Comment on page
2023
One of the most requested and highly anticipated features has arrived – Vulnerability Form Builder!
You now have full control over how your vulnerability form can be built:
- Re-arrange all of your existing fields into your preferred display order
- Create custom sections, then group and order your fields into their relevant sections
- Re-name and re-order existing sections
- Use logic to show relevant vulnerability sections and fields based on the testing types assigned to the project
- Improved vulnerability page view to match your preferred vulnerability user experience
Vulnerability Form Builder provides unprecedented levels of customization when it comes to how you want to create and view your vulnerabilities.
You can create custom sections and fields for different types of security testing, for example red team assessments, pentests, configuration reviews, code reviews, social engineering, etc.
You can combine sections and fields and choose when you want them to be displayed.
For example - your project might include web application, infrastructure and mobile application testing. You can show the relevant sections and fields based on the types of testing assigned to the project.
We have also improved the way vulnerability fields are presented when viewing the vulnerability. Your sections and display order are now fully supported, helping you to group and highlight the most important information for your remediation teams and customers.
You can now completely re-arrange all of your fields and sections! Don’t want to follow the standard layout? No worries, adjust it to how YOU want it.
You can now create custom sections to group your vulnerability fields into where they belong, according to you.
Existing sections can be re-named, re-ordered or even dismantled. When we say you have full control – we really mean it!
Hide Expressions are now supported on sections.
Project fields are now also supported in vulnerability hide expressions.
This means you can create vulnerability forms which are relevant to your projects – creating a more personalized vulnerability experience!
When viewing a vulnerability, you will now see the relevant sections and fields for that vulnerability.
You can also control the order in which the sections and fields are displayed, so you can view the data the way you and your customers need it!
We have just released another massive update for AttackForge ReportGen: The ultimate pentest reporting tool!
This release includes the much-anticipated ReportGen CLI tool; ReportGen NodeJS library; support for testing your Combined Report templates; one (1) new option; two (2) new styles; and support for charts in loops - adding even more power to your reports!.
This release comes with two new ways you can build or program your reports.
The ReportGen Command Line Interface (CLI) tool is ideal for people who prefer to build pentest reports on the command line; and combine ReportGen into an existing automation or pipeline.
You can create automations combining ReportGen CLI with Self-Service API Events.
For example, you can create real-time automated PDF reports and have them securely emailed to your customers, posted to a Slack/Teams channel, or uploaded to a ticket.
The ReportGen NodeJS library is ideal for people who want to simply "import" ReportGen into their existing codebase or scripts and build custom penetration testing reports easily and effortlessly natively in your own code.
Building Combined Reports has never been easier – now you can use the ReportGen browser tool to create and test your Combined Report templates.
These reports combine multiple project JSON files, to create a single report using data from multiple projects.
To do this, simply select multiple JSON files on the 'Select Your JSON File' step when using the ReportGen browser tool.
This release introduces a new option which allows you to enable or disable automated figures which are inserted for every inline image contained within the styled tags.
You can disable automated figures as follows:
{@..._styled(“image_figure”:“none”)}
This release introduces a new style which allows you to independently set a style for inline images contained within the styled tags.
This allows you to have finer control over the styling which is applied to the images.
For example, this guide will show you how to automatically apply a border to every inline image in your report, using this new style.
This release introduces a new style which allows you to independently set a style for inline image descriptions contained within the styled tags.
This allows you to have finer control over the styling which is applied to the descriptions which appear beneath the inline images, for example the captions or filenames.
You can now create charts inside loops. For example, this is useful if you are creating a new chart for every vulnerability.
We have improved the access controls you can set on your Writeups libraries.
You can now independently assign View or Edit access to every Writeups library, including the Main, Imports, Project and Custom libraries.
This means you can give people access to see writeups in a particular library, without having to risk them making any changes.
You can assign View access to allow users see the writeups, link them to their vulnerabilities on projects, or even create derivatives in a library they have Edit access to.
