2024.09.06 | Reporter

Audit functionalities

A new ISO 27001:2022 assessment template is now available, providing a standardized approach to compliance evaluations. We've also introduced a new audit scoring system with the categories Compliant, Opportunity for Improvement, Minor Non-Conformity, Major Non-Conformity, and Not Applicable. Additionally, a new audit scoring table component offers a clear overview of the number of findings for each score category:

Reporter audit table component

You can add the new ISO 27001 template using the 'Clone default template' button on the 'Assessment Templates' page.

Improvements

PDF Report Tables: Table headings now automatically repeat on every page when a table spans multiple pages, enhancing readability. This default behavior can be disabled if needed.
Referenced Findings: Added severity circles wherever findings are referenced in markdown fields using the # key to link to other findings.
Webhooks: OAuth2 connection support for webhooks.
CVSS Metrics Linking: CVSS metrics in PDF and online reports are now linked to the CVSS calculator built into Reporter. It is also possible to link to the FIRST.org CVSS calculator instead or disable links altogether. This can be configured in the settings of a Reporter theme under the 'Miscellaneous' tab.
Finding Section Titles: You can now configure the titles of finding sections independently from the headings in the report theme configuration.
Notification documentation: Added new documentation detailing when notifications are sent and the specific types of notifications that are triggered.
Activity Storage Retention: Added documentation on the ACTIVITY_LIFETIME environment variable, which determines how long the activity trail is retained.
Targets Placeholder: Added a targets placeholder that, when rendered, displays a list of the assessment targets.
Code Blocks: Added a copy button that appears when hovering over code blocks for easier copying of code snippets.
Results Table Component: Sections that cannot have findings now appear in the results table if they contain child sections that can have findings.
Action Plan and Findings Table Component: A new option is available to remove page numbers from the action plan and findings table components.
Block Quote Styling: Added a gray border to the left side of block quotes in the PDF report. The color of this border can now be customized.
Snippet Insertion Modal: The snippet insertion modal has been improved to include a rendered preview, allowing you to view the snippet before adding it.
Snippets Management Page: Enhanced the snippets management page with new sorting, searching, and tagging functionalities. Tags can be created under 'Settings > Tags'.
PDF Metadata: PDF metadata is now customizable, allowing for tailored document information.
Tool Output Parser: Updated and improved several tool output parsers, including enhancements to the NMAP parser.
Status Report: New checks have been added for the web sockets connectivity.

Bugfixes

Resolved an issue where text dragging in the markdown editor had stopped working.
Corrected a problem where the wrong status was set when requesting a section revision.
Improved the rendering of components in markdown tables.
Fixed an issue where the background line in the HTML report sometimes overlapped text in Chromium-based browsers.
Added missing section M4 to the OWASP Mobile Top 10 assessment template.
Updated the NCSC guidelines assessment template so that all sections at the deepest level now require findings.
Fixed an exception in assessment versions when no classification system was enabled for one of the versions.
Resolved an exception that occurred when adding a translation to an assessment template with no sections.
Fixed a bug where the first page would always load when reviewing items via the review page.
Corrected a bug where users tagged in a comment were emailed again when the comment was converted to a retest inquiry.
Fixed the theme watermark transparency setting, ensuring that 0 is now opaque and 1 is fully transparent.
Resolved an issue where snippets containing Unicode characters were not replaced correctly in the preview.
Fixed an issue with rendering the findings table component outside of the assessment context.
Optimized data loading when indexing potential findings and added an environment setting for chunk size.
Fixed an exception on the finding templates index page when rendering templates that are not vulnerabilities.
Improved the speed of assessment creation based on large assessment templates.
Fixed form locking issues in assessment section templates when handling different translations.
Resolved an issue where category names in the results table (rendered in the PDF) were not properly linked to their corresponding categories.
Fixed a date formating issue for translated reports.