> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corgea.app/llms.txt
> Use this file to discover all available pages before exploring further.
# Changelog
> Product updates and announcements
**Scanning Engine Improvements:**
* Enhanced secret scanning accuracy with improved context analysis, reducing false positives while maintaining comprehensive coverage
* Upgraded endpoint discovery engine for better API detection and call graph analysis
* Improved SBOM generation reliability and accuracy across multiple package managers
* Enhanced language detection for secret scanning with support for additional file extensions
**Performance & Reliability:**
* Optimized batch processing for large-scale scans, improving throughput for enterprise environments
* Enhanced error handling and recovery mechanisms for more robust scan execution
* Improved memory efficiency for processing large codebases
* Better handling of incremental vs full scan detection logic
**Bug Fixes & Maintenance:**
* Fixed issues with scan metadata reporting and GPT error breakdown tracking
* Resolved edge cases in file processing that could cause scans to fail
* Improved parent dependency false positive checking
* General stability improvements and performance optimizations
**UI & Experience:**
* Fixed repository selection for workspaces where Harness is the only connected source control integration, so Harness repositories now appear correctly when creating or selecting projects. — [Learn more](/harness)
**New Features:**
* Added Harness Code integration support, so teams can connect Harness repositories, run pull request scans, receive Corgea comments and status checks, and create fix pull requests directly in Harness. — [Learn more](/harness)
**UI & Experience:**
* Added Git service icons to Content Access project selection, making it easier to distinguish GitHub, GitLab, Azure DevOps, Bitbucket, and local projects.
* Fixed code highlighting in false-positive explanations so inline code renders clearly and safely in issue details.
* Improved scan log file path display and added Scan ID filtering to Advanced Vulnerability Search for more precise scan investigation.
**Reliability & Stability:**
* Improved agent pull request comment handling so Corgea responds more accurately to direct mentions and replies while avoiding comments intended for teammates.
* Corrected duplicate project detection so repositories with the same name in different namespaces are no longer treated as duplicates.
* Improved GitHub retry behavior for transient server and rate-limit responses.
**New Features:**
* Added cross-project dependency management so teams can review approved dependencies and automated suggestions across projects.
**Reliability & Stability:**
* Improved full-incremental scans so copied issues preserve detection history, keeping issue timelines consistent across follow-up scans.
**New Features:**
* Added CVSS score range support for dependency blocking rules, so teams can block SCA findings by precise score ranges instead of severity alone. — [Learn more](/blocking_rules)
**UI & Experience:**
* Improved issue debug details by showing when a dependency false-positive policy was applied, making policy-driven triage easier to understand.
**Reliability & Stability:**
* Improved file ignore rule enforcement so ignored paths are consistently excluded when new issues are created.
* Improved SBOM processing so dependency relationships are parsed more reliably from stored CycloneDX data. — [Learn more](/sca)
* Improved batch API reliability for issue and scan file-log ingestion, reducing contention during large scan result uploads.
**Reliability & Stability:**
* Improved upgrade reliability for issue analysis tracking data, reducing migration risk when moving to this release.
**New Features:**
* Added Fortify FPR upload support for third-party scan imports.
* Added SCA dependency-type visibility for dev and optional dependencies, including filters, badges, issue details, and CSV exports. — [Learn more](/sca)
**UI & Experience:**
* Improved scan list counts by separating code issues from dependency issues and keeping dependency-only scans visible when filtering out empty scans.
* Improved scan policy visibility so policies applied to a scan remain visible even when older or archived versions were used.
* Fixed IaC scan cards so Critical counts display correctly.
* Fixed sidebar account-menu behavior so users can reliably open account actions and log out.
**Reliability & Stability:**
* Improved scan ingestion performance and reliability with batch handling for SCA issues, IaC issues, and scan file logs.
* Improved SCA result deduplication and lookup performance to reduce duplicate findings during high-volume scan processing. — [Learn more](/sca)
* Improved scan API resilience so deleted scans and Rootly heartbeat timeouts no longer cause avoidable server errors.