Access to libraries can now be assigned to any user based on their Role, membership on Groups, or individual assignment.
If you are using Groups, you can now assign those groups to the libraries – making Writeups library access easier to manage.
You also no longer need to assign the Library Moderator role. The new Writeups access controls will be applied based on your configuration settings, without having to change any user’s personal settings or user role.
You can now upload files and evidence, and set inline images, for the following:
- Writeups
- Remediation Notes
- Test Cases
- Test Case Notes
This means you can now:
- Configure images/diagrams/illustrations to support your vulnerability descriptions, attack scenarios and remediation recommendations. You only need to set this one time during creation/editing of the writeup in your library.
- Capture your remediation evidence directly against the remediation notes for every round of retesting. Even your engineers and customers can upload evidence too against their remediation notes!
You can also:
- Configure images/diagrams/illustrations to support your test case details and execution flows. You only need to set this one-time during creation/editing of the test case in your library.
- Capture your test case evidence directly against the test case notes.
You can also display these images in your reports using the {@..._styled} tags and the files are also available via the Self-Service APIs.
We have improved the user experience when interacting with tables in AttackForge.
Now, when you make any changes to your projects or vulnerability tables, for example when you filter your data, sort your columns, or even view data from a particular table page – if you navigate away from the table, for example you click on a link to view the data – when you come back to the table, everything remains preserved as if you never left the table!
This makes it easier to configure your tables with your preferred filtering and sorting and ensure that AttackForge remembers that for you for the duration of your session.
We have redesigned the user interface to better support narrow screens, wide screens and high-resolution 4K screens.
There is now more information presented on every screen, making it easier to see the important information you need without having to scroll the page or table.
It also supports better dashboards and analytics views.
You can now filter and view all asset-related data when creating a project, as well as viewing and managing scope on a project after creation.
This makes it easier to find the exact assets you need to include on your project, as well as bulk actions for easy application to projects.
You can now suppress email notifications when creating review notes.
This can help to reduce email noise during review cycles and focus notifications on the areas that matter most.
You can now drag-and-drop your columns in your table settings.
This makes it easier to re-organise your tables into your preferred viewing style.
Now you can click on any inline image and open it in an image previewer.
You can now edit your remediation notes and test case notes.
This applies to owners of the record, or Administrators.
We have added more data columns in more places.
Vulnerability tables now include Status Last Updated datetime.
Users table also now includes login type i.e. local or SSO.
Test cases table also includes a count for all linked vulnerabilities for each test case.
You can now see the linked project request from the project dashboard and navigate to it.
You can also navigate to a linked project from the actioned project request.
There is now a shortcut button to edit a test case in the Test Suites module directly from the project test case page.
This makes it easier to make changes to test cases when required.
When you are now enrolling your mobile authentication app for MFA by scanning the QRcode, there is an option to go back to the QRcode in case there are issues when trying to enter in the code.
We have added more ways to access the Support Centre, including from the user actions menu in the navigation bar.
User select fields now group deleted users and present them at the bottom of the list, making it easier to search between active and deleted users.
Our AttackForge customer community asked for it, and now it’s here.
Rich-text fields are now supported for the following fields in application and well as in reports and via the Self-Service APIs:
- Remediation Notes
- Vulnerability Notes
- Project Workspace Items
- Test Cases: Details field and Execution Flows
- Abuse Cases
- Test Case Notes
Make sure to update your reporting templates to use the {@..._styled} variation of the relevant tag, to ensure it renders as rich-text in your reports.
You can now easily import test cases into your test suites, in JSON, CSV or AttackForge Community formats.
We have also released a GitHub repository with the latest industry testing standards, which you can now easily import into your test suites.
This helps to keep you up to date on the latest developments in testing standards.
