Skip to main content

September

· 6 min read

NG Production Release Update ( September 04, 2025 )

Bolt Integration - Import Parameters and Payloads

We are pleased to announce the release of the first phase of Bolt Integration, designed to simplify and reduce application onboarding friction.

  • Seamless Import: Parameters and payloads captured directly from the client's web applications using the Bolt plugin can now be imported into the platform.
  • Hydration of Endpoints: By uploading a Bolt file under the application’s Endpoints tab, the platform automatically matches and hydrates endpoints with real data once confirmed.
  • Faster Onboarding: This capability minimizes manual configuration, ensures endpoints are functional and test-ready, and expands security coverage.
  • Future Roadmap: Additional enhancements, including direct Bolt-to-NG integrations, are planned to further improve the onboarding experience.

Auto-Reload Specification via API Gateways:

The Auto-Reload Spec capability, first introduced for AWS API Gateway on August 22, 2025, is now extended to support Azure API Management (APIM) and MuleSoft API Gateway.

  • Supported Gateways: AWS API Gateway, Azure API Management (APIM), MuleSoft API Gateway.
  • Scheduling: Reload jobs can be scheduled weekly, with support for more frequent synchronization planned for future releases.
  • Configuration Options: Users can configure whether to retain or remove:
    • Endpoints missing from the specification
    • Existing parameter values
    • Schema configurations
  • Reliability: Maintains accurate and up-to-date API specifications while minimizing the risk of data loss.
  • Access Control: Only Administrators and Application Owners with gateway access can schedule this task.
  • Unlinking Behavior: If an API is unlinked from its application, the scheduled synchronization is automatically disabled.
  • Activity Logging: All scheduled activity statuses are recorded in the activity logs.

SSO User Visibility for Team and Application Sharing:

We have introduced support for listing SSO Users within the platform to simplify team management and application sharing.

  • Unified User Listing: Both SSO and Non-SSO users are now visible when managing users in a tenant.
  • Team Assignment: Administrators and Team Owners can add SSO users directly to Teams, ensuring proper access alignment.
  • Application Sharing: Applications can now be shared seamlessly with SSO users, eliminating prior limitations where only manually created users were listed.

Manage Teams:

We are extending the team management capabilities beyond creation and updates to include team deletion.

  • Scope of Access: Only Administrators who are designated team owners are permitted to delete a team.
  • Governance and Security: This restriction ensures that team removal is handled with appropriate oversight, preventing accidental or unauthorized deletions.
  • Consistency: The enhancement builds on the existing team management framework to provide a complete lifecycle for team administration.

NG Production Release Update - APIsec_cloud_6.9.2.0 ( September 19, 2025 )

Instance-Based Custom Headers for Reachability & Endpoints

  • Configuring headers just got a whole lot easier. Instead of re-entering the same header repeatedly at the endpoint level, you can now set Instance-Based Headers directly within your API.

  • With this update, you can:

    • Add custom headers from App Config - Manage Headers and apply across all endpoints in an instance.
    • Fine-tune control – Apply headers only to the endpoints you choose.
    • Support reachability checks – Mark headers to be included when testing the reachability of your instance URLs.

Automatic API Onboarding - Azure API Management (APIM) and Mulesoft API Gateway

  • The Auto-Onboard capability, first introduced for AWS API Gateway on June 16, 2025, is now extended to support Azure API Management (APIM) and Mulesoft API Gateway.

  • The Auto-Onboard feature streamlines API onboarding by automatically detecting and registering unregistered APIs from AWS API Gateway. This ensures that all APIs, including newly published ones, are consistently onboarded and tested for vulnerabilities with minimal manual effort.

  • Feature Highlights:

    • Automatically discovers and registers unregistered APIs in AWS API Gateway.
    • Admins can choose to onboard all available APIs or only those published after a specified date.
    • The system checks weekly for unregistered APIs and onboards them in batches of 50.
    • Any remaining APIs are automatically included in the next scheduled batch.

View and Revert False Positives

  • Application Owners, Administrators, and collaborators with edit permissions can now:

    • View all vulnerabilities that were previously marked as false positives.
    • Revert them back if they were incorrectly flagged.

    Key Capabilities:

    • Audit Tracking - See who marked a vulnerability as a false positive and when it happened in the vulnerability details.

    • Seamless Issue Tracker Integration

      • When a vulnerability is marked as a false positive, linked tickets in Jira or Azure DevOps are automatically closed.
      • When a False Positive is revoked, the platform re-runs the test.
        • If the vulnerability is reproducible → it is restored as Active, and a new ticket is logged.
        • If not reproducible → it is marked as Resolved, and the linked ticket stays closed.

Team Member Management for Role Users

  • Enterprise customers just got more flexibility in managing their teams!

    • Role Users as Team Owners: If an Administrator assigns you as a Team Owner, you can now add teammates, remove them, or adjust their permissions (choose between Edit or View).
    • Administrator control: Admins retain the ability to reassign or change Team Owners whenever needed.
    • Clear boundaries: While Team Owners can manage members, creating or deleting entire teams is still reserved for Administrators only.
    • Safer team deletion: Only Administrators can now delete teams. To prevent accidents, the system requires you to type the team’s name before confirming deletion.
    • Accountability: Team deletion is logged in the Activity Logs.

Security Hub Reports with PDF Attachment

  • The monthly email reports just got an upgrade! We have added the Security Hub PDF as an attachment.
  • It provides direct access to vulnerabilities and security insights without logging into the platform.

Improvements & Fixes

  • We’ve been busy smoothing out a few rough edges and polishing the experience. Here’s what has been improved:

    • Threat Detections Pie Chart : Previously displayed the count of Vulnerable Endpoints, it now correctly shows the count of Open vulnerabilities.
    • Scan Setup Simplified : Scans no longer require testing all authentications before starting. Less friction, faster testing.
    • Endpoint Test Execution Error Handling : When a test is skipped due to a Timeout or Server error, it displays an appropriate message instead of failing without context and showing “Internal APIsec Error.”
    • Azure DevOps Test Connection : Trying to connect with invalid credentials prevents logging the user out.
    • Security Hub Tile Fix : The “Tests Run” metric was mistakenly showing All Time instead of Monthly Statistics. That’s now corrected.