Changelog
Back to All

CLI 6.36.0

June 29th, 2026

Changed

  • Wiz vulnerability sync now applies the configured Wiz Issue defaults (identification, status, security checks) to derived Issues instead of platform defaults
  • Wiz STIG sync now uploads XCCDF results in the format the platform's checklist import expects

Fixed

  • Vulnerabilities rolled up from ephemeral Wiz instances now persist on the parent asset instead of being auto-closed and hidden from the default view
  • FedRAMP Appendix A import now captures all control parameter assignments from the Control Summary tables, not just rows labeled "parameter"
  • FedRAMP CIS/CRM import now matches control objectives case-insensitively and warns clearly when a catalog's objectives can't be matched
  • Wiz syncs no longer flood the log with status-mapping warnings when the open-issue status is set to Ongoing
  • Wiz-discovered assets now receive the correct Hardware or Software category from the Wiz asset type instead of defaulting to Other
  • Wiz-derived Issues now record "Wiz" as the identification source detail
  • Wiz-derived Issues no longer force a constant value into the per-finding security checks field by default
  • Wiz vulnerability findings now populate the Plugin Output field with the finding's description instead of leaving it empty
  • Wiz CVE-based findings now map to NIST controls RA-5 and SI-2 on derived Issues
  • Wiz vulnerability sync no longer creates placeholder assets for findings whose asset is missing from inventory, instead skipping them and reporting the gap in an end-of-run summary
  • Wiz vulnerability findings on ephemeral AKS scale-set members are now rolled up to the parent cluster instead of being skipped
  • Wiz vulnerabilities now match their inventory assets reliably, resolving the long-standing duplicate-asset issue
  • Wiz post-sync now populates standard form fields such as Raw Severity, matching field names case- and whitespace-insensitively
  • Asset created and updated timestamps are now emitted in ISO 8601 format accepted by downstream validators
  • Scanner imports no longer drop findings when a scanner reports a non-string IP address value
  • eMASS SLCM workbook import now writes Compliance Status and SLCM Comments to their native fields, restoring round-trip fidelity with the Rev5 export
  • eMASS SLCM workbook import no longer imports computed risk columns that can't be reliably restored from the workbook

Added

  • wizVulnSecurityChecks setting to control the security checks value applied to Issues derived from Wiz vulnerabilities
  • Wiz stig_checks command to sync STIG and CIS benchmark check results into RegScale security checks, assessments, and control test results
  • XCCDF Benchmark and Rule models with full RegScale API coverage
  • Checklist import_results helper to upload CKL, CKLB, or XCCDF results files