[6.31.0.1] 04-27-2026

Changes & Enhancements

Security & Compliance

• Added noindex, nofollow meta tags to login page headers to help prevent search engine indexing of sensitive authentication pages.

Platform Maintenance

• Updated core platform dependencies to the latest stable versions to improve performance, stability, and security.

Logging & Observability

• Added support for Splunk HEC (HTTP Event Collector) as a sink in the Serilog logging pipeline, enabling improved log forwarding and integration with Splunk.

Fixes

API & Documentation

• Fixed an issue where Swagger and API documentation links were failing or inaccessible within the application.

Data & Records

• Resolved an issue where XCCDF records were not properly scoped per application, causing them to appear across all applications.

Navigation & UI

• Fixed an issue where the root node was incorrectly displayed in navigation when viewing an XCCDF record.

Form Builder

• Addressed edge cases that caused Form Builder imports to fail under certain conditions.

[6.31.0.0] 04-25-2026

Release Notes LIMITED

This release is designated as a LIMITED release that is only meant for specific customers of RegScale.
All functionality from this release is also generally availabie in the 6.31.0.1 release.

Changes & Improvements

DoD Compliance & Workflow

• Enhanced support for NIST 800-53 Rev. 5, including updated catalogs and improved control coverage

• Introduced the ability to map a single ZTA control to multiple NIST controls

• Expanded System Security Plan (SSP) management:

  • Add or remove controls directly within SSPs
  • Map issues and POA&Ms at the control part level
  • Select source SSPs within the authoring experience

• Improved STIG and checklist workflows:

  • New checklist import wizard with support for XCCDF
  • Automated issue lifecycle based on test results
  • Multi-asset orchestration with auto-matching

• Enhanced eMASS interoperability:

  • Expanded export capabilities (POA&Ms, inventories, SCF, test results, and more)
  • Improved ports and protocols submission workflows

• Updated DoD workflows and architecture to better support POA&M processes and custom field management

RegML (AI & Automation)

• Introduced RegML Health Check for improved system visibility

• Added Framework Converter to streamline framework transformations

• Improved authoring with mapping-first workflow design

• Expanded API capabilities:

  • New reranking endpoint for improved results relevance
  • Document chunking and vectorization for advanced AI use cases

• Enhanced performance through caching and improved concurrent request handling

• Improved document processing with smarter content chunking and harvesting

Platform Enhancements

• Launched Wayfinder Explorer for improved navigation and usability

• Enhanced Wayfinder Builder with editable activity links

• Expanded Evidence Preview capabilities

• Introduced a Risk Paging System for better scalability

• Increased flexibility:

  • Higher custom field limits
  • Import/export of form fields across environments

• Security Relevant Patch: Contains Image Hardening and Patching Improvements

• Added new API integrations and data mapping enhancements (including OLIR crosswalk support)

Fixes

DoD

• Resolved issues with checklist imports, including XCCDF visibility and multi-asset handling
• Fixed inconsistencies in control objectives, test plans, and issue hierarchy
• Corrected UI behaviors in checklist screens and Line of Inquiry workflows
• Addressed issues with asset creation and ports/protocols validation

RegML

• Improved stability of AI Auditor and RegML Auditor services
• Fixed issues with query handling, including schema validation and model parameter usage
• Resolved conversation history loss during retries
• Fixed document harvesting and policy import inconsistencies
• Addressed startup and health check reliability issues

Platform

• Fixed issues impacting GraphQL queries, custom fields, and role assignments

• Resolved SSO login redirect issues (Entra SAML)

• Improved Wayfinder stability, including action menus and webhook support

• Fixed data consistency issues across:

  • Reports and dashboards
  • Evidence mapping
  • Assessments and questionnaires

• Addressed export, file handling, and large dataset processing issues

• Fixed multiple UI/UX bugs across forms, builders, and dashboards

• Improved search, filtering, and Excel export accuracy

• Resolved various data integrity and migration-related issues

Notes

• This release is designated as a LIMITED release that is only meant for specific customers of RegScale.
• This release includes significant enhancements to DoD workflows and POA&M processing, which may affect existing integrations or automations.
• RegML capabilities continue to expand, with a focus on AI-driven document processing, vectorization, and improved search relevance.
• All functionality from this release is also generally availabie in the 6.31.01 release.