The following standards are now supported:
- OWASP Web Security Testing Guide Version 4.2
- OWASP Application Security Verification Standard (ASVS) Version 4 - Level 1
- OWASP Application Security Verification Standard (ASVS) Version 4 - Level 2
- OWASP Application Security Verification Standard (ASVS) Version 4 - Level 3
- OWASP Mobile Application Security Testing Guide (MASTG) Version 2 - Level 1
- OWASP Mobile Application Security Testing Guide (MASTG) Version 2 - Level 2
- OSSTMM Version 3 - Human Security Testing
- OSSTMM Version 3 - Physical Security Testing
- OSSTMM Version 3 - Wireless Security Testing
- OSSTMM Version 3 - Telecommunications Security Testing
- OSSTMM Version 3 - Data Networks Security Testing
You can now easily import test cases into your test suites, in JSON, CSV or AttackForge Community formats.
We have added an option which allows Admins to force a local user account to set a new password upon next login.
This is useful if you are inviting new users to your AttackForge and the user is not using the password reset workflow.
This feature can be enabled when creating/inviting the user, or via the users’ access settings page.
We have added bulk actions on the projects, users and assets tables – to help reduce repetitive tasks.
We will be extending these actions over the next few releases to help further to improve efficiency and reduce repetitive tasks in AttackForge.
We have added an option to import vulnerabilities from Checkmarx Software Composition Analysis (SCA).
This import option supports JSON and XML export formats.
You can now create review notes without specifying a topic.
This is useful if you have generalized comments relating to entire vulnerabilities or executive summary.
We have improved the user experience for importing vulnerabilities.
Now, when you import vulnerabilities – you can access the results for every vulnerability which was:
- Created
- Skipped
- Failed
- Not Imported
You can now also skip duplicate detection when importing vulnerabilities.
This could be useful if you need to force an import, regardless of the existing vulnerabilities on the project.
In this release we have improved our Self-Service REST APIs to provide more flexibility and options when interacting with AttackForge.
We added a new endpoint which can be used to programmatically apply or update vulnerability remediation SLAs.
See link for more information:
We added a new endpoint for programmatic rolling of Self-Service API key for user.
See link for more information:
We added a new endpoint which allows adding bulk test cases to a test suite.
See link for more information:
We added two new endpoints which allows to retrieve and update the new vulnerability form builder config.
See links for more information:
We added two new events for real-time notifications when evidence is created and updated on vulnerabilities.
See links for more information:
We added two new events for real-time notifications when remediation notes are created and updated on vulnerabilities.
See links for more information:
We added support for Advanced Query Filtering for the GetProjects REST endpoint.
See link for more information:
We updated all GetProject related endpoints to return the test suite names and ids assigned to the project.
We created a short video on how to effectively use the new Vulnerability Form Builder included in this new release.
We also created a short video on how to perform an efficient infrastructure penetration test in AttackForge.
One of the most highly anticipated and requested workflows has just arrived!
Introducing Grouped Assets on Vulnerabilities.
You now have a choice for how you want to create and use vulnerabilities:
- Create unique vulnerabilities on every project, and assign relevant affected assets to each unique vulnerability;
- Create individual vulnerabilities for every asset; or
- Create a combination of unique vulnerabilities and individual vulnerabilities – for ultimate flexibility!
A single vulnerability can now have many affected assets assigned to it.
This can include detailed information for each affected component on every asset.
Using grouped assets on vulnerabilities can help you to:
- Increase efficiency when working on infrastructure penetration tests;
- Reduce the overall number of vulnerabilities whilst preserving affected asset data;
- Reduce effort required for quality review cycles on vulnerabilities;
When you next import vulnerabilities on your project – you will have a choice between selecting Individual or Grouped.
Individual will allow you to import your vulnerabilities as you always have.
Whereas Grouped will allow you to automatically group affected assets for each vulnerability.
In the example below, we can see there was a 94% reduction in vulnerabilities, whilst preserving the same amount of data.
