CLI 6.35.0

Changed

• Nessus scan imports now parse every file with a single streaming pass, reducing memory use and speeding up large imports
• Nessus STIG and CIS compliance results now create security checklists and POA&M issues instead of vulnerabilities, and re-scans correctly close remediated compliance POA&Ms without affecting other scanners' findings

Fixed

• SARIF vulnerability import no longer requires Synqly and parses SARIF files directly
• SARIF import now reports accurate created and updated vulnerability counts
• OpenText WebInspect and other JSONL-based scanner imports no longer crash when no scan date is provided, defaulting to the current date instead
• Tanium Cloud vulnerabilities now report Critical severity using CVSS v3 data instead of being capped at High
• Tanium Cloud vulnerability CVSS v2 and v3 base scores are now recorded in their correct fields

Added

• Tanium software bill of materials (SBOM) records in CycloneDX format, generated from endpoint installed applications and linked to each asset during asset synchronization
• Optional source name for Trivy and Grype imports, recorded in scan history and used to group same-day imports