[6.34.27.0] - 2026-04-30

Changed

• Tanium sync commands now handle scaled environments (100k+ records) without hanging or running out of memory
• Tanium policy and data findings no longer create duplicates for non-CVE results
• Tanium sync runs faster and now logs throughput progress during long-running operations
• SentinelOne integration now uses native SentinelOne agent IDs for asset and finding tracking

Fixed

• Scanner integration batch syncs (Axonius, Tanium, SentinelOne) no longer create duplicate records or drop linked Issues when a batch request times out
• Azure Entra evidence collection no longer hangs on large tenants; live progress is shown, Microsoft Graph throttling is handled automatically, and access review evidence with shared display names is preserved
• Qualys integration now constructs correct API URLs for production deployments where Container Security and VMDR are hosted on different Qualys sub-domains
• Qualys Total Cloud and other JSONL-based scanners no longer fail to start with date format errors
• now supports , , and flags for consistency with other Qualys commands
• SentinelOne vulnerability sync no longer creates duplicate findings when the same CVE affects multiple records
• SentinelOne no longer collapses applications with similar names (e.g., "Microsoft Visual Studio 2019" and "Microsoft Visual Studio 2022") into the same finding
• SentinelOne integration no longer leaks connections during long-running or repeated syncs
• Tanium Cloud endpoint queries now return faster when a record limit is specified
• and no longer stop after 50 records; all matching records are now processed

Added

• Configurable GCP Security Command Center API endpoint via in init.yaml to support alternate or non-Google hosts
• SARIF and commands now accept to run compliance sync against a Component as an alternative to

[6.34.22] - 2026-04-28

Fixed

• Tanium Cloud vulnerability sync no longer creates duplicate findings when the same CVE affects multiple endpoints; one finding is now created per CVE and mapped to all affected assets
• Asset MAC addresses are now normalized to uppercase before submission to prevent validation failures caused by case-sensitive platform checks

[6.34.20.0] - 2026-04-28

Changed

• Control implementation single-record fetches now request the non-deprecated v2.0 API version via the header to avoid hitting the obsolete v1 handler
• Control implementation create and update requests now target the non-deprecated v2.0 API handler via the header
• Stakeholder create and update requests now target the non-deprecated v2.0 API handler via the header
• Wiz asset type mapping now routes cloud resource types to specific RegScale asset types (Container, Database, Cloud Storage, Load Balancer, Serverless Function, Kubernetes Cluster, Application) instead of collapsing everything to "Other"
• AssetType now supports Container, Database, Cloud Storage, Load Balancer, Serverless Function, Kubernetes Cluster, Application, Operating System, Firmware, and Utility as valid values alongside the existing hardware form factors
• Wiz resources now map to the RegScale "Database" asset type instead of "Physical Server"; existing records will update on next sync
• Wiz asset and software names now display human-readable short names and product names (e.g. "Azure Database for PostgreSQL") instead of long internal identifiers
• Wiz compliance report sync now matches existing assets on any of their identifier fields (otherTrackingNumber, awsIdentifier, azureIdentifier, googleIdentifier, providerUniqueId, and related) instead of only otherTrackingNumber

Fixed

• Issue-to-asset mapping for all scanner integrations now works reliably; the RegScale server receives the configured asset identifier field on every batch path (both the default and custom fields like Nessus , Qualys , and STIG ), so issues and POAMs are linked to their assets instead of being silently dropped
• Issue payloads no longer strip the field before sending to the server, which was preventing all server-side issue→asset mapping
• Queued issues from the final chunk of a sync run are now flushed to the server instead of being left behind, eliminating missing records and duplicate ingestion on re-run
• Duplicate findings no longer accumulate across chunk boundaries in large scanner syncs; server-side mop-up now runs on every batch (scoped by the per-run ) instead of only the final chunk
• Newline-separated consolidated asset identifiers (from multi-asset findings) are now split correctly for client-side issue→asset mapping
• Legacy Qualys VM report import now creates issues and vulnerabilities linked to their assets via the identifier
• FedRAMP POAM import now creates issues linked to their assets via
• Vulnerability plugin ID is no longer silently nulled when the RegScale version endpoint is unreachable, restoring deduplication for every scanner integration (Tanium, Wiz, Qualys, Tenable, Nessus)
• Wiz compliance report sync no longer creates duplicate stub assets for entities that already match an inventoried asset
• Wiz asset RAM capacity and cloud provider identifier fields are now populated from Wiz entity properties that were previously being dropped
• Compliance sync no longer silently creates duplicate stub assets when the existing-asset lookup fails; a transient asset-fetch failure now logs a warning with plan context and the run completes with degraded deduplication instead of reproducing the bug it was meant to prevent
• Non-Wiz compliance integrations (Qualys CIS, SARIF, QRadar, CrowdStrike, AWS ECR/Config/GuardDuty) no longer risk misattributing compliance findings to unrelated assets that happen to share a or with the compliance item's resource ID
• Malformed Wiz JSON on an entity is now surfaced as a warning log instead of being silently swallowed, so users can see when source data is broken rather than wondering why RAM values appear inconsistent
• AWS now filters to Active Critical/High/Medium findings by default and fetches each severity bucket in parallel, dramatically reducing run time in GovCloud
• AWS prints per-page progress while fetching Inspector data so long runs no longer appear to hang
• AWS no longer loops for hours when Inspector findings have no resolvable IP address; invalid IPs are dropped client-side and a run-end summary reports how many findings were skipped
• Vulnerability batch submission no longer retries 400 validation errors, which previously cascaded into a multi-hour per-item retry loop
• AWS now creates a RegScale asset for each real EC2 instance, Lambda function, and ECR image returned by Inspector instead of a single synthetic per-account placeholder, so vulnerabilities link to the actual affected resource
• AWS collapses Inspector findings that share a CVE or plugin across multiple resources into a single vulnerability/issue with every affected asset linked, replacing the previous one-duplicate-per-instance behavior
• Rapid7 InsightVM Console (v3) throughput for environments with many assets; per-asset vulnerability listings and definition lookups now run in parallel

