2025.10.01
Assessment templates and editor
The assessment template editor has been completely redesigned. You can now configure the entire assessment template, including all its sections, in a single form. Sections can be reordered with drag-and-drop, properties can be modified on the spot, and translations can be added directly without leaving the page. All changes are saved at once, making it much easier to maintain templates.
Alongside the new editor, several new assessment templates have been added, and existing ones have been updated. To use them, click the 'Clone default template' button on the Assessment Templates page.
New assessment templates
The following templates are now available:
- OWASP Top 10 for LLM Applications (2025)
- OWASP Top 10 CI/CD Security Risks (2023)
- OWASP Cloud-Native Application Security Top 10 (2022)
- OWASP IoT Top 10 (2018)
Updated templates
The following templates have been updated:
- Microsoft Cloud Security Benchmark (v1 → v2)
- CWE SANS Top 25 (2022 → 2024)
- OWASP Mobile Top 10 (2016 → 2024)
- OWASP API Security Top 10 (2019 → 2023)
Syntax highlighting combined with mark tags
Syntax-highlighted code blocks now also support [mark]
tag highlighting! Previously, [mark]
highlighting only worked in plain code blocks without syntax highlighting. With this update, you can now combine the two, making it easy to call out specific parts of code, HTTP requests and responses, data snippets, and more, without sacrificing readability.
Python API wrapper updated
The Python API wrapper has been updated to include the latest endpoints, making integrations easier to set up and maintain. It is available on PyPI: https://pypi.org/project/securityreporter/. The full details can be found on GitHub: https://github.com/dongit-org/python-reporter.
Improvements
- The tagging feature in the Markdown editor can now be accessed directly from a toolbar button, making it easier to add tags without remembering shortcuts.
- The category name format in checklist tables is now customizable, just like the test case name format.
- The default PDF report filename now includes the client’s name for easier identification and organization.
- The checklist depth limit has been increased to 5, allowing more levels of nesting in checklist templates.
- Findings from previous assessments can now also be imported into the current one via the Add finding dialog.
- The order of severities in report components such as the "finding counts by severity" table, the "findings by severity" chart, and the "findings by severity and status" bar chart can now be reversed.
Bug fixes
- Fixed a bug in the checklist table, where expanding or collapsing one category would sometimes cause a different category to be expanded or collapsed.
- The checklist editor no longer occasionally incorrectly fails validation with a "test case code is duplicate" error message.
- In the PDF report's table of contents, dotted lines now appear after all sections, if that setting is enabled.
- In the online report's table of contents, sections no longer overlap.
- In the PDF report, all URLs now get the correct color.
- In the online report, when inline editing Markdown fields, the assessment language is now used to render the result, instead of the default language.
- When making a new assessment checklist, the IDs and codes now get correctly copied over from the template categories.
- Report generation no longer crashes when a finding has a multiselect custom field where the "Show as a badge" option is set to false, or where specific enums (such as Assessment Status) are used for the values.
- The "Download default SVG backgrounds" button that was removed from the theme editor is now added to the theme index page, under the "Theme" dropdown.
- When editing a task, the description text area now expands to fit its contents.
- If the user tries importing targets using an invalid CSV file, a validation error is now shown.
- The "findings by import status" and "checklist table" components can now also be previewed in the context of an assessment template.
- Report compilation no longer crashes on certain inline code fragments if the report language is not set to English.
- In the API, includes can now again be passed using the "array notation" (
?include[]=assessment&include[]=user
). Due to a bug, only "comma-separated notation" (?include=assessment,user
) would be accepted. - The "list custom fields" endpoint in the API now returns a paginated response, consistent with other "list" endpoints.
- Report pages can now again be included with themes through the API