Skip to main content

June

· 3 min read

NG Production Release Update ( June 16, 2025 )

Here's a quick look at what's landed recently:

Azure DevOps Integration Enhancements

  • Azure DevOps can now be configured as an issue tracker.
  • Support for specifying Area Path has been added, allowing users to define a hierarchical project structure for issue reporting.

Team Management & SSO Improvements

  • Enabled support for creating teams and sharing applications with SSO users.

    Resolved Issues

    • Fixed problems with team visibility and application assignment for SSO users caused by incorrect identity mapping and duplicate references.
    • Users creating a new team are now automatically added as team members.
    • SSO users can now reliably view their teams under “My Teams” and assign applications via the “Share with Team” option under Administration.

Hosted Agent & Scheduled Scans

  • Fixed: Scheduled scans using private hosted agents were failing if the Instance URL was only reachable internally.

  • Improved SSRF Handling: A null pointer exception caused by an unreachable security-categories.apisec.ai SSRF URL is now handled gracefully.

  • Customers using private agents should ensure that they have outbound access to this domain.

  • Hosted agent-related security improvements.

Vulnerability Insights

  • Added Last Found Date for active vulnerabilities.
  • Added Resolution Date for resolved vulnerabilities.
  • Included CWE IDs within security categories to improve visibility in the /detections endpoint.

RBAC Visualization Updates

  • Introduced RBAC layouts in both Consolidated and Accordion views to clearly represent access scopes.

User Experience Improvements

  • Dry Run Logs: These are now displayed separately for improved traceability.
  • Loader Added: On the scan details page for better feedback during load time.
  • Pagination: Implemented on the scan history page for performance and usability.

Reload Spec

  • We've made several key enhancements to the Reload Spec feature for better accuracy and user experience, including Automated API Onboarding
  • The spec reload process is now asynchronous, reducing timeout errors. Next, we will address preventing parameter overwrites.

Automatic API Onboarding

The Auto-Onboard feature streamlines API onboarding by automatically detecting and registering unregistered APIs from AWS API Gateway. This ensures that all APIs, including newly published ones, are consistently onboarded and tested for vulnerabilities with minimal manual effort.

Feature Highlights:

  • Automatically discovers and registers unregistered APIs in AWS API Gateway.
  • Admins can choose to onboard all available APIs or only those published after a specified date.
  • The system checks weekly for unregistered APIs and onboards them in batches of 50.
  • Any remaining APIs are automatically included in the next scheduled batch.

Platform Integrity & Logging

  • Activity logs now maintain both user and system actions.
  • Resolved discrepancies in vulnerability count on the scan details page.

OAS Validation & Sanitization

  • Improved sanitization of invalid datatypes, circular references, and other inconsistencies in OAS files during application registration.
  • Prevented registration of applications with invalid OAS.

Authorization Improvements

  • Displayed accurate authorization state on the endpoint details page.
  • Introduced a flexible custom authentication mechanism to support complex authentication flows involving multiple endpoint calls, headers, cookies, and tokens.
  • Enabled token refresh support during long-running scans to ensure authentication stays valid throughout the execution window.

Hosted Agent Management

  • Users can now view accurate hosted agent state and delete agents as needed.

IDP Initiated Flow

  • Added support for IdP-initiated login flows using Okta, allowing seamless access to the platform directly from the Okta dashboard.