**UI & Experience:**
* Improved the Dependencies page by making the “Scans Affected” count clickable, opening a detailed modal with affected scans, detection dates, and direct vs. transitive dependency context.
* Improved SCA results visibility with clearer direct/transitive dependency indicators in scan results and package group summaries.
* Improved SCA issue details with sub-dependency count visibility for affected packages.
**UI & Experience:**
* Fixed scheduled scan scope tab switching so Projects, Project Tags, and Teams tabs open correctly during schedule setup.
**Reliability & Stability:**
* Increased supported security-pattern file path length so long paths are stored correctly.
**UI & Experience:**
* Fixed scheduled-scan scope tab switching so changing between Projects, Tags, and Teams consistently shows the correct targeting options.
**UI & Experience:**
* Fixed an issue where Teams did not appear on the Scheduled Scan creation page, so team-scoped schedules can now be configured reliably.
**UI & Experience:**
* Improved Policies page filtering and search usability, including support for searching policies by ID.
**Reliability & Stability:**
* General bug fixes and performance improvements.
**New Features:**
* Added team-based scheduled scan targeting, so you can schedule scans for all projects assigned to selected teams.
* Added support for Corgea-managed read-only policies, including clearer handling for immutable default policy workflows.
**Security & Permissions:**
* Fixed service-principal JWT authentication for Blocking Rules API requests. — [Learn more](/jwt-token)
* Improved Entra JWT issuer handling by normalizing missing trailing slashes in issuer configuration, reducing token-validation setup errors. — [Learn more](/jwt-token)
* Fixed a SAML provider compatibility issue that caused sign-in failures for affected SSO configurations.
**UI & Experience:**
* Fixed issue details metadata presentation by removing incorrect query-name fallback values.
* Fixed issue details rendering regressions so explanation and fix content display reliably.
* Fixed First Detected timestamps so issue views and issue APIs now reflect the true first detection time.
**Reliability & Stability:**
* Improved pull request scan behavior by superseding older pending scans when many commits arrive quickly, so the latest commit scan is prioritized.
* Fixed scheduled-scan execution reliability by correcting cron command path handling and ensuring next-run calculation updates after schedule changes.
**Security & Permissions:**
* Expanded domain-level registration restrictions to cover additional domains and their visually similar homograph variants as part of ongoing abuse prevention controls.
**UI & Experience:**
* Fixed scheduled scan list day-of-week display so weekly schedules now show the correct weekday. — [Learn more](/scheduled-scans)
**UI & Experience:**
* Fixed sidebar account-menu display for users with long names, so profile names no longer overflow or crowd navigation controls.
**New Features:**
* Added filtering on the Policies page so teams can narrow large policy lists faster by relevant criteria. — [Learn more](/policies)
* Added scan-type scoping for scan responses, so API consumers can request only the scan categories they need.
**UI & Experience:**
* Added policy-page access enforcement based on content access controls, so users only see policy data for projects they can access. — [Learn more](/policies)
* Added policy and scan-settings permission gating so users without `change_project` access no longer see or can open restricted project-setting controls. — [Learn more](/project)
* Fixed code-quality CSV/SARIF export behavior and improved filter dropdown spacing for a cleaner export and filtering workflow. — [Learn more](/issue_export)
**Reliability & Stability:**
* Improved SBOM handling by shifting parsing to background workers, reducing request-path load during scan processing.
* Improved CI SCA reporting to focus on packages changed in the pull request, reducing dependency-noise in automated results.
* Fixed scan attribution so automation-triggered runs are consistently labeled as automation.
* Improved scheduled-scan timing so runs respect each schedule's local timezone. — [Learn more](/scheduled-scans)
* Improved GitHub webhook ingestion to handle unsupported Unicode payload edge cases more safely.
* Improved SSO compatibility for strict XML-validation provider configurations.
