Category Archives: Features

Designing & Developing Tylium

On March 2nd, 2020, we released Tylium, a new layout for Dradis projects replacing the long-lived Snowcrash layout. Let’s go into some of the details of the work that went into designing Tylium.

Dashboard view of the new Tylium layout

I’m Matt Budz, the product designer for Dradis, I help create new Dradis features and re-design some of the older ones that need some TLC.

First, let’s start with some background. Snowcrash has been the layout for Dradis projects since 2013. Some users may remember way back when it was released as part of v1.9. It was a shiny new UI built using the now-ancient Bootstrap 2 with a handful of 3rd-party plugin stylesheets sprinkled on top. Many new features were added over the years, but the look and feel of the app became dated.

Dashboard view of the old Snowcrash layout

My goal was to make the app look more modern and to update it to Bootstrap 4. But what does more modern entail?

I wanted to retain the long-used brand colors for both Dradis CE and Pro editions and adjust the remaining color palette to improve color contrast while ensuring the changes wouldn’t be too jarring for existing users.
Increasing on-screen real-estate was a priority during the redesign. Adjusting spacing and incorporating a collapsable sidebar that could move out of the way provided more space. Snowcrash had some inconsistent visual hierarchy, especially around header & paragraph text sizes.

Some elements lacked visual cues to inform users that more information could be seen by scrolling. Additionally, Snowcrash had various cluttered views with a lot of information and action links that could be tucked away and accessed only when needed. I wanted to create an action menu (we call it the dots-menu) that could be used for any resource in virtually any view. I wanted this to have a specific look so that users would be able to recognize that there is something more they can do when they see this menu – like adding, editing, moving, and so on.

I embarked on this re-design journey knowing that I wanted to change the overall layout of the app but not completely re-design the individual partials that are rendered within the layout’s different views. I decided it would be best to work on those as the respective features got updated or other features got added.

Using my design tool of choice, Adobe Xd, I started on the main sidebar and the collapse/expand functionality. I designed this so that the user would expand the sidebar and once they navigated by clicking the links in the sidebar or clicked off the sidebar, it would collapse out of the way. With the sidebar opened, the rest of the view became faded out to bring attention to the floating sidebar. This came with subtle animations for the sidebar width transition, navigation link position, as well as opacity transitions for the node tree and sidebar header. At this point, I also added the new-to-Tylium Dashboard link, so users could easily navigate back to the initial view they are greeted with when they opened the project.

New sidebar style

Next, I moved on to the top navbar. In Snowcrash it was becoming a bit full and offered very limited space for long project names as well as new nav items. It was also visually connected to the sidebar giving the illusion of a smaller workspace for everything else in the project. I wanted to completely separate the navbar from the sidebar so I moved away from using the edition color as the navbar’s background color. In order to save some space, I changed the less-used nav links to round buttons with icons to reduce the total width they took up. I also re-designed the way the search button expanded and behaved to match the new round nav buttons.

Comparison of the old navbar (top) vs the new navbar (bottom)

I worked on the sidebar and navbar while looking at the project dashboard, so naturally, I moved on to the main dashboard area next. I wanted to keep the panels the dashboard had in Snowcrash but with an updated look. Again, I didn’t want to completely re-design any of the partials but I did update things along the way so they would be more cohesive with the new layout. The page heading and the panel headings had to become more distinguishable for one another so I increased the size of the page headers to ensure they wouldn’t be lost with panel headers. I also noticed there was inconsistency with borders and dividers, both in terms of colors and usage. I ensured all borders and dividing lines got the same color and that they were used consistently regardless of the view for a better visual presentation. The panels got a subtle border with rounded corners along with matching underlines for the panel headers. Some other components that got a refresh were the list of issues and the list of recent activities. 

For better user experience, I wanted the sidebar and navbar to always be visible regardless of the height and width of the view. This meant that only the view content would be scrollable. In order to keep a visual consistency throughout the layout, I used the changes I made to the dashboard to set the tone for all the other views.

