Changelog

RegScale 6.31.1.2

[6.31.1.2] 06-11-2026

Fixes

Workflow Group Assignment Reliability

Resolved an issue where assigning a Workflow Group to a step did not persist or function as expected. Workflow Group assignments are now correctly applied, ensuring workflow steps follow the intended routing and ownership configuration.

Inventory Dashboard Navigation

Fixed an issue that prevented the Inventory Dashboard from opening when users selected the corresponding scorecard. Users can now successfully navigate from the scorecard to the Inventory Dashboard for a seamless reporting and analysis experience.

CLI 6.34.55

[6.34.55] - 2026-06-09

Changed

  • AWS Integration Performance update
    • Move all ComputeCollector boto3 clients to init for thread safety
    • Fix EC2 double-pagination — single-pass describe_instances
    • Batch ECS describe_clusters — O(n) API calls → O(1)
    • Parallelize AMI batch describe_images calls
    • Parallelize collect_all() with ThreadPoolExecutor — 5-10x speedup
    • Stream Security Hub findings page-by-page to prevent OOM
    • Remove unconditional 200ms sleep between Security Hub pages
    • Use compact JSON serialization for inventory cache
    • Pre-compile SEVERITY_PATTERN regex at module level in common.py
    • Stream findings through consolidation — remove list() materialization in sync_findings

Fixed

  • Fix FedRAMP CIS import crash on vendor workbooks with single-row headers
    • Guard out-of-bounds access and log extra CIS columns
  • AWS Integration
    • Add NextToken pagination to fetch_aws_findings_v2 and fetch_aws_resources
    • ClientError fallback, and add test coverage

CLI 6.34.50

[6.34.50] - 2026-06-08

Added

  • RSA Archer controls, findings, and evidence synchronization into RegScale
  • Tanium CIS benchmark import to RegScale security checks
  • FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row

Changed

  • AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record

Fixed

  • libxml2 explicitly installed in the Airflow container image to ensure the patched version is present and CVE-2026-43500 is resolved
  • CSAM import now reports per-domain partial failures in an end-of-run summary instead of silently masking a failed sync as a clean run
  • CIS/CRM import now directly scans the Instructions tab for the exact "System Name" header cell and reads the value from the row below it as a fallback when the primary column-header detection does not resolve a name
  • CIS/CRM import no longer crashes with IndexError or ColumnNotFoundError when the Instructions worksheet has fewer than four header columns
  • FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
  • POAM import no longer degrades on large finding sets due to oversized batch requests
  • POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
  • POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
  • POAM import now accepts container image references and other non-HTTP URI schemes (e.g. docker://, oci://) as asset identifiers, so container-scan POA&M rows are no longer silently dropped
  • Exception tracebacks are now automatically included in log output when an error occurs inside an except block

RegScale 6.31.1.1

[6.31.1.1] 06-05-2026

Changes & Enhancements

Workflow & Issue Management

  • Added validation to ensure FedRAMP High AU-2 requirements are properly enforced, helping organizations maintain compliance with audit logging and event monitoring expectations.
  • Introduced new vulnerability creation workflows within the Vulnerability Service and Issue Service, providing a more flexible and extensible foundation for future vulnerability management enhancements.
  • Added support Issue Workflows, enabling workflow capabilities similar to SSP Approval Workflows.
  • Improved issue creation behavior during STIG CKL imports to provide greater control over how imported findings are managed.
  • Enhanced issue workflow record linking to improve navigation and traceability between related records.

Questionnaire & Planning Improvements

  • Expanded Questionnaire support by adding additional entity types, including User, Facility, and Organization, for improved data collection and relationship management.
  • Added the ability to update Security Plans directly from Questionnaire responses, streamlining assessment and documentation workflows.

Security & Infrastructure

  • Hardened TCP Syslog/TLS processing to improve secure log transport and reliability.
  • Improved TLS connection handling for TCP Syslog integrations by ensuring TLS is always required when configured, regardless of SysLogTCPUseTls override settings.
  • Replaced a synchronous proxy HTTP implementation with an in-process background execution model, improving performance and reducing residual Server-Side Request Forgery (SSRF) exposure.