**UI & Experience:**
* Improved SAML setup with a more guided configuration form, including ready-to-copy IdP URLs and one-click metadata fetch/populate support for core SAML fields.
**Reliability & Stability:**
* Improved SAML sign-in compatibility by falling back to NameID when email attributes are not provided by the identity provider, reducing failed login scenarios for affected SSO configurations.
**New Features:**
* Enabled incremental scans by default for all organizations, so new and existing workspaces get faster follow-up scan coverage automatically.
* Expanded Policy Playground workflows so teams can open supported policies directly in Playground, edit and version them in-place, and scope policies with file glob patterns. — [Learn more](/policies)
**UI & Experience:**
* Improved login behavior so already authenticated users are redirected directly to the Projects page.
* Improved profile administration with company auto-complete on profile edits, including clearer company ID selection behavior.
**Reliability & Stability:**
* Improved CLI upload compatibility for repositories without configured integrations, reducing avoidable upload/prework flow failures.
* Improved policy editing stability with clearer no-change handling during Playground-based policy updates.
* General bug fixes and performance improvements.
**Reliability & Stability:**
* Improved prework scan handling so standard scan selection consistently excludes prework-only and policy-playground scans, reducing incorrect scan context in scan views. — [Learn more](/policies)
* Improved API request tracking coverage for versioned endpoints to provide more consistent monitoring visibility.
* General bug fixes and performance improvements.
**New Features:**
* Added policy-generation prework runs from the Policies page, so teams can trigger targeted policy generation directly from the UI. — [Learn more](/policies)
**Security & Permissions:**
* Added OAuth2 JWT bearer authentication with service-principal permission mapping for API access, enabling secure machine-to-machine workflows without user-bound API keys. — [Learn more](/jwt-token)
**UI & Experience:**
* Improved Service Principal setup guidance for Entra and Okta token configuration, including clearer issuer/audience/application ID instructions. — [Learn more](/jwt-token)
* Improved prework-only scan presentation with clearer scan naming and prework-focused status messaging in scan views.
**Reliability & Stability:**
* Improved full-scan performance for integration-backed repositories, reducing end-to-end scan time in supported cases.
* General bug fixes and performance improvements.
**New Features:**
* Added JIRA ticket creation directly from SCA issue details, including quick access to created ticket links for faster dependency-vulnerability triage. — [Learn more](/jira)
**Reliability & Stability:**
* General bug fixes and performance improvements.
**New Features:**
* Added project-level filtering in Content Access so teams can quickly narrow access reviews to a specific project.
* Added scan trigger-source tracking for CLI and IDE initiated scans, improving visibility into how scans are launched and which client tools are being used. — [Learn more](/cli)
* Added Checkmarx `Path Id` visibility in issue details to improve triage context for scanner-specific findings.
**UI & Experience:**
* Improved the scan comparison experience with custom scan labels, richer false-positive visibility, and new filters for reachability and hold-reason changes.
**Reliability & Stability:**
* Improved pull request diff handling so legitimate findings are less likely to be skipped in automated commenting, including better Bitbucket diff coverage.
* Fixed add-issue flow failures when pull request file metadata is unavailable.
* Improved policy API error handling and validation, including better project-based policy retrieval behavior and clearer invalid-input responses. — [Learn more](/policies)
**New Features:**
* Added scanner metadata to issue API responses, including normalized custom scanner fields, so teams can preserve third-party scanner context during triage. — [Learn more](/api-reference/introduction)
* Added scan-scope filtering for issues APIs by scan type and triggering user, so issue listings reflect the latest matching scan instead of defaulting to unrelated scan runs. — [Learn more](/api-reference/introduction)
* Added support to reconstruct source ZIPs for third-party scanner workflows, improving recovery and reprocessing for uploaded scans. — [Learn more](/upload-report)
**UI & Experience:**
* Improved scan policy issue links and counts so false-positive and fix policies open directly to the associated filtered issue views for the selected scan. — [Learn more](/policies)
**Reliability & Stability:**
* Improved scan pipeline throughput by allowing prework and scan processing to run in parallel, reducing queue delays.