Sidebar and navbar with locked position

At this point, I had a decent base for all views in the app but one major component that still needed work. Many of the views utilize a secondary sidebar that lists view-specific collections of items like, attachment uploads and import options. In design, we want the secondary sidebar to flow nicely with the main sidebar. I achieved this flow by making the secondary sidebar background color the same as the main sidebar active item background color. This would give the active sidebar item and the secondary sidebar a visual connection. The views that use a secondary-sidebar needed to match the rest of the app by having the view content sections neatly presented in panels. This meant that sections like Comments, Subscriptions, and so on got their own panel.

After all the design was completed it was time to dive into the code and translate the mockups to an actual working layout. Before I could do any of the fun stuff I had to first do the Bootstrap 2 to Bootstrap 4 migration. This proved to be quite tedious and required every single view file to be touched and restructured the Bootstrap 4 way. All the rows, columns, modals, panels/cards, and more, all had to be revised. Additionally, any JavaScript files using Bootstrap 2 classes had to be updated with Bootstrap 4 classes to maintain functionality. Finally, moving on to CSS files, I realized that over time as new features were added to Snowcrash, more CSS was added but as features were revised or updated, the no-longer-needed CSS was not removed. This resulted in a good amount of unused CSS lingering in the codebase. Furthermore, the custom CSS on top of 3rd party stylesheets resulted in some messy CSS that could have been significantly reduced to achieve the same result. I found many instances of over-specified properties on child elements and re-defined properties that were already defined elsewhere for the same elements. I put off cleaning up the CSS until I had the new Tylium layout in place. I figured some of the CSS could be re-used since the design of the partials rendered in the layout would not significantly change.

With the Bootstrap migration completed and out of the way, I was able to start coding the layout changes I’d designed in Adobe Xd. I implemented the design in roughly the same order as I designed it. I started with the sidebar and navbar, then moved to the main content areas of all views without a secondary-sidebar. I added the panel changes to each section of the views and adjusted things like header styles and font-sizes while utilized SASS variables for easy switching of colors between CE and Pro editions. 

Example of Tylium view without a secondary sidebar

Last but not least, I worked on the secondary sidebar and adjusted all the view files that utilized this sidebar and updated panel styles, panel headers, page headers, etc . While coding the secondary-sidebar I quickly realized that it could be taller than the view content itself depending on the collection of items rendered within it. This would cause the view content to be unnecessarily scrollable. To solve this, I locked the secondary sidebar height to match the height of the browser window and made it scroll independently of the main view content. This would also be a more natural behavior in situations where both the secondary sidebar and view content have enough height that they both need to scroll vertically. 

Another challenge I ran into was caused by a bug where the Bootstrap 4 modals appeared under the modal backdrop rendering all modals useless. After many hours of digging through the code, scratching my head, and growing new strands of grey hair, I turned to StackOverflow. It turns out this is a known Bootstrap 4 issue and the best way to solve it is to render all modals as direct children of the <body> tag. This required a refactor of the way we rendered modals in views.

At this point, the layout had come together nicely and everything was working as expected. Any bugs and quirks that came up along the way were resolved. Just as I was feeling good about it, all kinds of specs in the test suite were failing. I dove into the specs and updated what I knew needed updating based on the layout changes and Bootstrap migration but I noticed I wasn’t getting consistent failures. Some specs would fail sometimes and those same specs would pass other times. I had our developers, Aaron and Brian, step in to take a look. After many hours of debugging and researching, they finally realized the problem had to do with the sidebar toggle animation. The test suite was expecting the sidebar to be opened instantly so it could continue to go through the testing steps but the milliseconds of animation caused the test suite to intermittently break causing failures at different points. Ultimately, the solution was to disable animations for the test suite and all was well.

The last piece of the puzzle was to clean up all that old CSS. I ended up restructuring the CSS using a modified version of the SMACSS methodology. While tediously combing through each stylesheet, I removed unused, redundant, and unnecessary CSS. I was able to further reduce the amount of CSS by improving specificity.

Fun fact: Implementing Tylium modified 290 files and reduced the app’s code by 1871 lines.

