• Define specific goals for an asset, set request limits to ensure safety during execution, and define automated schedules.
• Moves teams away from manual testing triggers, ensuring assets are continuously validated against offensive scenarios.

• DAST is now fully standardized as a scanner source, removing distinct data paths that could cause discrepancies in "scan coverage" metrics.
• Assets covered by dynamic analysis are accurately reflected in dashboard KPIs, and filtering by integration type returns consistent, cross-platform results.

• More seamless flow of security requirements into the developer's native backlog.
• UI improvements for integration consistency, syncing project requirements and activities with Jira.
• Ensures "Secure by Design" principles become actionable tasks rather than static documentation.

• Tool Orchestration: automatically triggers and correlates data from tools and findings.
• Offensive Reasoning: decides the best attack path, identifies vulnerability chains, and executes controlled Proof of Concepts (PoCs).
• Attack Chain Visualization: a real-time interactive graph shows the AI's reasoning from reconnaissance to successful exploit validation.

Watch the launch webinar: AI Autonomous Pentest.

• Query assets, vulnerability status, and project updates directly within the chat interface.
• Brings Conviso's security intelligence into the developer's AI workspace, enabling faster remediation suggestions and architectural reviews without leaving the LLM environment.

• From Delta to Snapshot: reports moved from a "change-only" view to a Full-Snapshot format. Every DAST execution now reports the complete security posture, including all vulnerabilities.
• Audit Readiness: every scan provides a standalone, auditable record of the application's health, simplifying work for security leaders and compliance officers.

• Persistent Architecture-as-Code: use visual diagrams as the primary driver to update your living security model without starting from scratch.
• Automated Requirement Sync: instantly translate architectural changes into actionable security controls.
• Historical Traceability: native versioning provides a complete audit trail of every design shift, ensuring full compliance and governance.

• Transparent view of the last 1,000 synchronization events between the platform and developer tools.
• Self-Service Troubleshooting: resolve sync issues quickly with detailed context and system messages.
• End-to-End Visibility: monitor the exact flow of findings from the platform to developer backlogs.

• Customize Activities: edit descriptions and steps of an activity to match the project's tech stack.
• Refine the Scope: ensure stakeholders only see activities relevant to their specific project.
• Preserve Templates: all changes are local to the project, keeping organizational "Golden Templates" consistent.

• New Data Classification tiers — Public, Internal, Restricted, Confidential, and Critical — automatically adjust the asset's risk priority.
• Ensures security teams are alerted first to threats affecting their most sensitive data environments.

• Navigate screenshots, documents, and supporting files more intuitively while analyzing activity history.
• Reduces friction during validation processes and helps teams quickly locate evidence needed to confirm remediation or compliance steps.

• Reduces eye strain and improves visual comfort during extended usage.
• Implemented consistently across dashboards, assets, and vulnerability views, with no functional changes to existing workflows.

• Configure Security Gates directly within the CI/CD section of assets.
• Support for multiple vulnerability sources (Conviso AST, Dependency Track, Fortify, SonarQube, SonarCloud, Checkmarx, GitHub, Snyk, Veracode, and MobSF).
• Define severity thresholds per source and optional maximum days to remediate.
• Support for asset-specific policies that override global company rules.

Learn more in the Security Gate documentation.

• Introduced Auto-Fix, which can be triggered directly from vulnerability context.
• Expanded False Positive review support to DAST issues, increasing consistency across scanning sources.
• Improved AI Agent chat usability with Start new conversation to reset context and return to quick actions.
• Multiple stability and quality improvements across agent execution and recurring runs.

• Reduces “blinking” findings (open/close/reopen) caused by data source mismatches.
• Expands advisory coverage and increases trust in the supply-chain vulnerability lifecycle.
• Provides a more reliable foundation for continuous dependency monitoring at scale.

• Added support for GraphQL and SOAP scanning scenarios.
• Improved API schema import workflow: Swagger import via upload and URL.
• Enhanced DAST execution controls, including timeouts and configuration reliability.
• Improved scan lifecycle consistency and operational readiness.

• More organized content and a friendlier navigation experience.
• Improved context-based documentation search.
• Updated vulnerability template references to align with modern OWASP projects and updated databases.

• Security feedback is produced directly in GitHub through checks and annotations.
• Enables a true shift-left workflow by detecting issues while code is being reviewed, without requiring additional configuration.

• Added a new sub-command to list project requirements.
• Improved packaging and consistency for AST distribution.
• Strengthens automation workflows and enables scalable operational usage by AppSec teams.

• Improves real-time visibility into security-related activity across the platform.
• Complements existing workflows with a stronger “single place to monitor what’s happening”.