Added

• OpenSCAP integration for ingesting ARF, XCCDF results, and CSV export files as RegScale findings and assets, with optional NIST 800-53 Rev 5 compliance assessment support via CCE-to-control mapping
• command composes vulnerability import and compliance sync in a single invocation; pass , , or both to run the corresponding phases against one input file
• AWS and flags to override the new default severity/status filters
• AWS now accepts in addition to the snake_case form for consistency with
• eMASS PPSM workbook importer now saves custom field values (boundaries, source/destination device names, IPs, FQDNs, VPN metadata) to the PortsProtocol module after each batch import
• Rapid7 InsightVM configuration variable to tune concurrency of the Console v3 vulnerability fetch (default 20)

[6.30.0.2] 2026-04-23

Questionnaire Experience

• Improved scoring reliability to ensure consistent and accurate results across all questionnaires
• Enhanced submission workflow to reduce errors and provide a smoother user experience

Fixes

Evidence Management

• Fixed an issue where updating frequency settings incorrectly modified due dates on evidence records

Data Entry & Organization

• Resolved a bug affecting section organization during data entry, improving structure and usability

API & Integrations

• Fixed an issue where the Postman collection download link returned a 401 Unauthorized error

Questionnaire Stability

• Addressed multiple issues causing questionnaire submission failures

Security

• Fixed an issue for TCP Serilog/Syslog forwarding.

[6.34.11.0] - 2026-04-21

Changed

• Tanium integration now uses server-side pagination to reduce memory usage and network traffic when using --offset and --limit
• Tanium command now supports --dry-run, --offset, and --limit for Orchestration Hub parallel execution

Fixed

• Jira Issues sync now populates Severity Level with simple values (Critical/High/Medium/Low) and sets Identification to "Other" so both fields render correctly in the RegScale UI; handles Jira issues with no priority assigned
• Tanium compliance findings on REST (on-prem) now fetches all pages instead of only the first 100 results
• AWS now creates issues and vulnerabilities by default, with a warning when a run produces none so empty results are easier to diagnose
• AWS vulnerabilities and issues now carry unique Plugin ID and Plugin Name values (CVE for package vulnerabilities, detector ID for code vulnerabilities, finding title for network reachability) instead of the generic finding type
• Tanium vulnerability sync now creates a single issue per vulnerability with all affected endpoints linked as asset mappings instead of one duplicate issue per asset
• Tanium asset and compliance sync now dedupe entries surfaced by overlapping pagination so each endpoint and each rule/endpoint pair is processed once
• Tanium vulnerability findings now carry a unique Plugin ID per vulnerability instead of all defaulting to "Tanium Comply", restoring per-vulnerability deduplication
• Scanner progress bars no longer have log messages bleeding into the bar line; console logging is routed through tqdm while a progress bar is active so output stays readable
• Multi-batch scanner syncs now skip the redundant mop-up re-send; the final batch carries the mop-up flag so the server performs mop-up inline, shortening large imports by one batch round-trip
• Scanner finding progress bar no longer double-counts advances, so the "Processing N findings" bar reaches exactly N instead of 2×N (e.g. a 2,000-finding run now ends at 2000/2000 rather than 4000/unknown)
• Tanium vulnerability sync reports the finding total to the progress bar up front instead of leaving it indeterminate until the run finishes
• Tanium findings now carry the per-vulnerability or per-rule name as their Plugin Name (e.g. the CVE title or STIG rule title) instead of all reading "Tanium Comply", so issue titles and plugin fields are meaningful
• Tanium vulnerability Plugin ID now uses the CVE when available (falling back to Tanium's internal ID only for non-CVE advisories), so the identifier is externally meaningful and collapses duplicate Tanium records for the same CVE onto a single RegScale issue