This means you can focus your attention on the important vulnerabilities and track their affected assets much more efficiently.
You can view all of the affected assets, and for each asset – see related data for its affected components.
You can configure the Grouping options to adjust the rules for how the grouping is performed.
Once you have made your selection, you can move to the Edit and Review step.
Here you can see the final set of vulnerabilities for selection and make any remaining adjustments as needed prior to import.
You can still choose to configure your import options such as dynamic parser actions and selection of libraries.
Once your import begins, you will be kept update to date with its progress.
And once it’s finished, you will see a summary of the import and option to view the vulnerabilities.
Vulnerabilities with grouped assets will now show in your vulnerability tables, with option to expand each vulnerability to see its asset data.
When you next create a vulnerability – you will have a choice when determining how you want the assets to be assigned and tracked on the vulnerability.
You can choose between Individual and Grouped.
Individual will allow you to assign your assets to vulnerabilities as you always have.
Whereas Grouped will allow you to create a single vulnerability and assign all affected assets to the vulnerability.
Every asset can have its own notes, tags, and components.
Components can be used to track which part(s) of the asset has the vulnerabilities.
Every component can also have its own notes and tags.
Every asset can be individually tracked and actioned.
This is useful for monitoring the progress against assets on a vulnerability.
We have just released another massive update for AttackForge ReportGen: The ultimate pentest reporting tool!
This release includes two (2) new Pentest Report Templates; support for grouped assets on vulnerabilities; a new support site for ReportGen; two (2) new options; seven (7) new filters; new styles; a new function; support for figures and more - adding even more power to your reports!.
Support for grouped assets has been added in this release of ReportGen.
For details on how adjust your template to take advantage of grouped assets, please visit this Support Page.
This release introduces two (2) new pentest reporting templates:
- Pentest Report v3.1 - a template showcasing the features available in ReportGen v2.7+
- Pentest Report v3.2 - a template with minimal logic which can be used out-of-the-box, and has support for grouped assets on vulnerabilities
We have also released an updated example JSON test file which can be used for testing your templates.
As part of our mission to support the growing community of AttackForge users, we have released a new dedicated Support Site for ReportGen.
This Support Site provides:
- Information on getting started with ReportGen;
- Template examples to achieve common use cases and reporting needs; and
- Place to ask questions and receive tips and help from our support team and the community.
We hope the new Support Site for ReportGen will make it easier for everyone to build awesome testing reports, with minimal effort!
You can now assign individual rich-text fields to different custom styles which are in your template.
This feature can be used with {@execSummaryNotesStyled}, {@description_styled}, {@attack_scenario_styled}, {@remediation_recommendation_styled} or any styled custom fields.
In the previous release of ReportGen, we added support for including custom options to configure how your image descriptions are displayed in reports.
You can configure the images to show captions; prefer captions; show filename or show nothing.
In this release, we extended this feature to support any styled tags, including your own custom rich-text fields.
In this release, we added support to render custom rich-text fields.
You need to use the following format for the tag in order to render it in the report:
{@KEY_styled}
Where KEY is substituted for the custom field key for the rich-text field.
All images will now automatically prefix Figure X: to the image description.
This means you no longer need to manually inject figure numbers for each of your images inserted dynamically by ReportGen.
Figure numbers take advantage of Microsoft Word dynamic fields so you can easily update them if you need to manually insert any new images.
You can use this new function to perform an equality comparison for a variable against a value using a Regular Expression test.
It performs a global, case insensitive test. For example, you can use it to test whether data is a URL, or an IP Address.
You can convert a number to a floating-point number.
You can convert a number to an integer.
You can round a number to the nearest integer.
You can round a number up to the nearest integer.
You can round a number down to the nearest integer.
You can capitalize the tag. The first character will be uppercase, all others lowercase.
You can title case the tag. Words will start with uppercase letters, all remaining characters are lowercase.
