Upgraded Apache Airflow from 3.1.8 to 3.2.0, resolving CVE-2025-57735 (CRITICAL) and CVE-2026-34538 (MEDIUM)
Migrated all Airflow imports to use the namespace to eliminate deprecation warnings
Fixed
CLI descriptions for , , and now correctly reference STIG instead of GCP
CLI descriptions for , , , and command groups now correctly describe their respective integrations instead of referencing unrelated vendors
Removed duplicate registration that caused the command to appear twice in internal CLI wiring
SARIF compliance sync not updating control implementation status when the SSP uses an OWASP ASVS catalog; CWE-to-control mapping now targets ASVS verification requirement IDs instead of OWASP Top 10 category IDs
SARIF compliance sync setting passing controls to "Fully Implemented" instead of the intended "Planned" status
burp integration mapping issue
Added
CrowdStrike , , , and commands now support , , and for parallel job splitting via the Orchestration Hub
SARIF and commands now support , , and for parallel job splitting via the Orchestration Hub
GCP , , , , , and commands now support , , and for parallel job splitting via the Orchestration Hub
CCI model now exposes and foreign key fields for direct traceability to control objectives and test plans
eMASS Control Test Results workbook import via , aligned with the POAM workbook importer pattern
eMASS PPSM (Ports, Protocols, Services & Mgmt) workbook import via ; supports both Standard DoD and USN template formats with auto-detection
eMASS Hardware/Software inventory workbook import via ; processes Hardware and Software sheets in two phases with software-to-hardware parent linking
eMASS workbook type auto-detection via ; identifies PPSM, HWSW, POAM, Control Test Results, Control Info, and Security Categorization workbooks from sheet names and column signatures
eMASS Security Categorization Form import via ; updates SecurityPlan categorization fields and creates SystemRole records for RMF team members
eMASS importers (POAM, PPSM, HWSW, SecCat) now populate custom fields on RegScale records using field definitions from the target instance, maximizing data coverage beyond native model fields
eMASS importers auto-discover the correct API app scope when the current token cannot see the target SSP; supports (pre-scoped JWT), / credential probing, and aborts with a clear error if the SSP cannot be located
Prisma Cloud , , and commands now support (preview counts without writing), (skip N items), and (process at most N items) for parallel job splitting via the Orchestration Hub
Fixed
AWS silently dropping all queued issues; issues are now flushed to RegScale after findings processing completes
Qualys sync skipping vulnerability processing entirely due to defaulting to false; findings are now synced by default
Qualys vulnerability sync failing with StreamReset errors on air-gapped or slow networks; added config (default 50) to send smaller batches per request
Component creation failing with 400 "Compliance Setting is required" on RegScale installations that enforce complianceSettingsId; scanner integration now falls back to the tenant's first available compliance setting when the security plan lookup returns none
Prisma Cloud SBOMs not appearing in the Security Plan SBOM tab; records are now linked to the security plan instead of individual assets so they populate the SSP-level SBOM view
Prisma Cloud vulnerability sync creating duplicate records on consecutive runs for non-CVE identifiers (GHSA-, PRISMA-); client-side deduplication now checks existing SSP vulnerabilities before submission
Nessus asset naming now uses FQDN or hostname instead of IP address when available, with priority: FQDN > hostname > NetBIOS > IP
Axonius endpoint calls for 6.30.0.0 additions
Tanium no longer includes compliance data by default; use for proper control assessments
Tanium now runs asset sync, vulnerability sync, and compliance assessment sync as three separate steps
Added
Tanium command to sync compliance/benchmark data as control assessments instead of vulnerabilities
Opt-in scan-level assessment creation for vulnerability scanners via init.yaml setting, linking issues to assessments and updating control implementation statuses from aggregated scan findings
sync_compliance now maps Issues to created Assets if they exist in the SSP
Fixed
AWS Inspector CSV import failing with "can only concatenate str (not int) to str" when processing findings
AWS Inspector CRITICAL severity findings now correctly mapped to Critical instead of being downgraded to High
