Invicti Enterprise On-Premises 25 Jun 2021 v2.0.2

NEW FEATURES

  • Added GitHub Actions CI/CD integration.
  • Added Authentication Profiles feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure.
  • Added UrbanCode Deploy
  • Added Azure Pipeline Extensions
  • Added the ability to tag issues
  • Added a new Scope option for Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website.
  • Added State filter to notifications which you can use issue states like Fixed, Revived, New, etc. as filtering options.
  • Added Choose Scan Profile while scheduling from API
  • Added support for TLS 1.3 protocol

IMPROVEMENTS

  • Removed the scan report selection from notification events that do not produce any reports.
  • Added account-based option to display authentication credentials on API responses.
  • Improved time zone calculations to handle new time zones.
  • Improved configuration validation error messages for Privileged Access Management integrations.
  • Added an option to specify a scan profile while scheduling scans through API.
  • Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
  • Added support for 11 digit phone numbers while inviting a new member.
  • Added a field to specify the user’s Single Sign-On email address while creating a new team member using the API.
  • Improved configuration options for Jenkins.
  • Added the option to fail Jenkins build for only confirmed vulnerabilities
  • The login process redirects the Single Sign-On users to their providers
  • Added NIST, DISA STIG, and ASVS classifications to Report Policy
  • Added support for importing links from multiple RAML files from a ZIP file (include directive support).
  • Improved Azure AD Single Sign-On in-app help text.
  • Removed the Current Password field for admin users (logged in with Single Sign-On) while editing a member.
  • Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.
  • Improved role assignment for website groups while inviting new members
  • Added IgnoreSslCertificateErrors option to Docker agent.
  • Improved GitLab CI/CD script failure conditions.

FIXES

  • Adding a title to the API field in the edit team member page
  • Fixed an issue that occurs with updating scan profile
  • Fixed an issue with Imported Links getting updated to Null while using Update ScanProfiles API
  • Fixed the validation problem
  • Fixed some bugs for the Sitemap
  • Fixed an issue that getting an error which caused by connection problem with authentication verification hub on scheduled scan
  • Fixed the problem of not being able to delete the scan with a profile
  • Fixed the forgot password issue for Single Sign-On
  • Fixed an issue where the Launch button does not get enabled on the New Scan page after you enable the IAST scanning and download the sensor files.
  • Fixed an issue where a notification that is sent to an external email address was not displayed on the audit logs.
  • Fixed an issue where starting a PCI scan via using API could not start the scan.
  • Fixed an issue where a new notification created via API does not add the specified integration(s) to the new notification.
  • Fixed an issue where a team member was not created in API if the auto-generated password is enabled.
  • Fixed an issue where the custom value of FormAuthPageLoadTimeout was being overridden by its default value.
  • Fixed validation error messages on the Email Settings page.
  • Fixed some of the swagger API validation errors reported for the REST API
  • Fixed an agent scan stuck issue while archiving
  • Fixed a retest problem where some issues could not be retested
  • Fixed an agent auto-update issue
  • Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail
  • Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification
  • Fixed a mismatching type issue on /scanprofiles/list API response model
  • Fixed an issue where a failed scan sends an excessive amount of email notifications
  • Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed
  • Fixed agent auto-update issues
  • Fixed an unhandled ArgumentNullException which causes some authenticated scans to fail
  • Fixed an error that occurs while trying to mark an issue as false positive
  • Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles
  • Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced
  • Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running