To make debugging easier, we have added styled and label-supported $help functions.
Now when you use the $help function, the browser console will style and color-code it according to whether it relates to Scope or Variables.
In addition, you can pass labels to every $help function to make it easier to debug your template and is especially useful when printing multiple $help statements.
Now when you insert any tags in your template which contain rawXML, such as styled tags for rich-text fields - the line breaks above and below the data will be automatically removed. This makes your reports look cleaner and reduces the need for manual post-generation efforts to remove the additional line breaks.
You can now inject your Test Case Workspace Notes into your JSON export, to make the data available for reporting purposes.
To do this, go to the Administration module, and from the Projects menu - select Test Case Workspace Notes from Export Project as JSON Additional Items section.
You can now view thumbnails for any uploaded image, as well as preview the image within the browser instead of having to download it.
You can now import assets directly to your projects from your NMAP and Masscan files.
This will save you tons of time having to create assets manually!
You can also take advantage of the additional Hostnames and Ports fields if you are using the Assets Module.
These fields will be stored against the Asset in the module, so you can monitor and manage Hostnames and Ports centrally (outside of your projects).
You can also view and modify the data prior to importing.
You can now export a JSON file for a selection of vulnerabilities only.
This will include all of the reporting data for those vulnerabilities.
Now when you create a new vulnerability; or edit an existing vulnerability – you can search all of your Writeups which you have access to, without having to first select a library.
You can now create custom fields using the new ‘List’ type.
Lists are great for assigning multiple inputs for a field, for example creating your own tags or actions.
List types are also the required type when choosing to include Hostnames and Ports on Assets using the new NMAP and Masscan import options.
You can now bulk archive writeups via the Writeups module. This makes it easy to remove unwanted writeups.
Archiving writeups will not impact any of your existing vulnerabilities which already reference those writeups.
You can now bulk assign assets to test cases on a project.
This is useful when you need to specify which assets in-scope for testing apply to each test case.
We have improved the server performance when searching or accessing any of the following data within AttackForge:
- Projects
- Assets
- Vulnerabilities
- Writeups
This means you should have lightning-fast response times when loading pages and menus!
Privileged users can now view all of the asset data for in-scope assets directly from the Project Scope page.
This means you no longer need to access the Asset Module in order to get the data, and you can use the advanced filters to search your projects assets!
You can now send test emails for any of the custom time-based emails configured in your Administration options.
This makes it easier to verify that your custom email rules are correctly applied and ensure your emails are looking exactly the way you need them to be!
In this release, we have improved our Self-Service REST APIs to provide more flexibility and options when interacting with AttackForge.
We have updated the GetProjectsAndVulnerabilities endpoint to support q_project and q_vulnerability advanced query filters.
We also updated the GetVulnerabilities endpoint to support the q_writeup advanced query filters.
Advanced query filters allow you to create database-like custom queries which give you the power and flexibility to get the exact data you need.
This saves you the time and hassle of having to create integration code to make multiple queries or filter out the data you do not need.
For more information on how to take advantage of advanced query filters – please visit this Support Page.
We created a new RESTful API endpoint - DownloadWorkspaceFile - which can be used to download a file from a projects’ workspace.
You can now configure view & edit access controls for your custom fields, and apply them to individual roles, groups or users.
This opens a world of new possibilities, for example:
- Create custom project request forms for different customers, teams, business units or individual users
- Personalize your project request forms to your customers’ needs and requirements
- Set up tailored forms for your pentest-as-a-service (PTaaS) to match your customers’ needs or subscription-level
- Have custom project fields for admin-eyes only, or for pentesters – without your customers seeing them
- Set project budgets; admin notes; integration fields – ensure confidentiality with access controls
- Configure project-level information for only your project coordinators or pentesters to see
- Define custom vulnerability and writeup fields for different pentest teams
- Create personalized vulnerability and writeup forms for infrastructure teams, application teams, remediation teams, etc.
