Changelog

Follow new updates and improvements to Astra Security.

February 12th, 2025

New

Improved

Fixed

This update introduces new features, improvements, and essential bug fixes to enhance your platform experience.

New Features:

  • Workspace Name Editing – You can now update your workspace name directly from the dashboard, more specifically workspace general settings page—one of our most requested features!

Improvements:

  • Enhanced Mobile App Onboarding (iOS & Android) – Step 4 of the onboarding flow now includes a clearer message about the type of email users should enter, aligning with the web app experience for better consistency.

  • Automatic Scan Scheduling for Cloud Targets – Schedule scans automatically while setting up cloud targets, ensuring better efficiency and security coverage.

Bug Fixes:

  • Fixed Cron Builder Issue for Daily Scan Schedules – The yearly setting in the cron builder for daily scans was incorrect—this has now been resolved.

  • API Target OAuth2 Authentication Issue – OAuth2 authentication details for API targets now save correctly, preventing configuration errors.

  • Image Functionality in Vulnerability Details – Clicking outside an expanded image in the vulnerability details sheet now properly collapses the image instead of navigating away.

  • Fixed Saving Issue for Cloud Target Setup – Updates in the Cloud Target Setup settings page now save consistently without errors.

Stay tuned for more exciting upcoming features and updates!

January 31st, 2025

This update brings several improvements and critical bug fixes to enhance platform functionality and user experience.

Improvements:

  • Collapsible Sidebar for Extra Space: You can now collapse and expand the sidebar, giving you more screen space to work efficiently.

  • Enhanced Web Asset Setup: Added WAF and Potential Sensitive Endpoints fields to help pentesters avoid unnecessary roadblocks while testing.

  • New GCP Programmatic Access Docs: Find step-by-step guidance in our OrbitX documentation to easily configure GCP programmatic access.

  • Added Scan Scheduling: You can now schedule scans directly in the final step of Web, Cloud, and API target setup, making scan management easier.

  • Pentest/Scan Starter Details: The Pentest and Scan Details pages now display who started each scan, improving visibility and accountability.

  • Quarterly Pentest Automation: You can now automate pentests on a quarterly basis, ensuring continuous security and compliance.

Bug Fixes:

  • Fixed Programmatic Access Page Issue: The Programmatic Access page no longer breaks for targets without a cloud provider set. This issue was affecting older targets.

  • Pentest List Pagination Issue: Clicking "Back" from the details page now correctly loads the full Pentest List, instead of showing only five entries.

  • Search in Automated Test Cases: The search bar now works as expected, allowing you to quickly find automated test cases without issues.

  • Fixed Cloud Target Setup Credentials Step: The user credentials step in cloud target setup now functions correctly, ensuring a smooth setup experience.

  • Duplicate Updates on Removing a Member: Fixed a bug which was sending duplicate slack updates on removing a member from a workspace.

Stay tuned for more exciting upcoming features and updates!

January 21st, 2025

New

We're excited to introduce enhanced integration options in the Astra API Security Platform, making it easier to monitor and secure your API traffic across various environments and tools.

What's New?

1. Cloud Mirroring Integrations (AWS & GCP)

  • Effortlessly mirror and observe HTTP traces from AWS and GCP environments.

  • Gain deep insights into API calls and network requests across cloud platforms.

  • Improve visibility into cross-service communication for better security monitoring.

2. Proxy Instrumentation

  • Capture HTTP traces from popular tools like Postman, Burp Suite, cURL, and more.

  • Leverage MITM proxy integration to collect detailed request and response data in OpenTelemetry-compliant formats.

  • Use domain-based filtering to focus on relevant API traffic and reduce noise.

These updates empower security teams and QA testers with better observability and control over API traffic, improving traceability across manual and automated testing workflows.

January 10th, 2025

New

We’re excited to announce that Astra is now available on the Vanta Marketplace, bringing seamless compliance management to your fingertips.

What’s New?

  • Streamlined Compliance Workflows
    Integrate Astra’s pentest data directly into your Vanta dashboard to simplify compliance readiness and track vulnerabilities more efficiently.

  • Push Pentest Data Directly

    Now, easily push Astra pentest data into your Vanta account, enabling automated compliance workflows and ensuring up-to-date vulnerability insights.

  • Custom Integration Options
    Effortlessly connect Astra with your Vanta account using the marketplace integration, ensuring a hassle-free setup.

This integration empowers you to manage compliance workflows more effectively and ensures all your security data is consolidated in one place for faster and smarter vulnerability resolution.

Start leveraging Astra’s Vanta integration today and stay ahead in compliance management!

December 11th, 2024

This update brings a new feature, and essential bug fixes to enhance your platform experience.

Features

  • Effortless Workspace Ownership Transfer: You can now transfer your workspace ownership to another user directly from the dashboard, simplifying account management.

Bug Fixes

  • API Target Configuration: Resolved a problem where API target configurations, including comments and notes, weren’t saving correctly, ensuring all data is retained.

  • Programmatic Access Stability: Resolved an issue where the Programmatic Access page would break for targets without a cloud provider, improving reliability for older targets.

  • Dashboard Scan Renaming: Fixed a bug causing errors when renaming scans, ensuring consistent functionality and seamless updates across the dashboard.

  • Scheduled Scans Functionality: Addressed an issue preventing scheduled scans from running, ensuring automated scans work as expected.

  • Risk Score Sorting: Corrected an issue where sorting vulnerabilities by "Risk Score" wasn’t functioning, allowing easier prioritization of risks.

