November 26th, 2025
New
We’re excited to announce the launch of Astra Cloud Vulnerability Scanner, designed to help teams continuously detect misconfigurations, IAM risks, and compliance gaps across AWS, Azure, and GCP.
Built on Astra’s Offensive Security Engine, the Cloud Scanner gives you continuous visibility into your cloud environment, helping you find real risks faster and fix them before they impact production.
What’s New
1. Continuous Cloud Visibility
Monitor your entire cloud environment from IAM roles and exposed storage to public endpoints and policy misconfigurations. Astra automatically detects new resources and scans them in real time, so you never miss a drift or hidden risk.
2. Misconfiguration & IAM Risk Detection
Built for AWS, Azure, and GCP, the scanner runs hundreds of cloud-specific checks to identify:
AWS Inspector V2 Vulnerability Scanner Not Enabled
Secret Rotation Interval Not Configured Properly
Missing Monitoring for Network
Detect Unauthorized KMS Key
Storage Bucket Public Access Check
Cloud Storage Bucket Versioning Check
Cloud Function has Default Service Account Enabled
Outdated Python Version for web apps
Web App Client Certificate Validation Disabled
3. Guided Remediation Steps
Every finding includes actionable guidance and code-level fixes. You can trigger an automated rescan instantly to verify the resolution, no waiting on pentesters, no second opinions. Your cloud team can go from detection to resolution faster than ever.
4. Setup in Minutes
Getting started is simple: connect your cloud accounts with read-only permissions and start scanning right away. No agents, no complex deployments, and zero performance impact on your infrastructure.
5. Part of the Astra Security Platform
The Cloud Scanner works seamlessly alongside Astra’s other solutions, DAST, API Security, and PTaaS, giving you one unified dashboard for everything from cloud posture to app vulnerabilities. Manage all your security findings, guided fixes, and validation proof from a single, easy-to-use platform.
Your cloud evolves by the minute; your security should, too. Experience a faster, clearer, and more actionable way to stay ahead of misconfigurations.
Start your 7-day trial for just $7 and see Astra in action. Learn more →
October 3rd, 2025
New
We’ve just rolled out an exciting new feature that lets you host your Trust Center pages on your own custom domain, making your Trust Center fully branded, professional, and customer-ready!
What’s New?
1. Step-by-Step Setup in Dashboard
Add your custom domain directly from Trust Center settings and follow guided instructions, no complex configs required.
2. Real-Time Verification
Once you add the required DNS record, trigger verification right from the dashboard and get instant feedback on your domain status.
3. Automatic Domain Activation
Verified domains go live instantly with authentication issued automatically—your Trust Center is ready for customers in no time.
Impact
Fully branded customer experience, your domain, your brand.
Simple updates or domain changes, all manageable from the dashboard.
Increased trust with stakeholders by keeping everything under your own domain.
Check out the full help article here
September 30th, 2025
New
We’re excited to announce the launch of Trust Center, a continuous, publicly accessible hub designed to help businesses showcase their live security posture and compliance status with ease.
What’s New?
1. Continuous Security Proof
Share real-time vulnerability scans, penetration test results, and compliance status.
Move beyond static PDFs with automatically updated security evidence.
Build trust instantly with stakeholders, customers, and partners.
2. Dynamic Trust Seal
Embed a one-click Trust Seal on your website, sales decks, or email signatures.
Redirects buyers and stakeholders to your live Trust Center for instant verification.
Strengthen credibility wherever your brand shows up.
3. Custom Branding & Controls
Customize your Trust Center with company logo, colors, and custom domain.
Manage visibility of sections like security posture, assessments, compliance, APIs, and FAQs.
4. AI-Assisted Setup
Enter your domain and AI drafts company, security, and compliance content in minutes.
Simplify onboarding with minimal manual work for startups and enterprises.
Astra’s Trust Center empowers teams to turn compliance questions into competitive advantages. With continuous verification and instant transparency, it helps companies shorten deal cycles, boost customer trust, and prove security every day.
Learn more: https://www.getastra.com/astra-trust-center
September 2nd, 2025
New
Improved
Fixed
This release introduces troubleshooting for connectivity check failures, giving you clear insights and self-serve resolution steps. Alongside this, we’ve expanded pentest scheduling to cover more asset types, improved scanning workflows, and delivered key bug fixes to ensure a smoother, more reliable experience.
New Feature:
Connectivity Check Failure
We’ve enhanced the way connectivity check failures are communicated on the Astra OrbitX Platform. Instead of just showing a failure message, you will now see actionable insights and easy troubleshooting tips to help resolve issues faster. With this update, you can now:Understand the reason behind a failed connectivity check
Receive guided troubleshooting steps
Quickly identify whether the issue requires configuration changes on your end
Save time by resolving common connectivity problems without external support
Improvements:
Pentest Scheduling for Other Assets: You can now schedule Manual Pentests for iOS, Android, and “Other” asset types from the Start Scan flow, while automated scans remain disabled for these assets.
