2023.04.21

Assessment comments

Similar to the existing commenting functionality for findings, you can now post comments regarding the entire assessment to enhance collaboration and communication. Furthermore, comments include events that display assessment status changes and the responsible individual, providing valuable context.

Assessment commenting key features:

• Private comments for researchers
• Replies to threads
• Tasks to reply to client comments
• User tagging with immediate notifications
• Other comments are added to the "this is what you missed on..." mail.

Online Report inline edit

You can now edit findings, sections, and retests directly inside the online report, making it easier than ever to update content quickly.

• The default Researcher and Reviewer roles can now access the online report. For custom roles, we recommend granting access to improve their experience.
• Enjoy a more responsive online report with reduced loading times, thanks to the implementation of caching.
• These changes introduce minor differences between the online and PDF reports, but only for users with report editing permissions. Client views are unaffected.
  • Empty sections now have more spacing to accommodate the edit button.
  • Finding fields, such as Risk, are now displayed even when empty.

Schedule assessments without an end date

• You can now schedule assessments with only a research start date.
• Assessments with only a research start date will appear in the schedule on that specified date.
• This feature is recommended for scheduling recurring (periodic) assessments well in advance.

Refined assessment deletion options

We have reworked the assessment deletion to provide more clarity and control. There are now two types of deletion:

• Soft Deletion: Removes all findings, retests, sections, and sensitive data while retaining metadata such as internal details, research hours, and scheduled dates.
• Hard Deletion: Completely deletes the assessment, excluding the activity log, which retains basic information (e.g., a user created a finding in a deleted assessment).

To enhance usability, we have made the following changes:

• Soft-deleted assessments are now visible in the assessment index for admins only, sorted last.
• Only soft-deleted assessments can be hard-deleted.
• Admins can hard-delete soft-deleted assessments via the assessment dropdown.
• Admins can soft-delete assessments without a client user request from the assessment dropdown (available on the larger assessment page dropdown).
• A new filter for deleted assessments has been added to the assessment index.
• Activity for hard-deleted assessments remains and is labeled with "deleted assessment."

API 

• Activity Retrieval: Activities can now be fetched as includes of assessments and findings for easier access.
• Activity Field Change: The data.finding_title field has been removed from activities. To obtain that information, retrieve the finding as an include. Titles of deleted findings are no longer accessible.
• Webhooks Creation: You can now create webhooks directly through the API for increased flexibility and integration.

Other improvements

• You can now find assessments by searching for the client's name.
• Assessment-related emails now include the client's name for better context and identification.
• The "current" version in the version comparison bar now displays additional information, such as author, date, and (review) status for improved clarity.

Bug Fixes

• CSV Export: Resolved an issue causing CSV exports of 'Severity Only'-assessments to fail.
• Review Buttons: Fixed the missing review buttons in the researcher panel.
• Retest Events: Corrected the placement of "... rejected a retest" events in the finding timeline.
• Online Report Styles: Addressed multiple issues where incorrect styles were applied to elements of the online report.
• Report Themes: Fixed the inability to delete report themes.
• Finding Edit Form: Resolved an issue preventing the submission of the finding edit form while a retest was pending.
• Findings Table Width: Adjusted the findings table component to match the width of other tables in the PDF report.
• API Documentation: Fixed the display of parameters, now correctly showing them as arrays of strings instead of arrays of objects.