HomeGuidesChangelog
Changelog
Back to All

CLI 6.34.20.0

April 28th, 2026

[6.34.20.0] - 2026-04-28

Changed

  • Control implementation single-record fetches now request the non-deprecated v2.0 API version via the header to avoid hitting the obsolete v1 handler
  • Control implementation create and update requests now target the non-deprecated v2.0 API handler via the header
  • Stakeholder create and update requests now target the non-deprecated v2.0 API handler via the header
  • Wiz asset type mapping now routes cloud resource types to specific RegScale asset types (Container, Database, Cloud Storage, Load Balancer, Serverless Function, Kubernetes Cluster, Application) instead of collapsing everything to "Other"
  • AssetType now supports Container, Database, Cloud Storage, Load Balancer, Serverless Function, Kubernetes Cluster, Application, Operating System, Firmware, and Utility as valid values alongside the existing hardware form factors
  • Wiz resources now map to the RegScale "Database" asset type instead of "Physical Server"; existing records will update on next sync
  • Wiz asset and software names now display human-readable short names and product names (e.g. "Azure Database for PostgreSQL") instead of long internal identifiers
  • Wiz compliance report sync now matches existing assets on any of their identifier fields (otherTrackingNumber, awsIdentifier, azureIdentifier, googleIdentifier, providerUniqueId, and related) instead of only otherTrackingNumber

Fixed

  • Issue-to-asset mapping for all scanner integrations now works reliably; the RegScale server receives the configured asset identifier field on every batch path (both the default and custom fields like Nessus , Qualys , and STIG ), so issues and POAMs are linked to their assets instead of being silently dropped
  • Issue payloads no longer strip the field before sending to the server, which was preventing all server-side issue→asset mapping
  • Queued issues from the final chunk of a sync run are now flushed to the server instead of being left behind, eliminating missing records and duplicate ingestion on re-run
  • Duplicate findings no longer accumulate across chunk boundaries in large scanner syncs; server-side mop-up now runs on every batch (scoped by the per-run ) instead of only the final chunk
  • Newline-separated consolidated asset identifiers (from multi-asset findings) are now split correctly for client-side issue→asset mapping
  • Legacy Qualys VM report import now creates issues and vulnerabilities linked to their assets via the identifier
  • FedRAMP POAM import now creates issues linked to their assets via
  • Vulnerability plugin ID is no longer silently nulled when the RegScale version endpoint is unreachable, restoring deduplication for every scanner integration (Tanium, Wiz, Qualys, Tenable, Nessus)
  • Wiz compliance report sync no longer creates duplicate stub assets for entities that already match an inventoried asset
  • Wiz asset RAM capacity and cloud provider identifier fields are now populated from Wiz entity properties that were previously being dropped
  • Compliance sync no longer silently creates duplicate stub assets when the existing-asset lookup fails; a transient asset-fetch failure now logs a warning with plan context and the run completes with degraded deduplication instead of reproducing the bug it was meant to prevent
  • Non-Wiz compliance integrations (Qualys CIS, SARIF, QRadar, CrowdStrike, AWS ECR/Config/GuardDuty) no longer risk misattributing compliance findings to unrelated assets that happen to share a or with the compliance item's resource ID
  • Malformed Wiz JSON on an entity is now surfaced as a warning log instead of being silently swallowed, so users can see when source data is broken rather than wondering why RAM values appear inconsistent
  • AWS now filters to Active Critical/High/Medium findings by default and fetches each severity bucket in parallel, dramatically reducing run time in GovCloud
  • AWS prints per-page progress while fetching Inspector data so long runs no longer appear to hang
  • AWS no longer loops for hours when Inspector findings have no resolvable IP address; invalid IPs are dropped client-side and a run-end summary reports how many findings were skipped
  • Vulnerability batch submission no longer retries 400 validation errors, which previously cascaded into a multi-hour per-item retry loop
  • AWS now creates a RegScale asset for each real EC2 instance, Lambda function, and ECR image returned by Inspector instead of a single synthetic per-account placeholder, so vulnerabilities link to the actual affected resource
  • AWS collapses Inspector findings that share a CVE or plugin across multiple resources into a single vulnerability/issue with every affected asset linked, replacing the previous one-duplicate-per-instance behavior
  • Rapid7 InsightVM Console (v3) throughput for environments with many assets; per-asset vulnerability listings and definition lookups now run in parallel

Added

  • OpenSCAP integration for ingesting ARF, XCCDF results, and CSV export files as RegScale findings and assets, with optional NIST 800-53 Rev 5 compliance assessment support via CCE-to-control mapping
  • command composes vulnerability import and compliance sync in a single invocation; pass , , or both to run the corresponding phases against one input file
  • AWS and flags to override the new default severity/status filters
  • AWS now accepts in addition to the snake_case form for consistency with
  • eMASS PPSM workbook importer now saves custom field values (boundaries, source/destination device names, IPs, FQDNs, VPN metadata) to the PortsProtocol module after each batch import
  • Rapid7 InsightVM configuration variable to tune concurrency of the Console v3 vulnerability fetch (default 20)