Fixes

Issue & Vulnerability Management

  • Resolved an issue where the First Seen Date was not being populated on issues generated from vulnerability imports.
  • Fixed an issue preventing the GetUserByUsername endpoint from functioning correctly when administrator credentials were used.
  • Corrected malformed links generated by Issue Workflow records, ensuring users are directed to the appropriate records.

Questionnaire

  • Fixed issues affecting Questionnaire entity handling and improved overall reliability when working with User, Facility, and Organization records.

Imports & Integrations

  • Corrected STIG CKL import behavior that could result in unintended issue creation during import processes.

CLI 6.34.45

[6.34.45] - 2026-06-03

Added

  • RSA Archer controls, findings, and evidence synchronization into RegScale
  • Tanium CIS benchmark import to RegScale security checks
  • FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row

Changed

  • AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record

Fixed

  • FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
  • POAM import no longer degrades on large finding sets due to oversized batch requests
  • POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
  • POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
  • Exception tracebacks are now automatically included in log output when an error occurs inside an except block

ROH 6.31.1.0

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA).

What's Included

Core Capabilities

ROH Beta Supports:

  • Multiple scheduled job configurations per integration to support different data sources, configuration options, secrets, etc.
  • Run instant jobs for ad hoc data loads
  • Job splitting enables breaking larger jobs up into multiple smaller batches to support processing very large collections of data more quickly
  • Review logs of currently running job executions or previously completed job executions
  • Review of the health of different ROH components from a dashboard about job workers
  • Managing different sets of credentials and settings in a secret set so the same kind of job can be run against multiple different environment with different credentials or environments
  • Executing jobs ad-hoc by a user pressing a button or running a job on a schedule without direct user interaction

Newly Supported Integrations

IntegrationCommand
AWSsync_assets
sync_findings
sync_findings_and_assets
sync_compliance
sync_config_compliance
sync_kms
sync_org
sync_iam
sync_guardduty
sync_s3
sync_cloudtrail
sync_cloudwatch
sync_cloudwatch_ex
sync_ssm
Axoniussync_assets
sync_findings
sync_all
sync_saved_queries
Azure Active Directorysync_admins
sync_general
sync_readonly
CrowdStrikecollect_evidence
sync_assets
sync_compliance
sync_incidents
sync_vulnerabilities
Entra Evidence Microsoft Defendercollect_entra_evidence
Google BigQuerycollect_evidence
sync_assets
sync_compliance
sync_findings
Jiraissues
tasks
Palo Alto Prisma Cloudsync_hosts
sync_images
sync_sbom
Qualyssync_cis_report
sync_qualys
SentinelOnesync_assets
sync_findings
sync_threats
sync_vulnerabilities
sync_all
Rapid7sync_all
sync_assets
sync_findings
Tenable.iosync_all
sync_assets
sync_findings
Tenable SCsync_all
sync_assets
sync_compliance
sync_findings
Wizinventory
issues
vulnerabilities
sync_compliance
compliance_report

Known Limitations

Functional Limitations

  • A ROH deployment can only execute two jobs at the same time. This behavior is not dynamic.
  • A ROH deployment can only talk to integrations using HTTP 1.1, HTTP 2 is disabled for stability purposes.

Performance Limitations

  • Issue Ingestion Limitations

    • The issue ingest functionality of the core RegScale Platform does not completely performantly for smaller batches of 100 items or less at a time. For integration_command sync_all and integration_command sync_issues commands, add the secret issuesBatchSize 500, Type Integer, and Category General.

  • Vulnerability Ingestion Limitations

    • The vulnerability ingestion functionality of the core RegScale Platform does not perform stably for large batches over 1,000 items at a time. For integration_command sync_all and integration_command sync_vulnerabilities commands, add the secret vulnerabilityBatchSize 500, Type Integer, and Category General.

  • Integration-specific Limitations

    • Azure AD

      • The azure sync_admins, azure sync_general, azure sync_readonly command is not near real-time. With default settings, the command will ingest approximately 333 users per minute successfully.
      • The azure sync_admins command will not perform reliably for ingesting more than 50,000 users at one time.