AWS Inspector now uses real public/private IP addresses from scan data instead of hardcoding 0.0.0.0
AWS Security Hub creating duplicate issues on successive runs by switching to server-side deduplication keyed on stable plugin IDs instead of per-resource SecurityHub ARNs
Qualys creating duplicate vulnerability records on successive runs by adding to so the server can locate existing records; now correctly enables server-side POAM/finding creation from each vulnerability
Qualys now correctly defaults to instead of the deprecated mode when no vulnerability creation setting is provided
s3 file downloader now allows for customer local filename
AWS integration missing f-string causing PatchSummary installed count to display as literal text
AWS integration performance improvements: severity filtering moved before expensive computations, CVE data extracted once per finding instead of per resource, and class-level constant maps to avoid per-call allocation
Tenable CIS checklist sync commands ( and ) not creating checklists, vulnerabilities, or issues in RegScale
Axonius sync_compliance no longer crashed on SSPs with no controls
AWS GuardDuty sync creating duplicate issues by processing findings through both compliance framework and individual finding paths
Vulnerability deduplication across consecutive scanner imports caused by missing parentModule in the uniqueKeys lookup
Stale vulnerabilities from previous scans not being closed when a subsequent scan produces fewer findings
Duplicate issues created per vulnerability when retry logic re-queued the same vulnerability for batch submission
Azure Entra access review evidence collection for Government cloud environments where incorrect URL construction caused a 404 "Invalid version" error
Nessus asset naming now uses FQDN or hostname instead of IP address when available, with priority: FQDN > hostname > NetBIOS > IP
Axonius endpoint calls for 6.30.0.0 additions
Tanium no longer includes compliance data by default; use for proper control assessments
Tanium now runs asset sync, vulnerability sync, and compliance assessment sync as three separate steps
Added
Tanium command to sync compliance/benchmark data as control assessments instead of vulnerabilities
Opt-in scan-level assessment creation for vulnerability scanners via init.yaml setting, linking issues to assessments and updating control implementation statuses from aggregated scan findings
sync_compliance now maps Issues to created Assets if they exist in the SSP
Fixed
AWS Inspector CSV import failing with "can only concatenate str (not int) to str" when processing findings
AWS Inspector CRITICAL severity findings now correctly mapped to Critical instead of being downgraded to High
AWS Inspector now uses real public/private IP addresses from scan data instead of hardcoding 0.0.0.0
AWS Security Hub creating duplicate issues on successive runs by switching to server-side deduplication keyed on stable plugin IDs instead of per-resource SecurityHub ARNs
Qualys creating duplicate vulnerability records on successive runs by adding to so the server can locate existing records; now correctly enables server-side POAM/finding creation from each vulnerability
Qualys now correctly defaults to instead of the deprecated mode when no vulnerability creation setting is provided
s3 file downloader now allows for customer local filename
AWS integration missing f-string causing PatchSummary installed count to display as literal text
AWS integration performance improvements: severity filtering moved before expensive computations, CVE data extracted once per finding instead of per resource, and class-level constant maps to avoid per-call allocation
Tenable CIS checklist sync commands ( and ) not creating checklists, vulnerabilities, or issues in RegScale
Axonius sync_compliance no longer crashed on SSPs with no controls
AWS GuardDuty sync creating duplicate issues by processing findings through both compliance framework and individual finding paths
Vulnerability deduplication across consecutive scanner imports caused by missing parentModule in the uniqueKeys lookup
Stale vulnerabilities from previous scans not being closed when a subsequent scan produces fewer findings
Duplicate issues created per vulnerability when retry logic re-queued the same vulnerability for batch submission
Azure Entra access review evidence collection for Government cloud environments where incorrect URL construction caused a 404 "Invalid version" error
