Analytics Page
Dive into a comprehensive analytics page accessible from the main menu. Explore detailed insights, including findings, assessments, trend analyses, severity counts, remediation strategies, and the top 5 assigned classification categories for each classification system. Tailor the analytics to meet your needs with filters for each client.
The dashboard for client users has been refreshed, showcasing key analytics - findings categorized by severity and status, critical and high-risk remediation efforts, average resolution times, and the top 5 unresolved severe findings, including their age.
Action Plan
Activate the Action Plan for an assessment to define a clear path forward for resolving findings. Customize each action plan with:
- Priority: Set the urgency levels.
- Complexity: Estimate the effort required for resolution.
- Action: Outline specific steps for mitigation.
With the Action Plan enabled, you can gain immediate access to a dedicated action tab from the assessment page and seamlessly integrate the action plan table into any report section. Simply select it from the component list in the markdown editor for seamless integration.
CVSS 4.0 Scoring System
Reporter now supports the latest Common Vulnerability Scoring System, Version 4.0 (CVSS 4), offering a more nuanced and precise approach to vulnerability scoring. This enhancement allows users to assess and prioritize vulnerabilities with greater accuracy. Alongside the integration of CVSS 4, we've implemented improvements across all scoring systems within Reporter.
Other Improvements
- A new global "Project manager" role. This role is tailor-made for those who oversee project progress and quality without altering core system configurations.
- Users can now import findings from previous assessments with the status "draft" or "under review" instead of "published".
- To ensure the integrity of published findings, importing findings as "published" now requires review permissions.
- Improved text selection behavior in the markdown editor.
- Add researchers and reviewers to the report separately.
Security
Webhook secrets have been removed from the edit page.
Bugfixes
- Addressed an issue where users were unable to reset a finding's original severity and remove status change events if the current and original severities matched.
- Corrected the sorting order for resolved targets in finding events to ensure accuracy when displaying the most recent events first. Furthermore, the loading performance has been improved.
- Fixed a problem that prevented ordering first-level assessment sections within assessment templates.
- Fixed notification label sizing.
- Fix the 'enable password' checkbox on the setup page.
- Fixed inconsistent indentation of lists in the PDF report.
- Fixed a bug where tables that should appear indented in a list were not indented properly.
- Finding retests now have a versions button.
- Fixed an issue where date formats for placeholder components were not added to the shortcode.