GitHub stats

Tylium was finally ready for release. Pleasantly, the new look was generally well-received and as more and more users started to use the updated version of Dradis, we started to get more constructive feedback. Both our internal team and our users realized that the auto-collapsing toolbar created a workflow issue in cases where users needed to frequently switch nodes or manually add many new nodes. I set out to fix this hindrance by eliminating the need to click the sidebar in order to create/navigate nodes. After discussing a few options with the team, the decision was made to have users toggle the sidebar manually. To enable users to keep working regardless of the state of the sidebar, I removed the overlay that faded out the rest of the view. This allowed users to chose if they would like to have the sidebar open or closed and we implemented some logic to remember the sidebar state so users wouldn’t have to toggle it each time they returned to a project. This also helped with seamless navigation between views.

Overall, the new layout improved the app by:

  • Increasing screen real-estate by 18-20%
  • Updating Bootstrap’s version from the historic 2.3.2 to a more current 4.3.1
  • Improving accessibility by updating the text colors to meet at least Level AA of WCAG 2.0 standards.
  • Providing users with an app that has a modern look and feel while also increasing their productivity

This entire endeavor started in Oct 2019 with very early rough sketches and spanned about 6 months until it was finally publicly released in March 2020. Huge thanks to the entire team for their help and input throughout the entire process. ✌️

Matt,
Designer.

New in Dradis Pro v3.6

Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Hello, good looking.

screen showing the project summary in Dradis Tylium theme
Tylium is included with Dradis Pro v3.6 and CE 3.16

We’ve introduced a new project theme for Dradis. Tylium* is more than sprucing up the design with sleek lines and modern styles. It incorporates thoughtful details to improve your workflow and provides us greater flexibility to address your UI feedback moving forward.

This is a big visual change, but you won’t have to hunt for the Dradis items you rely on since they haven’t gone too far from the previous theme, Snowcrash. We’ve minimized the impact on your day-to-day use of Dradis by keeping the feel and flow of the app familiar. 

A comparison of two different project summary themes
Snowcrash vs Tylium

Tylium optimizes your workspace, keeping the purpose of each view in mind. It adds space where you need more real estate for updating findings and resizes or rearranges elements when you need to see the big picture. An example of this can be seen with the collapsible sidebar that adds roughly 20% more space and keeps all sections of the app quickly accessible, even adding a dashboard link to the project summary.

animation showing a navigation bar collapsing.
Now you see it, now you don’t!

As always, we’re eager to hear what you think. If you have feedback on Tylium drop a comment here, send it via email, or share it in Slack.

*It is SOP at Security Roots that we honor our nerdoms where we can. Snowcrash, the previous theme, is a nod to Neal Stephenson’s cyberpunk novel of the same name. Our love of Battlestar Galactica continues on with the new theme, paying homage to the powerful fuel source used in the series – Tylium.

Report Generation Errors

Everyone knows that validating your report before generating it will save you a headache tracking down problems with the report later. Now, the validator is more helpful by providing additional context to help locate the problematic evidence. While we are preventing headaches if your report has errors that are detected during generation the option to download it won’t be displayed.

Oooh, there’s the problem!

Release Notes

  • Update app to new Tylium layout
  • Add the ability for kits to update an instance’s Plugin Manager templates
  • Add revision history for cards
  • Bugs fixed:
    • Updated support beacon. Legacy support was dropped for older versions
    • Fix errors on content overwrite flash messages
    • Fail and redirect to login instead of raising an error when attempting to log in as a user that has been removed
    • When a report export is invalid and errors we disable the download button to prevent further errors
    • Fix the mail initializer not finding existing configuration settings from the db
    • Fix Cancel link path for the Note Edit page
    • Fix services_extras not being excluded from Excel exports
    • Fix Rule checking for non-existent fields
  • Integration enhancements:
    • CVSSv3 calculator provides access to all Temporal/Environmental fields
  • Reporting enhancements:
    • Add support for ellipsis
    • Better Evidence references on failed validations
  • REST/JSON API enhancements:
    • Add team (team id, team name, team_since) in the teams API endpoint
  • Security Fixes:
    • High: Authenticated author can no longer continue to make project changes and will be logged out after being disabled by an admin
    • Medium: Prevent admins from updating other user’s comments

New Dradis Integration: WPScan

WPScan logo

When the WPScan team approached us in late 2019 offering to create an integration for Dradis, we were excited to work together. What goes together better than a WordPress security scanning tool and an easy way to turn those findings into a customized report? Maybe chocolate and peanut butter, but the Dradis WPScan integration is much more likely to result in a more secure website.

