Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Auto-update Charts in Word

Previously, to include charts in Word templates, VBA macros were necessary to be able to update the charts in exported reports. This was a problem for the Mac users among us, as the relevant VBA is not supported in Office for Mac. We have now tweaked the reporting engine so that the source Excel sheets for charts in Word can be filled in with filters so they will auto-update during the export process from Dradis. The supported filters support the majority of use cases we have seen, such as issue counts by CVSS score, severity, type, category, host, etc.

Gateway comments

Do you use the Dradis Gateway? We have now improved this collaboration feature! Comments are already supported within Dradis projects, but now comments have reached the Gateway as well. If you are an Admin or Author on a project, you can choose to make a comment public (available on Gateway) or not (only visible to your team members within the project). Gateway contributors are able to view your public comments and submit their own comments on issues and other content inside the Gateway.

Qualys Asset Scans

Dradis now supports Qualys Asset Scans! This expands our Qualys coverage to include:

• Qualys Vulnerability Scans (Vuln)
• Qualys Web Application Scans (WAS)
• Qualys Asset Scans (ASSET)

Release Notes

• Comments: Show public comments for issues in a project
• Mintcreek: Add breadcrumb navigation
• Uploads: Allow subsequent file uploads from the same scanner without needing to re-select the scanner
• Upgraded gems:
  • nokogiri, rails
• Bugs fixes:
  • Document Properties: Set focus to property name/value inputs when clicking the edit icon
  • Editor:
    • Add keyboard shortcut support for windows and linux
    • Allow comparing document property values with “==” operator
    • Allow text selection expansion using shift-click
  • Issues: Show correct links in the “Send To” menu
  • Subscriptions: Show correct Subscribe/Unsubscribe link after a new comment is posted
  • Tables: Prevent columns state from resetting after 2 hours
  • Teams: Prevent displaying trashed projects
  • Tylium: Remove extra left padding from the first line of content in a code block
  • Upload: Show pre upload validation for Qualys
• Integration enhancements:
  • Openvas: Update Node label parsing. Include :hostname and :asset_id properties.
  • Qualys: Add Qualys Asset Scanner (ASSET) support
• Reporting enhancements:
  • Word: Charts in Word can now be exported without the need for macros
• Security Fixes:
  • Low: Password reset token can be reused in a 5-minute window

Not using Dradis Pro?

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps, always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Pro is reliable, with over 10 years of history, and has a top-notch dedicated support team.