags in the solution field
  • Qualys:
    • Add dd, dt support
    • Remove orphaned b tags
  • Remediation Tracker: Tickets: Create new categories and states (optionally) when creating new tickets
• Reporting enhancements:
  • Word:
    • Adds EvidenceCounter controls support to not nested in an Issue controls
    • Fixes exporting with missing attachments
    • Fixes invalid predicate error by escaping control characters in XML attributes
    • Fixes links inside inline controls
    • Fixes numeric values for non-range filters
    • Fixes “frozen string” error when exporting nodes without a services table
    • Move image captions to their own paragraph
• Security Fixes:
  • High: Authenticated author broken access control: read access to issue content

Not using Dradis Pro?

We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal  
Business Hall – Arsenal Station 3
📅 April 3, 10:05am-11:20am

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

Gateway Themes

One of the biggest changes in Dradis Pro v.4.0 is the move from a single HTML Gateway template to Liquid themes. Create a dynamic, info packed, theme to deliver assessment results dynamically in Gateway using Liquid. Multiple Gateway themes means each project can use a different theme that’s appropriate to the engagement. Two new Gateway themes are included with Dradis Pro v4.0 to get you started.

Liquid has a well supported and documented history for creating robust templates. This will make it easier for teams to create and support their own well organized, customized templates.

Are you currently using a customized Gateway HTML template? Reach out to our team with your existing template so we can help convert it to Liquid before you upgrade any production instances.

Downloadable Assets

In addition to reviewing the results of an assessment dynamically in Gateway, contributing users can securely download assets that have been added to their project. Deliver final reports, scope documents, and other assets directly from Gateway keeping everyone out of their inboxes and project details centralized.

Simple Team Setup

Getting started using Dradis Pro is simple. Once deployed to your environment, the super-admin for the instance is created during the first run and can quickly set up the rest of the team through this new guided walk-through.

Maximum Login Attempts

Configure the number of maximum login attempts to help prevent brute-force attacks on your Dradis instance. The default is set to 3 attempts before the account is locked. Admins can increase or decrease the number of attempts to align with their team’s policies.

Release Notes

• Projects:
  • Cleanup the New/Edit view
  • Create and remove the results portal from the Edit view
  • Dashboard: Add Default issue entry to menu when project is empty
  • If there is only one RTP, select it by default
• Setup: new initial Team and User wizard
• Teams: cleanup the New/Edit view
• Users: account gets locked after too many failed sign in attempts
• Upgraded gems: addressable, nokogiri, papertrail, puma
• Bugs fixed:
  • Better support for characters inside textile linked text
  • Display placeholder text for issue sorting dropdown when no field has been selected to remove confusion about default options that are not yet applied
  • Fix issue library entries action buttons not appearing due to caching
  • Fix revisions with “destroy” event not removed from the database after deleting a project
• Integration enhancements:
  • Acunetix:
    • Add support for Acunetix 360
    • Make Request and Response fields available at the Evidence level
  • Gateway 🍾
    • Moved project contributor assignment to Gateway management
    • Deliverable upload management
      • Your contributors can now download assets directly from your results portal!
    • Themes!
      • Gateway now supports theme management and the ability to apply different themes to different projects
  • IssueLib entries#index API now supports pagination
  • Nessus:
    • Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, and threat_sources_last_28 as available Issue fields
  • Nexpose:
    • Update HTML tag cleanup
  • Nipper:
    • Include multiple paragraphs when importing fields.
  • Remediation Tracker
    • Use Datatables for the Tickets#index table
• Reporting enhancements:
  • Word:
    • Add support for template syntax within resources exported in Word reports
    • Fix exporting node labels with links
• REST/JSON API enhancements:
  • Update the API to handle pagination
• Security Fixes:
  • Medium: Authenticated (contributor) information disclosure
    • After a contributor was assigned Gateway access to a project by an admin user they may retain access to the project after the projects team has been changed.

Not using Dradis Pro?

We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal  
Business Hall – Arsenal Station 3
📅 April 3, 10:05am-11:20am

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

JIRA Sync

Details added to JIRA tickets will now sync back to Dradis Issues and Remediation Tracker tickets making it easier to keep all of the project details together to speed up remediation tasks.