A screenshot of Dradis showing Issues created by the WPScan integration
Time to update WordPress 😬

WordPress powers 35% of the Internet’s websites from hobby blogs to Fortune 50 companies. WordPress’ ease of use, well-established community, and extensive plugins offerings (55,457 as of this post) make it an attractive option for creating a presence online. Unfortunately, these same charms also make WordPress an easy and frequent target for attack. 

In 2011, while investigating his own blog’s security, Ryan Dewhurst created a script that combined testing for WordPress’ vulnerabilities into a single tool. This script, now WPScan, enumerates usernames, plugins, and themes, performs brute force password attacks, and identifies the version of WordPress on a target. 

WPScan contributors went on to create WPVulnDB to manage the ever-growing list of known WordPress vulnerabilities in an online database. When used together, WPScan and WPVulnDB API provide realtime detailed vulnerabilities and recommendations in your scan results.

This new Dradis WPScan integration makes it a snap for you to import the results of your WPScan directly to a Dradis Project. Each target maps to a node within your Dradis project, any vulnerabilities found in a plugin, theme, or setup become Dradis issues, and when evidence is available – like a list of enumerated usernames – it is pulled into Dradis as evidence.

Ready to get started with Dradis and WPScan?

The steps to add the Dradis WPScan integration to Dradis CE or Dradis Pro are similar for both editions.

  • Add or edit the Gemfile.plugins file. The file locations for each edition is listed below
    • Dradis CE: top-level Dradis CE directory
    • Dradis Pro: /opt/dradispro/dradispro/shared/addons/
      • This file should be symlinked to /opt/dradispro/dradispro/current/
  • Append gem 'dradis-wpscan', github: 'dradis/dradis-wpscan' to the file
  • Save Gemfile.plugins
  • $ bundle install
  • Restart Dradis
  • 🎉 All done!

If you run into any snags with the process, reach out on the community forums, the CE or Pro Slack workspaces, or directly to support.

TL/dr: Import WPScan findings into Dradis with the new Dradis WPScan integration

New in Dradis Pro v3.4

This post references an older release of Dradis Pro. You can find the most current version here:


Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Node Methodology

Add a methodology to a node containing the details appropriate for that node type. Create and apply methodology templates to ensure everyone on the team knows the next steps for that node. Project methodologies are still available; these new methodologies bring the same consistency to nodes.

Merging Nodes

If you have ended up duplicate nodes in your project, you can now merge them and preserve any findings related to that node. The new node merge action moves all associated Notes, Evidence, Attachment, and Activities from the source node into the target node.

Highlight Inside Code Blocks

Call attention to the most important details within a code block. Wrap the section with $${{ }}$$ to highlight it in yellow. The highlights transfer to your final report using styling updated in your report template.

Collapsable Sidebars

If your project has a long list of issues or attachments, it can be unwieldy to quickly access the import fields at the bottom to add more. The sidebars are now collapsable using the chevron at the top of the list and are expanded by default. Issues, Report content, and Nodes received this UI update to help you move through a cleaner interface.

Release Notes

  • Allow nodes to have an associated methodology
  • Highlight code snippets.
  • Better new board form empty name handling
  • Fix migration paths during database setup
  • Collapsable sidebar in issues
  • Collapsable sidebar in report content
  • Better placeholder syntax in Issuelib
  • Contributor dashboard redesign
  • Fix screenshot validator when Textile screenshot links have captions
  • Add Node merging feature
  • REST/JSON API:
    • New coverage: Tester users
  • Word reports:
    • Add CodeHighlight style support
  • Add-on enhancements:
    • Nexpose: Add risk-score attribute to nodes
    • Nmap: Add port.service.tunnel field to the port template
    • Remediation tracker: tickets can be assigned to testers and contributors, and contributors can see their tickets too.

New Dradis script: Bulk upload

We have a new addition to our dradispro-scripting repository. The bulk_upload.sh script allows you to upload multiple tool output files (of the same type) into a Dradis project at once.