    • Jira

      • The jira issues command is not near real-time. With default settings, the command will ingest approximately 500 issues per minute.
      • The jira tasks command is not near real-time. With default settings, the command will ingest approximately 540 issues per minute.

    • Rapid7

      • The rapid7 sync_all command is not near real-time. With default settings, the command will ingest approximately 2,100 items per minute.
      • The rapid7 sync_assets command is not near real-time. With default settings, the command will ingest approximately 3,300 items per minute.

    • Tenable.io

      • The tenable_io sync_assets command is not near real-time. With default settings, the command will ingest approximately 1,300 assets per minute.
      • The tenable_io sync_findings command is not near real-time. With default settings, the command will ingest approximately 1,100 findings per minute.

RegScale 6.31.1.0

[6.31.1.0] 05-28-2026

Important Information regarding platform release 6.31.1.0 dependencies.

This release is the minimum required version to support RegScale Orchestration Hub (ROH) version 6.31.1.0.
Please see the ROH 6.31.1.0 release notes for more details regarding other requirements.

Changes & Enhancements

Security & Access Management

  • Added enhanced security controls to better restrict module permissions by user group.
  • Improved handling of server account bug-related access permission assignments.
  • Enhanced App Builder capabilities to better support Tenant and App Admin permission management through SSO.
  • Improved performance for Issue, Vulnerability, and Asset queries to provide faster response times.
  • Optimized assessment list page performance to reduce delays caused by large RBAC queries.

Workflow & Automation

  • Improved recurring questionnaire scheduling and processing reliability.
  • Enhanced workflow step panel behavior to prevent unnecessary issue detail page redirects.
  • Improved webhook reliability for API compliance integrations.
  • Enhanced streaming batch create/update processing to better support large SSP datasets.
  • Improved vulnerability batch processing logic to better detect and handle duplicate matches across plans.

Reporting & Data Export

  • Added support for exporting custom report fields in Excel date filter outputs.
  • Improved PDF chart rendering in reports for more accurate and consistent exports.
  • Enhanced handling of large SSP exports to improve overall stability and performance.

User Experience & Interface

  • Improved handling of dropdown field option rendering in forms.
  • Enhanced UI behavior when adding repeated treatments from Security Plan review controls and Risk Assessment workflows.
  • Improved Nessus compliance scan visualization by consolidating findings into a single vulnerability row while preserving host-level mapping data.
  • Updated local storage handling for request evidence link rendering behavior.

Compliance & Rules Engine

  • Improved Rules Engine stability and validation handling for grade rule management.
  • Enhanced vulnerability stream processing to better support large-scale SSP operations.
  • Improved handling of CVE matching validation within the ConMon process.

Fixes

API & Integration Fixes

  • Fixed an issue where API webhook requests could intermittently fail.
  • Fixed a problem preventing correct comparison of generated API documentation.
  • Resolved intermittent failures affecting AI access requests.
  • Fixed an issue where the Asset Delete webhook was not firing correctly.
  • Corrected API response handling for password reset operations returning incorrect HTTP 400 responses.
  • Fixed API behavior preventing the admin change password action from triggering properly.

Authentication & Permissions

  • Fixed an issue where assigned permissions could incorrectly return HTTP 401 errors despite valid access.
  • Corrected issues with module permission enforcement and access validation.
  • Resolved caching issues that caused RegScale configuration sidebar visibility problems for critical admin menu items.

App Builder & Forms

  • Fixed an issue where the “Set Value” action was not visible in the Rule Builder.
  • Corrected App Builder form rendering and field visibility inconsistencies.
  • Fixed right navigation dropdown fields not displaying configured options despite valid bindings.
  • Resolved issues affecting repeated treatment entry behavior in workflow review screens.

Reporting & Data Handling

  • Fixed report export issues related to custom date filter fields in Excel outputs.
  • Corrected vulnerabilities causing local storage rendering issues for request evidence links.
  • Fixed data deduplication issues during streaming batch create/update processing.