Shift + Click Support: Added Shift + Click support in the target selector to quickly select multiple targets at once.
Force-Start Crawl Scan: Added an option to force-start a crawl scan when needed.
Bug Fixes:
OpenAPI File Upload Error: Fixed an issue in API target setup where uploading a valid OpenAPI YAML spec incorrectly threw an “invalid format” error
Access Revoked Error: Fixed an issue where users sometimes continued seeing a Forbidden message even after their access was removed. Now, revoked access is reflected instantly without leaving error screens.
Integrations Page Stability: Resolved a recurring loading problem on the Integrations page so it works without cache clears or hard refreshes.
UI Overlap: Fixed a layout issue where a popover overlapped the side sheet on the Integrations page.
Scan Type Filter: The Scan Type filter now works correctly in the Web DAST Scans list view.
Compliance Vulnerabilities Page: Resolved a page loading issue so the Compliance vulnerabilities view opens reliably.
Findings Loading Issue: Fixed an issue where findings failed to load for some customers in the vulnerability details sheet.
Asset Type Filter: Corrected the asset type filter behavior in the Start Scan sheet. It is now working seamlessly.
Persistent Error Page: Fixed cases where an error page persisted even after cache refresh and data clearing.
Endpoints Page Counter: Corrected the Unauthenticated endpoints counter so it displays the accurate count.
August 27th, 2025
New
Improved
Fixed
This release brings expanded support for custom login flows in web scans—helping you cover more complex authentication scenarios with ease along with OpenTelemetry SDK integrations to give you more flexibility in capturing and analyzing API traffic.
Apart from these, we’ve also made improvements that simplify target management, provide clearer visibility into subscriptions, and ensure a smoother overall product experience
New Features:
Custom Login Support for Web Scans: We’re excited to introduce support for custom login scripts in the Astra OrbitX Platform, this ensures more of your application is covered during automated scans, unlocking deeper insights and stronger security with less manual effort.
With this update, our scanner can reliably handle complex login methods such as:
Multi-factor authentication (including TOTP-based)
Email-based verification and magic links
Pop-up or modal-based logins
And many more unique authentication setups
OpenTelemetry SDK Instrumentation: We're excited to announce OpenTelemetry SDK Instrumentation Integrations in the Astra API Security Platform, giving you more flexibility to capture and analyze API traffic across your applications.
Ingest API traffic directly from OpenTelemetry collectors.
Seamlessly integrate with existing observability pipelines
Capture traces from popular SDKs such as Python, Node.js, Go, and Java.
Automatically collect request and response data without complex setup.
Improvements
Consistent Progress Display: The progress section now has a stable, consistent width, making it easier to track progress without layout shifts.
Clearer Checkout Details: When selecting a collapsed plan card in checkout, its line items automatically expand — no need to click “Show Features” again.
Pentest Completion Guidance: A new banner appears when a pentest finishes early, helping you clearly understand the next steps.
Bug Fixes
More Helpful Error Messages: When a request is blocked, you’ll now see a clear explanation instead of a generic error, helping you troubleshoot faster.
Resize Progress Bars Issue: Fixed an issue where progress bars resized unpredictably — progress indicators now remain consistent across the platform.
Save Changes Button Fixed: In the login recording section, the Save Changes button now works properly — updates like session length are saved as expected.
Subscription Card Fixed: The Show More button in subscription cards now works reliably, ensuring you can view all subscription details.
Reported Vulnerabilities Visibility: Fixed an issue where reported vulnerabilities weren’t showing up on the dashboard — all reported issues are now visible.
August 19th, 2025
Improved
Fixed
This release focuses on creating a smoother experience across the platform—standardizing UI elements, making subscription details easier to reach, and resolving issues affecting navigation and role assignments.
Improvements
Subscription Link in Target Settings – Each target now displays its active plan in the info row. Clicking on it takes you directly to the subscription page, automatically filtered to that subscription so you don’t have to dig around to find the right subscription.
Consistent UI Styling – Updated the scan details header UI for better alignment and styling consistency across the platform.
Subscription Status Tooltips – Paused, cancelled, or deleted subscriptions now display clear tooltip messages for better feedback.
Bug Fixes
Sidebar Scroll Issue – Fixed a scrolling issue in the main sidebar for smoother navigation.
Invite Member Role Assignment – Resolved an issue where invited members weren’t being assigned the correct roles.
July 29th, 2025
Improved
Fixed
This release focuses on streamlining workflows across the platform—improving filtering, enhancing guidance on scan usage and pricing, and resolving key issues affecting Jira, certificates, and UI navigation.
Improvements
Unsolved Filter Fix on Pentest Details: Clicking on the “Unsolved” card on pentest details page now correctly scrolls and applies the filter on the vulnerability table, helping you jump straight to what needs attention.
Offline Subscription Pricing Guidance: Added an info tooltip explaining how to find the correct pricing for offline subscriptions, removing confusion caused by seeing incorrect price displays.