For example, you might have multiple Nmap files from scanning hosts associated with a single Dradis project. Now you can upload all those files to your project at once. To use the script:

1. Copy all the XML files for a given plugin that you want to upload to a folder on your Dradis instance, such as /tmp/nmap/

2. Copy the bulk_upload.sh file to /opt/dradispro/dradispro/current/ on your Dradis instance.

3. Make the file executable:
$ chmod +x /opt/dradispro/dradispro/current/bulk_upload.sh

4. Run the file:
$ /opt/dradispro/dradispro/current/bulk_upload.sh <project_id> <plugin> <path>

For example, if your project is at <Dradis IP>/pro/projects/4 and you want to upload multiple Nmap files from /tmp/nmap/
$ /opt/dradispro/dradispro/current/bulk_upload.sh 4 nmap /tmp/nmap/

We hope you find this script useful! Check out our other scripts at dradispro-scripting repository for other scripts you can use or adapt to improve your workflow.

New in Dradis Pro v3.3

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you deliver the results of security assessments, in a fraction of the time without the time-wasting frustration of creating manual reports.

What’s new in Dradis Pro v3.3

Auto-Save

There are few things more frustrating than losing work in progress when your connection drops, browser crashes, or you close the wrong tab. Dradis now automatically saves your changes every few seconds to help avoid this problem. When you return to work, and auto-saved data is available, restore your work from the browser’s cached version.

Configuration Kits

Get started with Dradis Pro with a click of a button using kits. Use a Dradis kit to set up an instance tailored to your needs just by uploading a single file. A single kit zip file can quickly import and configure a project, report, issue, and evidence templates and properties, Rules Engine rules, methodologies, and sample projects. Admins can still tweak and configure Dradis manually; kits offer a simple way to jumpstart setup.

Azure DevOps / VSTS

Send any issue from a Dradis project to Azure DevOps (formerly Visual Studio Team Services / Team Foundation Server) to create a Work Item. Once sent, the Issue in Dradis displays the state of Work Item so you can keep track of remediation activities without leaving Dradis.

Ready to upgrade to v3.3?

Release Notes

  • Fix column overflow on Issues / IssueLib entries table
  • Allow report content management even without an RTP
  • Fix content blocks sorting in the sidebar
  • REST/JSON API:
    • Add-ons can inject Project attributes
    • BI custom fields included in Projects API endpoint
    • BI custom fields included in Teams API endpoint
    • Project Scheduler add-on includes :start and :end date in Projects endpoint
  • Fix sorting for issues under nodes on export
  • Add ability to upload configuration kits via web
  • Add screenshot validator
  • Projects are created with a background job
  • Two-step Contributor login

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.

New in Dradis Pro v3.2

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you deliver the results of security assessments, in a fraction of the time without the time-wasting frustration of creating manual reports.

What’s new in Dradis Pro v3.2

Here is Rachael with a quick video summary of what’s new in this release:

Integrated CVSSv3 Calculator

Quickly generate a CVSSv3 Risk score for an individual issue directly in Dradis. The CVSSv3 score calculator is now included as a tab on each issue for handy access. Edit the values on the calculator to populate the issue’s CVSSv3 details, including a valid vector string, with no need to copy and paste!

Animation showing the CVSSv3 calculator populating the base score and vector for a security issue.

IssueLibrary ships with Dradis Pro

Ever wish that the IssueLibrary wasn’t a separate installation and upgrade process from Dradis Pro? Wish no more! IssueLibrary is now bundled with Dradis Pro.

If you haven’t been using IssueLibrary, now is your pain-free opportunity to give it a spin. Cultivate a collection of your finest vulnerability descriptions to reuse across your Dradis Pro projects.

Already have vulnerability descriptions in another format outside of Dradis? Reach out to our support team and they can set you up to easily migrate them into IssueLibrary.

Upgrading from an earlier version of the IssueLibrary?
You must first remove IssueLibrary before applying the DUP by deleting the IssueLibrary line from /opt/dradispro/dradispro/current/Gemfile.plugins.