Added

• Tanium command group to the RegScale Orchestration Hub subcommand for scheduled sync of assets, findings, and compliance
• Vulnerability-to-asset mapping for scanner integrations using a custom asset identifier field (e.g. Nessus ); the server-side asset lookup now receives the configured field name on all batch paths
• Consolidated vulnerability findings with newline-joined asset identifiers now split correctly into individual entries for server-side asset matching
• GCP , , , and commands available as a command group in the Orchestration Hub
• eMASS system export importer now captures SSP custom fields (Owning Organization, DITPR DON ID, VRAM ID, Cloud Computing type/model), expanded POAM fields (predisposing conditions, likelihood, impact, threat description, risk mitigations), control implementation responsibility and SLCM data, and actual test results (Assessment, ControlTest, ControlTestResult) from SystemExport XML
• eMASS Control Test Results workbook importer now populates AP Acronym, Assessment Procedures summary, lead assessor from Tested By column, and inherited implementation text from Inherited/Remote Inheritance columns
• eMASS Control Information / SLCM workbook importer () to update control implementation status, assessment frequency, narrative, responsible entities, layer information, and SLCM monitoring data from TR5 ControlInfoExport workbooks

[6.34.4.0] - 2026-04-17

Changed

• Upgraded Apache Airflow from 3.1.8 to 3.2.0, resolving CVE-2025-57735 (CRITICAL) and CVE-2026-34538 (MEDIUM)
• Migrated all Airflow imports to use the namespace to eliminate deprecation warnings

Fixed

• CLI descriptions for , , and now correctly reference STIG instead of GCP
• CLI descriptions for , , , and command groups now correctly describe their respective integrations instead of referencing unrelated vendors
• Removed duplicate registration that caused the command to appear twice in internal CLI wiring
• SARIF compliance sync not updating control implementation status when the SSP uses an OWASP ASVS catalog; CWE-to-control mapping now targets ASVS verification requirement IDs instead of OWASP Top 10 category IDs
• SARIF compliance sync setting passing controls to "Fully Implemented" instead of the intended "Planned" status
• burp integration mapping issue

Added

• CrowdStrike , , , and commands now support , , and for parallel job splitting via the Orchestration Hub
• SARIF and commands now support , , and for parallel job splitting via the Orchestration Hub
• GCP , , , , , and commands now support , , and for parallel job splitting via the Orchestration Hub
• CCI model now exposes and foreign key fields for direct traceability to control objectives and test plans
• eMASS Control Test Results workbook import via , aligned with the POAM workbook importer pattern
• eMASS PPSM (Ports, Protocols, Services & Mgmt) workbook import via ; supports both Standard DoD and USN template formats with auto-detection
• eMASS Hardware/Software inventory workbook import via ; processes Hardware and Software sheets in two phases with software-to-hardware parent linking
• eMASS workbook type auto-detection via ; identifies PPSM, HWSW, POAM, Control Test Results, Control Info, and Security Categorization workbooks from sheet names and column signatures
• eMASS Security Categorization Form import via ; updates SecurityPlan categorization fields and creates SystemRole records for RMF team members
• eMASS importers (POAM, PPSM, HWSW, SecCat) now populate custom fields on RegScale records using field definitions from the target instance, maximizing data coverage beyond native model fields
• eMASS importers auto-discover the correct API app scope when the current token cannot see the target SSP; supports (pre-scoped JWT), / credential probing, and aborts with a clear error if the SSP cannot be located

Added

• Prisma Cloud , , and commands now support (preview counts without writing), (skip N items), and (process at most N items) for parallel job splitting via the Orchestration Hub

Fixed

• AWS silently dropping all queued issues; issues are now flushed to RegScale after findings processing completes
• Qualys sync skipping vulnerability processing entirely due to defaulting to false; findings are now synced by default
• Qualys vulnerability sync failing with StreamReset errors on air-gapped or slow networks; added config (default 50) to send smaller batches per request
• Component creation failing with 400 "Compliance Setting is required" on RegScale installations that enforce complianceSettingsId; scanner integration now falls back to the tenant's first available compliance setting when the security plan lookup returns none
• Prisma Cloud SBOMs not appearing in the Security Plan SBOM tab; records are now linked to the security plan instead of individual assets so they populate the SSP-level SBOM view
• Prisma Cloud vulnerability sync creating duplicate records on consecutive runs for non-CVE identifiers (GHSA-, PRISMA-); client-side deduplication now checks existing SSP vulnerabilities before submission