Ruby 2.7.2 and Rails 6.1.1

Sometimes we have to roll up our sleeves and take care of the less flashy bits of development. In this version, it was due time to update Ruby, Rails, and a handful of other gems. There won’t be a noticeable difference on your side but this sets up the team to make future improvements.

Improved Caching

When the projects listing or Issue Library contained thousands of entries, it became slow to load and in some cases wouldn’t load at all. This update improves caching to make it much faster to load those long lists.

Release Notes

• Upgraded DradisPro to run on Ruby 2.7.2 and Rails 6.1.1
• Add view hooks for the export view
• Increase secondary sidebar width for medium viewports
• Projects page: Add caching to speed up slow loading when thousands of projects are present
• Upgraded gems: bundler, papertrail, rails
• Bugs fixed:
  • Correct position of sticky editor toolbar in fullscreen source view
• Integration enhancements:
  • Integrate JIRA ticket/status details into Remediation Tracker
  • IssueLib: Add caching to speed up the issuelib table when thousands of entries are present
  • Add remote JIRA Comments to Issues#show and Tickets#show
• Security Fixes:
  • Medium: Authenticated (admin) persistent cross-site scripting in Business Intelligence Custom Properties search

Not using Dradis Pro on your team?

We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal  
Business Hall – Arsenal Station 3
📅 April 3, 10:05am-11:20am

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

User on, User off

Users can be toggled between disabled and re-enabled. Disabled users cannot access the app, aren’t available to mention in comments, and will not receive notifications. Content from disabled users won’t be deleted and they will need to be re-enabled before modifying any permissions.

Word Report Export Tune-Up

Bunches of things happen under the hood in Dradis when you are kicked back waiting for the magic to happen to generate a Word report. Some of those inner workings got a tune-up to get Dradis in a better position for future improvements in this version. Imagine how excited we were when we saw some small performance gains as a byproduct of this refactor!

Fancy Output Logs

Export log files are not only fancier looking, but the updated formatting makes them much easier to review. Indents indicate nested items and coloured lines of text are a snap to scan to keep an eye out for any problems and when items finish successfully.

Change Project Owner

“Change is inevitable” and now, you can change project owners in Dradis. Project owners can be updated in both the web app on the “People on the Project” and through a new API endpoint.

Release Notes

• Disabled users enhancement
  • Allow admins to disable and re-enable users and contributors
  • Removed disabled users from comment mentions list
  • Stop disabled users from receiving notifications
• Main sidebar improvements:
  • Labels added under icons
  • Removed animations and transitions while expanding and collapsing
• Migrate bootstrap to v4
• Navbar dropdown menu’s are no longer locked to the right side of the browser
• New item menu in sidebar: isolate Default entry (from template) with a divider
• Update logo assets
• Project owners can now be updated
• Bugs fixed:
  • Christmas easter egg Santa hat blocking clicks on input element plugins
  • Rules Engine: make sure tag auto-complete works on page render
• New integrations:
  • dradis-nipper
• Integration enhancements:
  • Allow viewable image attachments for Gateway contributors
  • IssueLib: ability to seed with the starter set
• Reporting enhancements:
  • Performance:
    • Re-work Word export processing top to bottom
    • Faster hyperlink processing
    • Faster numbering processing
    • Faster screenshot processing
  • Remove unused nested content controls from all resource types (issues, content blocks, evidence etc.)
  • Introducing the new and improved servicesEntries and ServicesTable content controls with full support for filtering and sorting
    • When nested inside a Node control you can get direct access to Services attributes with a servicesEntries control, and child attribute controls eg. Protocol, State, Port, etc.
    • The existing services control that produces pre-formatted table-based data can now be labeled ServicesTable in your template
  • Enhance report export log in both the CLI, and Web Console
    • Indented log lines to enhance readability and make it simple to follow nested processing. ex. Evidence within a Node.
    • Colors! Make use of colours to show
      • Green: when processing is successful
      • Yellow: when filters filter out all resources
      • Red: when something bad happens like a control has no placeholder
• REST/JSON API enhancements:
  • Add new endpoint to update project owner