Invicti Enterprise On-Premises 13 Sep 2019


  • Added support for using internal agents along with AWS cloud integration (On-Premises only)
  • Added out of the box Issue tracking integration for Redmine, Bugzilla and Kafka
  • Added support for bulk operations on the Recent Scans page. It’s now easier to cancel, pause, or delete multiple scans at the same time.
  • Added new API endpoints for managing agents
  • Added an option to change the Technical Contact for each website in a group in the Edit Website Group page
  • Added support for exporting data on Activity Logs and Manage Team pages
  • Added the ability to convert a completed scan into a Scheduled Scan
  • Upgraded the Invicti scanning engine to v5.3-hf7(


  • Added a new security engine named Malware Analyzer which detects any web malware injected into websites (Scanner Agent’s operation system should be Windows Server 2016 or above)


  • Improved support for scenarios where OAuth2 is used in conjunction with Basic Authentication
  • Improved the status text displayed for delayed scans
  • Set the account owner’s Data and Time Format as the default for new team members
  • Added Scan Owner information to various scan reports and API endpoints
  • Improved the response message for the /scans/delete API endpoint
  • Added all issue content to the /issues/allissues API endpoint
  • Added a Mark all as Read option for notifications that are shown inside the application on the Application Notifications page
  • Added Technical Contact information to files exported from the Websites page
  • Added Vulnerability Severity Level for the selected issue in the Technical Report
  • Upgraded Bootstrap, jQuery and Knockout.js dependencies to the latest versions
  • Added Create Invitation (team member invitations) into the Activity Log
  • Improved the API docs by adding sample values for request and response messages
  • Added support for filtering by Target URL to the /scans/listbywebsite API endpoint
  • Added a Clone option to the Scheduled Scans page


  • Fixed a bug where agents were sometimes hanging after failed API requests
  • Fixed an issue where the Technical Contact was not displayed for non-Admin users on the New Website page
  • Fixed an issue where an incorrect error message was shown during the configuration of a Scheduled Scan
  • Fixed a problem on the JIRA webhook where the JSON could not be serialized as expected
  • Fixed an issue where a Scan Policy could not be used on a scanner agent if it had a long name
  • Fixed a bug where the Authentication Verifier was sometimes hanging if an internal exception was thrown (On-Premises only)
  • Fixed the default value for the Agent Data Path setting (On-Premises only)
  • Fixed a bug where two-way Jira integration was not working as expected in retest scenarios
  • Fixed an issue where a cancelled PCI scan could not be deleted
  • Fixed an issue where a web application could not connect to a newly-created SQL Server database immediately (On-Premises only)
  • Fixed a bug where scans launched via JIRA integration were sometimes not starting with the configured Scan Policy
  • Fixed an issue where the temporary Scan Policy file was not deleted on scan completion on the scanner Agent

Known Issues

  • Automatic updates may fail for the On-Premises scanner Agents with an error message in the Agent’s log: ‘Agent couldn’t find AgentAutoUpdater.exe’. To resolve this issue, first upgrade Invicti Enterprise Web Application and copy the ‘[Web App Installation Folder]App_DataAgentsAgentAutoUpdater.exe’ file to the folder where the target Agent is installed. If you need further help, please contact