Vulnerability & Compliance Management

  • Fixed vulnerability batch create/update timeout issues for large SSP environments.
  • Corrected CVE matching issues during ConMon processing.
  • Fixed Nessus compliance scan result grouping issues that caused per-host asset mapping inconsistencies.
  • Resolved issues where vulnerability matching incorrectly crossed plans.

UI & Workflow Fixes

  • Fixed issues causing UI blocks when adding repeated treatments during Security Plan review workflows.
  • Corrected assessment list performance issues caused by excessive database query volume.
  • Fixed issue detail workflow navigation inconsistencies.
  • Resolved local storage-related UI rendering issues.

Asset & Identifier Management

  • Fixed issues related to AssetIdentifierValidator behavior when switching tracking number cases.

CLI 6.34.34.0

[6.34.34.0] - 2026-05-20

Changed

  • Wiz inventory type allow-list trimmed to 25 approved asset types; network plumbing, IAM artifacts, governance/scope, and individual secret types removed from default filter
  • Wiz asset provider-native cloud identifiers (ARM path, AWS ARN) now used as primary dedup keys instead of internal Wiz UUIDs
  • Cloud-native Kubernetes Clusters now categorized as Hardware assets in the eMASS inventory
  • Database engine version (e.g. SQL Server, PostgreSQL) now correctly populates SoftwareVersion rather than OSVersion
  • VM image assets now carry a meaningful AssetType instead of "Other"

Added

  • OpenSCAP now accepts FedRAMP POA&M-shaped CSV files in addition to the previously supported xccdf2csv scan-output format

Fixed

  • OpenSCAP now logs a header-mismatch warning instead of silently reporting zero findings when CSV columns are not recognized
  • integration now follows Microsoft Graph pagination on group and group-member fetches, so , , and see the full set of groups and members instead of silently truncating at the first page (~100 items)
  • FedRAMP POA&M import no longer fails on every sheet when run in Airflow and ROH workers, restoring asset and finding sync
  • eMASS now correctly detects an existing Security Plan by eMASS ID and updates it instead of creating a duplicate
  • Wiz compliance sync no longer creates stub Asset records for refused entity types such as DNS records, IAM roles, and subscription/namespace types
  • Cloud-native firewalls (NSGs, security groups) now correctly categorized as Software instead of Hardware
  • Prisma host sync no longer silently drops vulnerabilities that share a package name across hosts; the integration now sends the full server-aligned vulnerability dedup key so distinct CVE findings persist as distinct records

RegScale 6.31.0.4

[6.31.0.4] 05-14-2026

Fixes

  • Added startup-time and on-demand probing of configured log-forwarding sinks (UDP syslog, TCP syslog, Splunk HEC) so misconfigured sinks surface as structured log lines instead of silently dropping the events.

CLI 6.34.31

[6.34.31] - 2026-05-13

Changed

  • eMASS importers (, SecCat workbook import, eMASS XML system import) now create new Security Plans with the tenant's DoD compliance setting instead of the default RegScale compliance setting, with the correct ID resolved automatically by framework keyword regardless of the numeric ID assigned in each tenant
  • Rapid7 InsightVM integration now uses server-side API pagination for orchestration offset and limit, reducing redundant API calls during parallel job splitting
  • Rapid7 InsightVM Console v3 sync_findings now streams findings as soon as their definitions are available instead of waiting for every asset listing to finish first, reducing time-to-first-finding from minutes to seconds on large environments
  • Scanner-based asset sync (GCP, Wiz, Tanium, Crowdstrike, SentinelOne, etc.) now respects the configured for the HTTP POST chunk size to ; the previous hardcoded chunk size of 100 only applies when is unset, with the documented default of 500 now taking effect for unconfigured deployments
  • Bumped 3.2.0 → 3.2.1 (REG-22036 / Trivy scan): patch-level fix for CVE-2026-38743 (per-DAG access-control bypass on the Human-in-the-Loop endpoint) and CVE-2026-40690 (asset dependency graph leaking nodes outside the viewer's DAG read permissions); operators on the bundled Airflow do not need any deployment change
  • Bumped 1.7.0 → 1.7.2 (REG-22036 / Trivy scan): patch for CVE-2026-44681 (OIDC Implicit/Hybrid Authorization open-redirect); affects only the extra, which uses for Azure provider OIDC flows

Added

  • New module (REG-22036): the Phase 1 container-startup AWS Secrets Manager loader is extracted from into a focused module so the file-permission / non- path / exception-sanitization hardening can be exercised by a dedicated regression suite. Behavior is unchanged for production callers — the helper is still invoked at import time when and are set.

