Invicti Enterprise On-Demand 12 Aug 2021
This update includes changes to Internal Agents.
- Added DefectDojo Integration.
- Added support for editing built-in sections of custom report policies.
- Added Pre-Request Script feature which helps to configure HMAC Authentication on the New Scan page.
- Added DITA STIG, NIST SP 800-53, and ASVS 4.0 Compliance Reports
- Added a new State filter on the Issues page.
- Added an option to fail Azure build for only confirmed vulnerabilities.
- Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
- Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
- Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
- Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
- Extended the range of digits that can be entered for HOTP and TOTP configuration.
- Improved global dashboard performance.
- Changed the error message for members/update API endpoint for password POST requests.
- Added a control in the UserRoleWebsiteGroupMapping API endpoint to prevent null object reference exceptions.
- Removed X-Scanner request header from the default scan policies to prevent web application firewalls from blocking scans.
- Fixed an error preventing NIST, DISA STIG, and ASVS classifications from appearing in the Issue details.
- Fixed an unhandled error that occurs while deleting scans.
- Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
- Fixed scheduled website group scans that do not use primary scan policies.
- Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
- Fixed the incorrect API documentation of roles/listpermissions endpoint.
- Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
- Fixed missing state field on the member API endpoint.
- Fixed the 500 Internal Server Error message for a query string to a non-existent page.
- [INTERNAL AGENT] Fixed an issue where a scan policy name containing invalid filename characters was causing scans to fail.
- [INTERNAL AGENT] Fixed several scan failure issues caused by an error that occurred while trying to open the vulnerability database.
- [INTERNAL AGENT] Fixed agent attempting to use proxy even after settings are changed.
- [INTERNAL AGENT] Fixed an unhandled error thrown while archiving the scan data.
- [INTERNAL AGENT] Added NoProxy option to internal agents.