- Configure custom vulnerability and writeup fields for different customers
- Control what vulnerability information is shared with which customers or teams
- Assign custom asset and portfolio fields for different customers
- Configure information that is only relevant for specific customer assets or portfolios
You can also preview what your users can see using the ‘view-as’ feature.
This can help you to easily and quickly configure and manage your access controls.
All custom field access controls are also honored via the APIs, so unauthorized users cannot view or edit custom fields they are not supposed to.
You can now configure custom fields with the following types:
- Table
- Rich-text
- User(s)
- Group(s)
These new types allow you to capture information on projects, vulnerabilities, assets, writeups, portfolios and test cases in ways never seen before in AttackForge.
Combining these new custom field types with the new ability to set access controls on custom fields, you can have this information available only to people with need-to-know.
- Table custom fields
Table custom fields are a great way to collect and use data in AttackForge and in your reports which is in a tabular format.
For example, you may be performing a configuration or firewall review and the data from your tools only outputs into CSV or tables.
Now you can easily import that data from the APIs, edit the data in the application, and display the data in your reports.
- Rich-text custom fields
Rich-text custom fields have been one of the most requested custom field types – and its finally here!
You can set up rich-text enabled custom fields to use for your writeups or vulnerabilities, and best of all – it is supported in reports as well, so you can have custom styled fields easily and effortlessly showing for your customers. This also means you can enter data using lists, or create sections in your data using headings, or even highlight code snippets.
- User custom fields
User custom fields open the door to possibilities to assign users in AttackForge to projects or vulnerabilities.
For example, you may want to create Peer Review and Tech Review fields on your vulnerabilities and assign users accordingly.
Or you may want to associate a Level 1 Owner and a Level 2 Owner to certain vulnerabilities. This is all now possible.
User custom fields support single-select and multi-select, for cases when either one or many users can be assigned.
- Group custom fields
Group custom fields also opens many possibilities, such as assigning groups to vulnerabilities.
For example, you may want to associate a particular group to a vulnerability who are tasked with responsibility to fix it.
Group custom fields support single-select and multi-select, for cases when either one or many groups can be assigned.
We have added support for a new category of custom fields – test cases.
You can now define custom fields on your test cases and have this information available to your pentesters or customers.
We have also extended support for this new category in the Self-Service APIs.
You can now assign a custom information message to display in the information panel when users are completing your custom fields.
This is useful to help guide users on what information to enter in or select when filling in forms within your AttackForge.
You can now reorder your custom fields using drag-and-drop or clicking on the up and down buttons.
This makes it easy and efficient to set up your forms the way you need them to look.
You can now configure access controls on your reporting templates. This makes it possible to:
- Have different reports for different customers
- Personalize reports to your customers needs, for example add their logo or only the data that they need
- Separate reports that your security team uses to that of your customers
- Tailor reports for different business units, without conflict!
You can now delegate the ability to add test suites and abuse cases on projects to other roles and users.
This makes it possible to now allow your pentesters to have authority to perform this action when needed.
These delegations can be applied to entire roles from Administration page, or to individual users via the User --> Access --> Delegations feature.
You can now configure custom rules for your pentesters to use when performing an import of vulnerabilities.
These rules work as dynamic custom parser actions, telling AttackForge how to map the imported vulnerability to a correct entry in your chosen writeups library.
It’s a great timesaver and made even more efficient now that you can save predefined rules and let your pentesters chose the relevant rule (and extend upon it) when importing.
Custom rules can be configured in Administration --> Vulnerabilities.
You can now configure a custom background color for your login page.
We have just released our biggest update ever (v2.6) for AttackForge ReportGen: The ultimate pentest reporting tool!
This release includes a new Pentest Report Template (v3); support for charts; four (4) new functions; three (3) new filters; new options; new styles, new variables and updates to existing filters and functions add even more power to your reports!