  • Certificate Downloads: Fixed an error that prevented certificate downloads, ensuring uninterrupted access to your documentation.

  • IPA File Uploads: Resolved an issue causing errors during IPA file uploads, streamlining the setup process for iOS targets.

November 28th, 2024

New

We’re thrilled to announce the beta launch of powerful upgrades to the Astra API Security Platform, designed to strengthen your API defenses and simplify security management at scale. Here's what’s new:

Smarter API Discovery:

  • Detect Zombie APIs: Identify outdated or unmaintained APIs vulnerable to exploitation.

  • Reveal Shadow APIs: Uncover hidden APIs operating without proper authorization.

  • Spot Orphan APIs: Pinpoint unused or inefficient APIs within your infrastructure.

  • Prevent Sensitive Data Exposure: Secure APIs handling PII, tokens, and other sensitive data proactively.

Advanced API Security Testing:

  • Leverage Astra’s DAST scanner to shift left and identify OWASP API Top 10 vulnerabilities, CVEs, and data leakage risks early in development.

Real-World API Pentests:

  • Certified pentesters simulate real-world attacks, delivering detailed remediation insights and issuing a pentest certificate upon successful testing.

Seamless Traffic Connectors:

  • Now available: Integrations with NGINX Ingress and Kubernetes for effortless traffic monitoring.

  • Coming Soon: Use traffic mirroring to analyze HTTP packets, enabling comprehensive API security assessments across leading cloud platforms.

It’s time to take your API security to the next level! Stay one step ahead of API vulnerabilities with Astra. Start exploring these beta features today!


November 27th, 2024

New

Improved

Fixed

This update introduces a new feature, several improvements, and essential bug fixes to enhance your platform experience.

Feature:

  • AWS CLI Cloud Credentials Verification: You can now pre-validate AWS CLI cloud credentials before upload. Only valid credentials with appropriate permissions are accepted, ensuring a smoother and more secure integration process

Improvements:

  • Improved 'Need Help' flow: You are now required to add comments when marking vulnerabilities as "Need Help." This ensures better context is provided, allowing our team to offer more accurate and efficient support.

Bug Fixes:

  • Page Number Overflow in Findings Section: Resolved an issue where the page number in the findings section of vulnerability details overlapped for cases with a large number of pages.

  • Cloud Target Page Break: Fixed a bug that caused the programmatic access step to break for targets without a selected cloud provider in the previous step.

  • Validation Error for Blank HTTP Headers: Resolved an error during web target setup where leaving HTTP headers blank caused validation issues, despite the field being optional.

November 21st, 2024

Improved

Fixed

This update introduces performance improvements and key bug fixes to enhance your experience on the platform.

Improvements:

  • Search by Target Name on Automations Page: Easily search for scan schedules by target name on the Automations page for faster and more convenient navigation.

  • Improved Compliance Page Performance: Enhanced the loading speed of compliance pages for quicker access to information. Added a new timeframe filter to help you narrow down compliance data effectively.

Bug Fixes:

  • Notifications View Error: Resolved an issue that caused errors when trying to view notifications.

  • Member Limit Error in Members and Integrations Pages: Fixed a bug where workspaces with multiple subscription plans incorrectly displayed a "member limit reached" error.

November 12th, 2024

Improved

Fixed

This update introduces a new feature, valuable improvements, and essential bug fixes to enhance your platform experience:

Improvements:

  • Enhanced Certificate Scan Filter: Improved the scan filter on the certificate page to allow search and selection by specific scan names. Now, when you click "Get Certificate" from a particular scan, certificates are accurately filtered, making it easier to retrieve relevant certificates.

  • Standardized Time Format: Unified time display across the dashboard for a more consistent experience.

Bug Fixes:

  • Integration Page Loading Issue: Resolved an issue where the integration page failed to load after deleting an integration, ensuring smoother access.

  • Login Recording Refresh Fix: Fixed a bug where uploaded login recordings would disappear if the page was refreshed. Files now display correctly after full upload processing.

  • Pentest/Scan Filter on Compliance Page: Added filter options to the compliance page to manage vulnerabilities by selected pentests or scans.

  • Correct Total Count on Certificate Filter: Addressed an issue displaying incorrect total certificate counts when filtering by business name and scope.

  •  "Create Ticket" Button in Jira Integration: Resolved an issue where the "Create Ticket" button was missing for some vulnerabilities in the Jira integration

November 6th, 2024

Improved

Fixed

This update brings several enhancements and key fixes to improve your overall experience with the platform.

Improvements:

  • Enhanced Visibility for Adding Team Members: Improved the layout to make adding team members easier across dashboard sections, supporting faster team expansion.

  • Optimized Layout on Pentest and Continuous Scan Pages: Improved data visibility on Pentest and Continuous Scan pages by replacing the “Go To” side menu with a sticky top navigation bar, allowing for easier access to row information without horizontal scrolling.

  • Public Certificate Page Redesign: Updated the design on the public certificate page for clearer navigation and minimized confusion related to the preview and real certificate.

Bug Fixes:

  • Scan Deadline in Emails: Resolved an issue where scan deadlines were missing from email notifications, ensuring they now appear correctly.

  • Fixed Dark Mode: Fixed a bug that caused display issues with text and illustrations under specific system theme settings.

  • Fixed Workspace Selection for More Target Integration: Fixed an issue where the workspace would unintentionally reset to the default on adding more targets to an integration. Now, the originally selected workspace remains consistent, ensuring a smoother experience when adding multiple targets.

  • Password in Setup: Corrected a display issue with masked passwords in cloud projects; passwords are now displayed as they should be.