IssueLibrary API endpoints

The IssueLibrary is the newest API endpoint to be added to Dradis Pro. Use this new endpoint to create, update, retrieve and delete IssueLibrary entries. Check out the IssueLibrary API guide for examples to get started.

Ready to upgrade to v3.2?

Release Notes

  • Use ajax in comments
  • Fix nodes sidebar header margin
  • Add bold font to improve bold text visibilit
  • Fix links display in Textile fields
  • Fix redirection destinations after edit/delete evidence
  • Refactor cache keys in pages with comments
  • Disable turbolinks cache when displaying flash messages
  • Sort attachments in alphabetical ASCII order
  • Fix methodology checklist edit error
  • Add contributors and contributors management
  • Add IssueLibrary to the main app – no manual upgrades!
  • Fix export error caused by whitespace between newlines
  • Fix auto-linking export error for non-latin characters, dashes, and parenthesis
  • Fix multiple permissions added to a project when created via API
  • Add default tags to new project templates
  • Fix the bug that caused project to disappear when an author updates a project
  • Add seeds for the rules engine
  • Fix user count in teams list
  • Add contributor management view hooks for the Teams and Users pages
  • Allow deletion of teams with users
  • Show project Custom Properties in Business Intelligence – Trend Analysis
  • Fix XSS vulnerability when uploading svg attachments
  • Fix XSS vulnerability when evidence were sent to Trash
  • REST/JSON API:
    • New endpoint: IssueLibrary entries
  • Add-on enhancements:
    • CVSS calculator: embed CVSSv3 calculator in Issue page
    • Acunetix: Resolve create_node errors that appeared with URLs wo/ “http”
    • Burp: Make `issue.detail` available at the Evidence level
    • Netsparker: Change alphabetical lists to bullet lists

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.

New in Dradis Pro v3.1

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create reports, in a fraction of the time.

For this release, we’ve squashed some pesky bugs and updated the system and its add-ons with new features that will make your team’s life easier.

The highlights of Dradis Pro v3.1

  • Added comments, subscriptions and notifications to notes
  • Added comments, subscriptions and notifications to evidence
  • Added comments, subscriptions and notifications to methodology cards
  • Pre-flight tool upload validator
  • Fix default tags creation bug
  • Allow numeric fields to be 0 when validating
  • Fix BI engine load error (hook into model load and not ActiveRecord load)
  • Fix overflow bug when editing report templates (issue sorting tab)
  • Updated how add-ons hook into the main menu
  • Fix error pages
  • Renamed clients to teams in the backend
  • Fix blockcode characters displaying incorrectly
  • Fix red dot still being displayed on the first visit to the page that caused the single unread notification
  • Fix wrong ‘There are no comments’ message
  • Escape HTML in comments
  • Track activities when multiple-creating evidence
  • Fix BI custom project properties
  • Better engine manifest hooks
  • Keep lists and cards order when exporting as XML
  • When errors found validating evidence, report with evidence id
  • Add-on enhancements:
    • Note and evidence comments in export/import in dradis-projects
    • Fix usage of set_property to use set_service in Nexpose plugin
    • Netsparker: Update cleanup_html to format content + add new fields
A quick video summary of what’s new in this release:

Comments for methodology cards, evidence, and notes

Comments, notifications, and subscriptions introduced in Dradis v3.0 have been extended to include methodology cards, notes, and evidence in projects. You can leave a comment tagging another user, subscribe to be notified of comments and receive notifications for cards, notes, evidence, and issues. All comments are included during project import/export with dradis-project.

Checking for empty fields

Dradis will check for empty fields when saving a field required by your template and when validating your project before exporting a report. Catching and correcting these empty fields before generating your report will help prevent the dreaded ambiguous cell mapping Word error.

Pre-flight tool upload validator

While uploading output from a tool into a project, Dradis will check your Plugin Manager configuration against your report template configuration. If your template is configured to require a “Recommendations” field but no #[recommendation]# field is defined in the Plugin Manager for this output file type, Dradis will throw a warning.

Showing the preflight validation

Ready to upgrade to v3.1?

Not using Dradis Pro on your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features or what our users are saying.

New in Dradis Pro v3.0

Dradis Professional Edition is a collaboration and reporting tool for information security teams that will help you create the same reports, in a fraction of the time.