All examples mentioned in these release notes can be found on the homepage of the ReportGen tool.
This release introduces a new contemporary pentest reporting template - showcasing the possibilities now available in ReportGen v2.5+.
The new Pentest Report Template v3 includes:
- Logic for a multi-phase project e.g. Web App Pentest + Infrastructure
- Redesigned Executive Summary, using custom Charts
- Redesigned Summary Findings
- Redesigned Vulnerability Details with more information and enhancements
- Redesigned Test Cases Details
This new template can be downloaded directly from within the ReportGen tool.
You can now create custom charts in your reports! The following charts are supported:
- Vertical Bar Charts
- Horizontal Bar Charts
- Pie Charts
- Donut Charts
Charts work with any data. You can create charts for your vulnerabilities, exec summary, test cases, attack chains or even categorize your data.
Charts also support Scope and Variables.
Every chart comes with configuration options (e.g. colors, font sizes, spacing, etc.) so you can configure and style the chart to your preferences.
A Dictionary is a flat list of key:value pairs. It can be useful for capturing dynamic data, or for grouping data.
You can refer to the Dictionary anywhere you need it in your report.
Dictionary is supported on the following Functions: $declare, $push, $assign, and $keys.
- Example 1: Using a Dictionary to count all affected assets for every vulnerability, then prints the count alongside the vulnerability name.
- Example 2: Using a Dictionary to store every phase of testing e.g. Web App, Ext. Infrastructure, Int. Infrastructure etc. along with each vulnerability associated to each phase of testing, then print the phase and its vulnerabilities.
We have made it possible to now combine Filters with your Functions!
This can be achieved in two (2) different ways:
- Example 1: Using a Filter inside the Function
- Example 2: Chaining a Filter to the output of a Function
For AttackForge Core and Enterprise users, you can now style your vulnerability descriptions, attack scenarios and remediation recommendations!
These tags will render a styled version based on the style set in-app using the WYSIWYG editor.
To switch over to the new styled tags, update your template to include the new tags.
{@description_styled}
{@attack_scenario_styled}
{@remediation_recommendation_styled}
We have added support for two (2) new styles:
- AF Normal which can be used to create a custom style for normal text inserted via the {@..._styled} tags.
- AF List which can be used to create a custom style for bullet and numbered lists inserted via the {@..._styled} tags.
These new styles provide the ability to have custom formatting for how your normal text and lists are displayed in your reports when using the {@..._styled} tags.
To get started, create two new styles inside your Word template with the names 'AF Normal' and 'AF List'. Then apply a format to these styles.
When ReportGen builds your report, it will automatically map to these styles for you.
This option can be set against the {@proof_of_concept_styled} tag in order to adjust how the filename or caption is displayed under an image.
- image_description: caption - will display the caption if it exists, otherwise will display nothing.
- image_description: prefer-caption - will display the caption if it exists, otherwise will display filename.
- image_description: caption - will display the filename.
- image_description: none - will display no caption or filename.
You can use this new filter to retrieve the value for a Dictionary.
- Example: Using a Dictionary to count all affected assets for every vulnerability, then prints the count alongside the vulnerability name.
Use this function to check if you are in the first iteration of a loop.
For example, if you want to add a section heading BEFORE printing the vulnerability titles.
Another example is if you want to check if it IS NOT the first iteration of a loop.
Use this function to check if you are in the last iteration of a loop.
For example, if you want to add an extra line break after every vulnerability title except for the last.
Another example is if you want to check if it IS the last iteration of a loop.
Use this function to print the current index of the loop you are iterating over.
You can use this filter to search for a value in a string and return the results (substring) if found.
You can use this filter to access an item in an array using its index number.
We have now made it easy to perform a custom sort based on your custom tags or custom fields!
You can now select one or more vulnerabilities, can create a custom report with only that selection.
This is useful when you need to get a report out to different teams, with only the context for vulnerabilities which are relevant to that team.
