HomeGuidesChangelog
Changelog
Back to All

CLI 6.29.7.1

January 21st, 2026

[6.29.7.1] - 2026-01-20

Added

  • SSP cleanup CLI commands to delete issues and vulnerabilities with associated mappings
      • Delete all issues from an SSP with optional status filtering
      • Delete all vulnerabilities and mappings from an SSP
    • Supports dry-run mode, force flag, and progress feedback during bulk operations
  • Qualys CIS Benchmark report import with full POAM metadata support
    • New CLI command for importing CIS Benchmark compliance reports
    • Creates Issues with 5 POAM metadata fields (Original Risk Rating, Remediation Description, POA&M Comments, Asset Identifier, Affected Controls)
    • Creates Vulnerabilities from failed CIS controls with proper severity mapping
    • Optional control assessment creation with NIST 800-53 mapping via flag
    • Helper function in vmdr.py for programmatic issue creation
    • CIS compliance integration processor with heuristic control ID matching
    • Comprehensive unit tests for CIS report parsing and issue creation (14 tests covering parsing, de-duplication, POAM fields, and integration workflow)

Fixed

  • Qualys CIS report parsing now handles None/empty CSV field values without crashing
  • Qualys integration POAM metadata field handling
    • Asset identifier now uses newline-separated format per RegScale convention
    • POAM fields now persist correctly using two-step process (batch create + individual .save() calls)
    • Issue severity levels use simple format (Critical, High, Medium, Low) instead of FedRAMP format
  • Console output now uses ASCII characters instead of Unicode for Windows CMD compatibility
  • Qualys VMDR report import now supports configurable POAM fields for multi-tenant compatibility
    • and fields can be disabled via config for tenants without these fields
    • Configuration flags: and (both default to true)
  • Qualys batch operations now include retry logic for transient API failures
    • 3-attempt retry with exponential backoff (5s, 10s, 20s) for issue and vulnerability creation
    • Improved resilience for large imports with network interruptions
  • Qualys API rate limiting now supports Retry-After headers with adaptive backoff
    • Increased max retries from 3 to 5 for report fetching
    • Uses server-provided Retry-After header when available instead of fixed exponential backoff
  • Prisma Cloud integration type conversion errors with empty configuration values
    • Applied safe type conversion pattern across all 7 affected locations in scanner.py and cli.py
    • Empty string values in init.yaml for prismaApiTimeout, prismaApiRetries, prismaPageSize now use proper defaults (30, 3, 50)
    • Empty or None values for prismaVerifySsl now default to True (secure default)
    • Empty values for prismaDeduplicateFindings now properly disable deduplication
    • Comprehensive regression test suite (19 tests) validates edge case handling
  • Security vulnerabilities in core dependencies
    • Updated cryptography to >=43.0.0
    • Updated pyyaml to >=6.0
    • Updated requests to >=2.32.0 (ensures latest SSL/TLS security patches)
    • Dependency version constraints
    • Upgraded Python from 3.12 to 3.13
    • Upgraded Airflow from 3.1.3 to 3.1.6 to align with pyproject.toml
    • Pinned urllib3>=2.6.3
    • Pinned setuptools>=75.8.0
    • Removed unused git package from Airflow runtime image
    • Removed unused Airflow simple auth UI with vulnerable JavaScript packages
  • Security patches for system Python packages (pip, setuptools, jaraco.context)
  • Missing dependency for Wiz integration compliance features