For this release, we’ve squashed some pesky bugs and updated the system and its add-ons with new features that will make your team’s life easier.

The highlights of Dradis Pro v3.0

  • Add comments for issues
  • Add notifications for comments
  • Add subscriptions for issues in a project
  • Nest the dradis elements under the project scope
  • Add ‘Send to…’ menu for issues
  • Add better handling of the Services table
  • Use puma for the development and test server
  • Remove resque dependency
  • Improve redirect on Evidence#edit
  • Alphabetically sort ContentBlocks
  • Validate empty fields
  • Fix exporting with bc.. prepended with a newline
  • Fix password reset thor task
  • Fix cookie overflow
  • Fix license redirection
  • Fix missing lists bug
  • Add-on enhancements:
    • Add references and vulnerability_classifications fields in the Burp plugin
    • Fix formatting errors and hostname Node property in the Burp plugin
    • Fix vertical buttons for the CVSS calculator
    • Fix issue sorting in HTML export
    • Split services data in the Metasploit, Nessus, Nmap plugin
    • Update fields template in Nessus plugin
    • Add CVSS fields for the Netsparker plugin
    • Resolve nested duplicate content in Paragraph tags in the Nexpose plugin
    • Better handle finding `id`s in Nikto plugin
    • Smart table header for the IssueLibrary
  • Bugs fixed: #102, #118, #321
The IssueLibrary must be updated after you upgrade! Contact support for the files.
A quick video summary of what’s new in this release:

Comments, notifications, and subscriptions

You can now comment on issues within projects.  You can also tag other members of your team in a comment, or subscribe to a conversation.

If a team member is tagged in a comment or subscribed to a conversation that has received a comment, they will see a notification when they open their project.

One project per tab

You may now have multiple projects open in several tabs of your browser.  You are now able to switch freely between projects and tabs altering their content in any order – a boon for multitaskers!

API endpoints for Content Blocks and Document Properties

For users of our REST API, we have now added endpoints for Content Blocks and Document Properties. Now you may create, update, retrieve, and delete Content Blocks and Document Properties through the API.

Ready to upgrade to v3.0?

Still not using Dradis in your team?

These are some of the benefits you are missing out on:

Read more about Dradis Pro’s time-saving features, what our users are saying, or if you want to start from the beginning, read the 1-page summary.

Comments, notifications, & subscriptions

Efficiently collaborate with your team using comments, notifications, and subscriptions inside of Dradis.

We heard you. There are times that you need to discuss a Dradis project with your team. Gone are the days of jumping on Slack or sending an email with a question or request for edits. Instead, leave a comment! Keep all of your Dradis talk inside Dradis.

Comments, notifications, and subscriptions are brand new in Dradis Community Edition (CE) v3.10 (and coming in the next release of Dradis Pro!).

Let’s jump straight into an example of how these new features improve team collaboration:

I’m working on Dradis CE (username rachkor) and have a question for another team member (username daniel). He wrote up a new Issue, but I think that the solution needs expanding. Instead of writing an email or finding him on chat, I scroll to the comment form at the bottom of the Issue:

Add comments to your Dradis Issues

Not only can I comment on the Issue, but I can also mention @daniel by name:

Mention other Dradis users in your comments

The next time Daniel logs in to Dradis, he’ll be greeted by a notification from me:

Get notifications from any mentions in Dradis comments

Comments are included in the Recent activity feed so that you can keep up with your team as a whole, even if you aren’t involved in a specific conversation.

When you comment on an Issue or a teammate mentions you in a comment, you’ll be automatically subscribed to that Issue. If you need to subscribe (or unsubscribe!) from notifications on a specific Issue, click the subscribe/unsubscribe button:

Subscribe or unsubscribe from comment notifications

We’re excited to unveil this new phase of collaboration within Dradis and can’t wait to hear what you think! Want to check it out? Grab the latest version of Dradis CE from GitHub with these instructions and test out the comments, notifications, and subscriptions. These new features will ship in the next release of Dradis Pro. If you’re a Pro user, stay tuned for a release notice soon!

Not using Dradis yet? Learn more about the Dradis Framework and all the time you could save.