diff --git a/changelog.mdx b/changelog.mdx index 4f620bf..9b1151f 100644 --- a/changelog.mdx +++ b/changelog.mdx @@ -4,7 +4,43 @@ description: "New features, improvements, and fixes to the Hacktron platform." rss: true --- -{/* CHANGELOG:INSERT last-prod-sha=4b314a3536105727eddda2a900d822e02633438f - the changelog workflow inserts new blocks directly below this line. Do not remove this marker. */} +{/* CHANGELOG:INSERT last-prod-sha=fbbbf5cf881c716c00a469e53524fdbbecbb46fd - the changelog workflow inserts new blocks directly below this line. Do not remove this marker. */} + + + ## A new Context page for your repositories, applications, and threat models + + **Context page**: A dedicated Context page now gathers what Hacktron knows about your code, split across Repositories and Applications tabs. Cards are sorted by most recent threat-model update and show a badge for each model's status; clicking one opens its threat model. + + **Applications**: Group related repositories into an application, and Hacktron synthesizes an application-level threat model by merging the threat models of its member repos. You can scan an application as a single target so findings are grounded in the combined model, and any context documents you upload to the application are folded into it. + + **Threat models**: Repository and application threat models now open in an inline reading view with a file tree and outline, and you can edit them with your changes preserved across regenerations. + + **Redacted findings on public PRs**: For public repositories, the PR review comment no longer includes full titles, descriptions, proof-of-concept code, or file locations for findings outside the changed lines. You see a count and a link back to Hacktron, so sensitive details stay out of the public thread. Private and internal repos are unchanged, and inline comments on the diff itself are unaffected. + + **Org-level fail-on severity default**: Organization admins can now set a default severity threshold for PR/MR checks in settings. Individual repo configs still take precedence when set. + + **Enterprise SSO sign-in**: A dedicated single sign-on page and a "Single sign-on (SSO)" button on the login screen let users authenticate via your organization's SAML or OIDC identity provider. Invite tokens survive the IdP round-trip, so onboarding links still work. + + **Duplicate marking in the MCP tool**: The `update_finding` MCP tool now accepts a `duplicate_of` field so you can mark or unmark duplicates programmatically. + + **[Set up GitHub or GitLab →](/code-review/integrations/github-gitlab)** · **[Start a Whitebox scan →](/white-box-pentest/quickstart)** · **[Read the API reference →](/api-reference/findings/update-finding)** + + + + ## Dismiss a finding and your PR check clears instantly + + **PR and MR checks update on triage**: When you mark a finding as a false positive or accepted risk, the GitHub check or GitLab commit status flips back to passing right away, with no manual re-run needed. If you later reopen the finding, the check fails again to match. + + **Close findings as duplicates**: You can now mark a finding as a duplicate of another finding in the same repository, and unmark it if needed. A duplicated finding inherits its canonical finding's severity when the PR gate counts blocking issues. + + **Scan volume chart**: The dashboard's scan volume widget now shows a stacked bar chart instead of a line graph, with a tooltip on each bar showing the Code Review and Whitebox scan counts for that day. + + **Upload scans named after the archive**: When you start a Whitebox scan from an uploaded archive, the scan now takes the archive's filename as its name instead of a generic label. + + **Legal agreement before trial or billing**: You now review and accept the terms of service before starting a free trial or adding a payment method. + + **[Set up GitHub or GitLab →](/code-review/integrations/github-gitlab)** + ## Control your scans and account security like never before