Fixed

<<<<<<< REG-22156-ssp-safe-update

  • Security Plan updates from the CLI no longer wipe optional fields that were not explicitly modified, by fetching the current server copy and merging only the fields the caller set before sending the update

  • Security Plan updates now block accidental re-parenting through the CLI unless the caller explicitly opts in via

  • SSP and Appendix A imports (including FedRAMP Rev 5) now generate platform-policy-compliant passwords when creating stakeholder users, restoring stakeholder linkage that was previously dropped when the platform rejected weak or incompletely-classed passwords with HTTP 400
  • Nessus compliance scan findings now create one Vulnerability per control with all affected hosts preserved instead of collapsing every control under a plugin into a single row

    main

  • Airflow DAG listing now returns all RegScale integrations to the RegScale UI instead of silently truncating at the first 100 alphabetically, restoring visibility of Wiz, Trivy, and other late-alphabet integrations on the Integrations page
  • Nessus and other large-file scanner imports no longer incorrectly close findings from unrelated sources during multi-batch ingestion; mop-up is now scoped to the final batch of each run instead of every chunk
  • Control implementation sync no longer fails with a platform validation error when the Justification for Exclusion field has not been previously set
  • , , , and now propagate values as headers on outbound Microsoft Graph calls; previously, mock-server scale configuration was silently ignored, so end-to-end test environments always used the mock server's built-in defaults (, ) instead of the configured values. Header injection covers both the legacy session and the default client
  • Scanner integrations now honor , , and from ; previously these keys were silently ignored and per-API-call batches always used the hardcoded defaults
  • Issue and Vulnerability descriptions are now capped at 4000 characters client-side at the model layer (matching the backend on ; 's backend limit is 8000 but is capped at the same 4000 by convention so both records produced from one finding stay the same length) so oversized descriptions from any integration (Microsoft Defender, Qualys, ServiceNow, SonarCloud, GitLab, and others) are truncated before sync with a WARNING log instead of being rejected by the platform
  • AWS CloudWatch, CloudTrail, and Systems Manager sync now link generated evidence records to the parent Security Plan instead of leaving them unmapped
  • AWS Security Hub sync_findings now creates Vulnerabilities with a stable per-control identifier, so the backend auto-creates the corresponding Issues and keeps them open across subsequent scans instead of leaving the tenant with zero Vulnerabilities and closed Issues
  • Corrected misleading CLI help text across several commands (eMASS , Axonius and related file-path options, FedRAMP , Azure Intune , ServiceNow, Microsoft Defender, CSAM, CISA, JFrog Xray, OpenText, and the bulk permissions importer) so accurately describes what each command does
  • SentinelOne no longer fails for a percentage of records with HTTP 500 from the platform vulnerability endpoint; the SentinelOne agent UUID is no longer leaked into the field of the Vulnerability payload, and the underlying scanner-framework behavior of treating opaque asset identifiers (UUIDs, ARNs, agent IDs) as DNS sources has been removed across all scanners
  • SentinelOne (and any scanner using the platform bulk vulnerability endpoint) previously appeared to succeed but persisted zero rows because the request envelope used a misspelled key; vulnerabilities now serialize under the correct envelope key and are written to the security plan as expected
  • Bulk vulnerability and issue submission paths now retry transparently on the transient raised by the HTTP/2 connection-pool race under heavy concurrent fan-out, eliminating spurious single-item failures during large per-item fallbacks
  • CrowdStrike evidence collection now hydrates host details via the POST-form Hosts API to avoid HTTP 414/431 rejections at upstream ingress when batches approach the GET-form query-string limit