New in Dradis Pro v4.5

Leave a reply

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

CSV Importer

Dradis can now import CSV files into projects! Some vulnerability scanners produce output in CSV format rather than e.g. XML or JSON. You can now import these (and other) CSV files into Dradis, and configure which column to assign to which field in your Dradis projects on a per-file basis. Simply go to “Upload”, select the CSV importer, upload a file, and you will be redirected to an interface to assign data to fields. As with other plugins, you can create Issue, Evidence, or Node data and fields.

This is v1 of the CSV importer, so we look forward to your feedback on what works for you and what you would like to see in the future from this feature!

Note that for the sake of internal naming consistency, we have renamed the CSV exporter plugin with this change, so if you have the CSV exporter installed, you will need to reinstall the plugin as dradis-csv_export.

JIRA bulk send

Do you use our JIRA integration? If so, you can now bulk-send issues to JIRA. Simply select multiple issues from your project in the “All Issues” view, and click “Send to JIRA”:

That will send all your selected issues to the Dradis-JIRA interface. Pick the destination project, issue type, and other required fields for each item, and you’re done!

Bug fixes and quality-of-life improvements

Another focus of the v4.5 release is working through some bug reports and lower-level requests we have accumulated over time.

Bug fixes include multiple items relating to attachment validation and export, Node labels linking to external resources (so e.g. clicking on a Node label of “www.google.com” will no longer redirect you to Google instead of the Node in Dradis), and the Rules Engine matching against IssueLibrary entries without trailing empty lines.

Quality-of-life improvements include adding Revision History for Content Blocks and improved error messages in the Output Console on Word report export. Check our release notes for more detail!

Release Notes

  • Content Blocks: implement Revision History
  • Upgraded Dradis Pro to run on ruby 3.1.2
  • Upgraded gems:acts_as_tree, bootsnap, bundler-audit, factory_bot, paper_trail, rails, rails-html-sanitizer, timecop, thor, unicorn, unicorn-worker-killer
  • Bug fixes:
    • Attachments: Fix attachments not showing, validating, or exporting correctly
    • Evidence:
      • Add validation for creating evidences in the issue view
      • Set correct localStorage key to prevent pre-populating incorrect content at the issue level
    • Issue Library: Render colored badges in the Tags column of the entries table
    • Nodes: Prevent evidence labels linking to external resources
    • Rules Engine: Fix the Rules Engine not matching Issue Library entries with no trailing empty lines
  • New integrations:
    • CSV Importer
  • Integration enhancements:
    • JIRA:
      • Add support for datepicker custom fields
      • Add Bulk Send To support
      • Update JIRA setup instructions
    • Rules Engine: Prevent subsequent rules from running after a discard action
    • Qualys: Wrap ciphers in code blocks for the Vuln Importer
  • Reporting enhancements:
    • CSV Export: Rename integration to dradis-csv_export
    • HTML Export: Add :rtp plugins feature
    • Word:
      • Fixes “-” in hyperlinks displaying HTML entity
      • Fixes duplicated relationship Ids when adding relationships
      • Fixes text with double exclamation marks breaking report
      • Show error message in export logs when populating multi-paragraph content in inline content controls
      • Show error message in export logs when removing invalid screenshots
  • Security Fixes:
    • Medium: Authenticated author broken access control: read access to issue content

Not using Dradis Pro?

Leave a Reply

Your email address will not be published. Required fields are marked *