Clearer Scan Quota Display: The Start Scan sheet now shows scan quota usage more clearly, helping you plan scans with better context.
Track Rescan Timelines Easily: Easily track rescan expiry with a tooltip that reveals the exact due date on hover — no more guessing timelines.
Bug Fixes
Clear Jira Ticket Error Messages: When Jira ticket creation fails, you now get a clear explanation of what went wrong instead of a generic error.
Three-dot Menu Access Restored: Fixed a UI issue where the three-dot menu (aka kebab menu) was getting blocked by the quick support help icon. You can now access all options without obstruction.
'Get Certificate' Button Fix: Fixed an issue where clicking the “Get Certificate” button did not filter the certificate page by the corresponding scan — it now correctly shows only relevant certificates.
July 22nd, 2025
Improved
Fixed
This update focuses on making your workflow smoother and more intuitive — from clearer scan details and smarter user invites, to improved visibility of scan states and workspace roles. We’ve also resolved key issues in different areas of the platform.
Improvements
Revamped Start Scan UI: The Start Scan sheet now highlights your custom or default scan name, with the target name as supporting text. You can also click the scan name to quickly access its details page.
Improved User Invitation Flow: While inviting multiple users, all entered email IDs are now clearly visible — making it easier to confirm team members before sending the invites.
Quick Access to Target Settings: You can now directly access a target’s settings from the workspace selector — speeding up navigation across targets.
Login Recording in Scan Progress: The login recording stage is now added in the scan progress bar in case of automated crawling scan.
Clearer Rescan Validity: Rescan validity is now shown more prominently on the Pentest list page, making it easier to track scan timelines.
Workspace Owner Clarity: The workspace selector now shows the owner’s email instead of the creator’s email, helping you better identify and manage different workspaces.
Bug Fixes
More Accurate Rescan Status: If a rescan fails, the scan will now correctly revert to “Reported” status instead of staying in “Rescan”.
API Inventory Sorting Fix: “Last Seen (Descending)” now correctly lists the most recently active APIs first — resolving a previous issue that sorted them in the wrong order.
Workspace Loading Issue Resolved: Switching workspaces no longer causes integration pages to freeze or hang.
July 18th, 2025
Improved
Fixed
This release brings clarity-focused improvements across the platform — from seamless JIRA navigation with the new “Open in JIRA” button for synced findings, to simplified API target setup and actionable scan scheduling. We’ve also addressed key bugs to improve consistency across workspace switching, payment settings, and scan tracking.
Improvements:
View Synced JIRA Tickets from Findings – You can now directly open synced JIRA issues from the findings table and findings details sheet using the new "Open in JIRA" button, making it easier to track linked tickets.
Workspace Owner Email Visibility – You can now view the email address of each workspace owner while switching workspaces, adding clarity when navigating across teams.
‘Automations’ Renamed to ‘Schedule Scans’ – We’ve updated the label for the Automations module to ‘Schedule Scans’ so it’s easier to understand its purpose at a glance.
Simplified setup for API Targets – The Base URL step has been merged into the main target URL field, streamlining the setup flow and reducing confusion.
Improved False Positive Confirmation – The confirmation dialog when marking issues as false positives has been redesigned to clearly emphasize about the scan exclusion feature.
Improved Scan Progress UI – We’ve improved how scan progress is visualized, especially in dark mode, by enhancing the percentage indicator and reducing confusion around scan status.
Marking FPs Now Require Justification – When marking a vulnerability as a false positive, you’ll now be required to provide a reason—helping us improve our detection quality.
Bug Fixes:
Login Recording Image Zoom Fixed – Zoom-in now works properly on failure screenshots in the login recording viewer.
Upload Confirmation Restored – A clear confirmation toast is now shown after uploading a login recording, replacing the previous blank message.
Scan Scheduling Sheet – You can now dismiss the edit scan schedule sheet by clicking outside, consistent with other other behaviors.
Credit Card Saving Fixed – Payment details entered in target settings now save correctly without needing to retry.
Time zone Consistency Across Pages – Fixed mismatches between scheduled scan times in summary and detail views when switching time zones.
Access Denied Error Resolved – Users no longer see “Access Denied” messages after clearing their cache or logging back in.
July 8th, 2025
New
Improved
This update introduces flexible plan management options, a refined vulnerabilities table, and key fixes to streamline your scanning workflows.
New Feature:
Easier Plan Management – You can now upgrade or downgrade your scanner subscription plans directly from the subscription settings page—no need to contact support. View pricing, compare tiers, and make changes with just a few clicks.
Improvements:
Locked Scope URL Field Handling – The Scope URL field is now clearly disabled when editing is restricted during target setup, reducing confusion and missteps.
Cleaner Findings Table UI – We’ve improved the alignment and interaction patterns in the findings table, offering a smoother and more intuitive review experience.
Bug Fixes:
“Under Review” Tag Accuracy – Fixed an issue where Astra scanner findings were incorrectly labeled as “Under Review” in certain cloud projects. Tags now reflect the correct state.