Release Notes

📈 Scan & Vulnerability Reporting

• Implemented /api/v2/report and /api/v2/report/scans endpoints to deliver comprehensive scan analytics and vulnerability summaries.

• Reports now include:

  • Total number of scans, projects, files, and lines of code scanned.

  • Breakdown of vulnerabilities grouped by scanner (e.g., SAST, IAC, SECRET, etc.).

  • Counts of findings by status: True Positive, False Positive, Unverified.

🧠 Historical Comparisons & Trends

• Added comparison support between current (live) and one_month_ago metrics.

• Markdown templates were created to display percentage change trends:

  • 📈 Increase or 📉 decrease in scans, files, and LoC.

  • Markdown-compatible layout supports rendering in dashboards, GitHub, and PDF exports.

📋 Markdown Summary Templates

• Built dynamic Markdown table rendering:

  • Per-scanner vulnerability breakdown.

  • CWE-based and status-based vulnerability distribution tables.

  • Aggregate totals across scanners and statuses included in table footers.

• Added project listings with links, scan references, and metadata such as created_at and branch.

🔁 Automation & Streamlined Insights

• Vulnerability reports auto-update using latest completed scans (per project).

• Introduced support for mermaid.js and basic charting ideas for future visual dashboards.

🔐 Security Policy Enforcement by Plan

• Introduced BuildSecurityPolicyWithDefaults, a utility that constructs a complete security policy based on user input, default values, and plan-based access control.

• The following plan-based restrictions are now enforced:

  • Free Plan: Only compliance, secret, and pii scanners can be enabled.

  • Premium Plan: Adds support for sast, sca, container, iac, and api scanners.

  • Ultimate Plan: All scanners are allowed.

• Even if users attempt to enable unauthorized scanners, they are automatically disabled (set to false).

• All scanners are now always present in the policy for consistency, with unavailable ones disabled as per plan.

• Invalid frequency values are now replaced with "none" using cron syntax validation.

🧱 Group Management Enhancements

• CreateGroup and UpdateGroup functions in the datastore now:

  • Return the full group document (not just success/failure).

  • Include security_policy integration with enforcement.

• API endpoints for group creation (POST) and update (PUT) now:

  • Accept name and security_policy in JSON body.

  • Apply default policy structure and plan-based overrides before saving.

  • Return the newly created or updated group object in the response.

✅ Stability & Safety

• Improved validation of input data (e.g. cron expressions, JSON formats).

• Resolved issues with scanner value enforcement logic.

• Ensured consistent scanner output structure regardless of user input.

We’re excited to announce the launch of the AquilaX IDE Plugin for Visual Studio Code, designed to bring powerful application security insights directly into your development environment!

🚀 What’s New:

• Real-Time Vulnerability Highlighting: View security issues identified by AquilaX scans directly in your code editor.

• Detailed Insights: Get actionable information, including vulnerability type, severity level, and suggested remediation steps.

• Seamless Integration: Automatically sync your projects with AquilaX scans and fetch results for instant visibility.

• Simple Installation: Install directly from the Visual Studio Code Marketplace or via the extension manager in VS Code.

📖 Documentation:

For a step-by-step guide to installation, configuration, and usage, visit:

👉 AquilaX IDE Plugin User Manual

🔧 Get Started:

Install the plugin today and take your application security to the next level!

🔗 Download from VS Code Marketplace

🚀 New Features

• Simplified Repository Scanning: Scanning your repositories is now easier than ever! With just two clicks, you can kickstart a secure and efficient scan.

🧪 Beta Features

• Malware Scanning (Beta): We’ve introduced a powerful malware scanning feature, now available in beta. Identify and mitigate malware risks in your codebase during the development lifecycle. Try it out and share your feedback to help us refine this feature.

🛠 Bug Fixes

• Resolved minor bugs to improve platform stability and enhance your overall experience.

Stay tuned for more updates, and as always, your feedback is invaluable. Happy scanning!

1. Ability to link to GitHub, GitLab and JIRA to raise tickets for vulnerabilities, more information here: https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets

2. Ability to remove a project and a scan

3. Now password and secrets are obfuscated

Users can now log in using GitLab, Microsoft, or even a one-time magic link. Staying true to our commitment to passwordless authentication, we've introduced these additional access options to make logging into our system even more seamless and secure.

New Feature Added:
AquilaX now supports automatic creation of GitHub issues for identified vulnerabilities.

Details:

• Integration: Directly connect your GitHub repository to AquilaX.

• Functionality: Detected vulnerabilities can now logged as GitHub issues.

• Content: Each issue includes:

  • Vulnerability description

  • Affected file(s) and code references

  • Suggested remediation steps

Purpose:

This feature streamlines vulnerability management, providing a smoother integration with existing development workflows.

Availability:

The feature is now live for all users with GitHub repositories linked to AquilaX.

• Automatically generate a default group during organization setup for streamlined onboarding.

• Embed organization and group IDs directly into navigation links for seamless access.

• Apply group-based filtering to display page results relevant to the selected group ID.

• Log system events into an internal tracking system for enhanced monitoring and traceability.

• Removed Sentry integration for a simplified monitoring setup.

• Integrated OneFirewall Protection for improved security.