HomeGuidesAPI ReferenceChangelog
Changelog

CLI 6.29.2.0

[6.29.2.0] - 2025-12-11

Added

  • Add Container Security integration to sync_qualys command with --include-containers flag supporting mode-aware issue consolidation (Consolidated vs Per-Asset)
  • WAS (Web Application Scanning) integration to sync_qualys command with --include-was flag
    • HTTP Basic Auth for WAS API with pagination and threading support
    • Mode-aware deduplication (Consolidated vs Per-Asset)
    • OWASP category mapping and WAS-specific fields (URL, parameter, HTTP method)
    • 31 comprehensive unit tests with 100% pass rate
    • Uses dateutil for robust datetime parsing
    • Proper error handling with warnings for unexpected data types and duplicates
  • QRadar query_events now supports flexible field querying (not just AWS Account ID)
    • New CLI options: --query-field, --query-value, --time-window-hours for flexible querying
    • Can now query by username, IP address, or any QRadar field (not just AWS Account ID)
    • Backward compatible: --account-id still works and maps to AWS Account ID query
    • Introduced QRadarQueryConfig and ControlAssessmentContext data classes for type safety
    • Assessment descriptions now generic (e.g., "username: jdoe" instead of hardcoded "AWS Account")
    • Improved data validation and parameter cohesion
    • Created constants.py module to centralize configuration constants for better maintainability
    • Replaced hardcoded strings throughout with named constants (ASSESSMENT_RESULT_PASS, ASSESSMENT_RESULT_FAIL, etc.)
    • Reduced cognitive complexity from 16 to 5 by extracting helper functions
  • GCP Security Command Center Integration
    • Asset Collection: Collects inventory for compute, storage, database, and more.
    • Findings & Vulnerabilities: Fetches SCC findings, parses for multi-framework mapping, and syncs vulnerabilities.
    • Compliance Integration: Maps findings to frameworks (NIST, CIS, FedRAMP, PCI-DSS, SOC2) and updates control status.
    • Evidence Collection: Automates evidence gathering per service.

Fixed

  • QRadar query_events now creates assessments with descriptive text and properly links evidence to both control-level and SSP-level assessments for complete visibility
  • Changed QRadar query time window from 24 hours to 8 hours for more accurate recent event assessment
  • Reduce complexity in Qualys inner_join function by extracting helper functions
  • Fixed critical KeyError: 'domain' crash affecting all Automation Manager integrations in RegScale
    • Added defensive config access in APIHandler to prevent KeyError crashes
    • Implemented JSON validation in decryption flow to handle malformed decrypted config
    • Added multi-tier fallback mechanism (local init.yaml → provided parameters → template) when remote config fetch fails
    • Added REGSCALE_USE_LOCAL_CONFIG environment variable for operator control
    • All Automation Manager Integrations (AWS, CrowdStrike, Wiz, Tenable, Defender, etc.) now start successfully with graceful config fallback

RegScale 6.27.2.0

[6.27.2.0] - 2025-12-10

Fixed

  • Evidence Completion Report now includes evidence from Evidence Locker
  • Task creation in the Categorization Kanban now works correctly
  • Deviation Rationale now displays properly in the Deviations tab
  • Swagger generation for releases now correctly lists v1 and v2 endpoints
  • Dashboard Builder “By Module” filter now returns accurate results
  • Steps to implement can now be saved when only part of a control is implemented
  • Title Status and Description fields in user-defined Task Reports no longer show null values
  • POST requests with invalid LoE now return a 400 status as expected
  • PUT requests with invalid LoE now return a 400 status as expected

CLI 6.29.1.1

[6.29.1.1] - 2025-12-09

Fixed

  • fixed issue with synqly tanium vulnerability ipaddress holding both v4 and 6

CLI 6.29.1.0

[6.29.1.0] - 2025-12-08

Removed

  • Irrelevant Audit Manager Status and Evidence Count metadata from issue descriptions during AWS Security Hub integration

Fixed

  • Fix FedRAMP Appendix A page break content truncation
  • REG-18979: Fixed Qualys VMDR API URL construction causing XML parsing errors - URLs now include leading slash and trailing slash before query parameters
  • AWS Security Hub:
    • Consolidated mode now properly groups findings by plugin_id
    • AttributeError by standardizing plugin_id naming convention
    • Remediation URLs removing extra 'securityhub-' prefix that caused broken documentation links

Security

  • Routine dependency updates

RegScale 6.27.1.1

[6.27.1.1] - 2025-12-05

Fixed

  • Assessment modules with required custom fields can be updated
  • Ability to create a new Casual Analysis from an existing Issue record

RegScale 6.27.1.0

[6.27.1.0] - 2025-11-26

Added

  • Issues API
      • Bulk create issues
      • Bulk update existing issues
      • Create or update based on provided unique keys
      • Memory-efficient export of large datasets
      • Stream-process large issue batches
  • Assets API
      • Bulk create assets
      • Bulk update existing assets
      • Create or update based on unique keys
      • Memory-efficient export of large datasets
      • Stream-process large asset batches
  • Vulnerabilities API
      • Bulk create vulnerabilities
      • Stream-process vulnerability batches
      • Stream-create vulnerability mappings
  • Known Exploited Vulnerabilities (KEV) integration with CISA catalog
  • Configurable unique key fields for deduplication
  • Performance monitoring metrics for batch operations

Fixed

  • OAuth claims processing for SSO providers
  • Memory leaks in large-scale data processing
  • Security control save operations using proper change tracking

CLI 6.29.0.6

[6.29.0.6]

Fixed

  • Fixed Jira integration to use new /rest/api/3/search/jql endpoint after Atlassian deprecated /rest/api/2/search (removed Oct 31, 2024)
  • Fixed Jira integration to gracefully handle missing issue types across diverse client configurations
  • Fixed Jira authentication to properly use basic_auth for API tokens instead of OAuth token_auth

CLI 6.29.0.5

[6.29.0.5]

Fixed

  • Fixed CrowdStrike query_incidents KeyError when API response is missing expected 'resources' key
  • CSAM Integration is failing to create inheritance associations
  • SARIF Integration vulnerability severity issue.

Added

  • QRadar Integration that uses QRadar API integration

CLI 6.29.0.1

[6.29.0.1]

Fixed

  • Fixed issue with metadata api endpoint

CLI 6.29.0.0

[6.29.0.0]

Fixed

  • CSAM: Fixed inheritance bug and POA&M bug
  • SARIF: Fixed vulnerability severity mapping bug
  • Fixed a bug where Kerberos was missing from container build packages
  • Container build process improvements

Changed

  • CSAM: Fixed controlImplementations endpoint API change (get_list_by_parent returns {"items": []} format)

Fixed

  • AWS Security Hub: Fixed consolidated mode to properly group findings by GeneratorId instead of unique finding UUID, preventing duplicate issues for the same security control type
  • CSAM Integration enhancements:
    • POA&M import functionality for synchronizing CSAM POA&Ms to RegScale Issues
    • Artifacts import with automatic file downloads and attachments
    • Points of Contact (POC) mapping to RegScale users
    • Business continuity and incident response data import
    • Additional status fields (risk assessment, SSP completion, configuration management)
    • Agency-defined data items with customizable field mappings
    • New CLI command for connectivity testing
    • Enhanced SSP import with improved error handling