* Fixed content access exports so project access CSVs include complete user/team coverage and explicit entries for projects with no assigned access.
**New Features:**
* Added company domain join controls so organizations can allow users with matching business email domains to join automatically. — [Learn more](/sso)
* Added CWE ignore glob pattern support, so teams can scope ignore rules to specific file paths instead of applying them globally. — [Learn more](/policies)
**UI & Experience:**
* Improved scan filtering with clearer labels, better layout fit, and added scanner options.
* Improved issue details and scan details behavior, including clearer file path display and better filter isolation across tabs.
**Security & Permissions:**
* Added dedicated reporting access control, so reporting pages are now gated by a specific reporting permission.
**Reliability & Stability:**
* Improved webhook delivery and redelivery reliability to reduce duplicate or missed webhook events. — [Learn more](/webhooks)
* Fixed SCIM user provisioning idempotency to prevent duplicate-key failures when the same user payload is sent more than once. — [Learn more](/sso)
* Improved prework scan eligibility handling and related company-setting defaults for more predictable scan behavior.
* Improved stale CI scan cancellation reporting for better operational visibility.
**New Features:**
* Added policy guidance notes, so teams can attach internal instructions that appear directly in related issue details.
* Added prework-driven policy generation controls, including optional review behavior before generated policies are activated.
**UI & Experience:**
* Improved scan page filtering with reorganized controls and cleaner interactions.
* User search now works globally across all pages instead of only filtering the currently visible page.
**Reliability & Stability:**
* Improved webhook receiver reliability and delivery handling for more consistent event processing. — [Learn more](/webhooks)
* Added safer issue/query limits for heavy search, export, blocking-rule, and scan comparison flows to reduce out-of-memory failures.
* Improved GitHub integration resilience with custom retry behavior for transient API failures.
* Updated policy API versioning behavior so newly updated policies are versioned cleanly while older active versions are archived.
* Improved handling when duplicate projects are detected during project lookup to reduce incorrect matching issues.
**New Features:**
* Added customizable webhook request body templates with safe placeholder support, giving you more control over webhook payload formats. — [Learn more](/webhooks)
**UI & Experience:**
* Reachability details are now shown only for direct dependencies, reducing noise when reviewing transitive SCA findings. — [Learn more](/sca)
**Security & Permissions:**
* Improved SAML onboarding and group sync behavior, including fixes for SAML config registration, first-login redirects, and consistent team naming from incoming SAML groups.
**Reliability & Stability:**
* Improved GitLab integration resilience by handling transient connection resets more reliably. — [Learn more](/gitlab)
* Reduced unnecessary integration error logging for cleaner operational visibility.
**Security & Permissions:**
* Improved authentication flow to prevent unauthorized redirects. — [Learn more](/cli)
**Reliability & Stability:**
* Fixed an edge case where SCA triage updates could fail to save in certain scenarios. — [Learn more](/sca)
* Improved reliability of SAML group sync and group mapping behavior.
* Routine dependency updates.
**New Features:**
* Added project tag management through the Projects API, plus `repo_url` filtering/support in project responses for easier project automation workflows. — [Learn more](/project)
* Added CVSS scores to SCA issues API responses to help prioritize dependency vulnerabilities more accurately. — [Learn more](/sca)
**UI & Experience:**
* Fixed the JIRA ticket modal trigger on issue details pages for a more reliable ticket creation flow.
* Improved navigation bar behavior and responsiveness across layouts.
**Security & Permissions:**
* Hardened user group APIs to prevent vertical privilege escalation and improve access safety. — [Learn more](/permission_groups)
**Reliability & Stability:**
* Scan upload API now returns a clear `400` error when required fields are missing, improving API feedback for failed uploads. — [Learn more](/upload-report)
* Improved scan operations with manual scan triggering support for timeout recovery scenarios.
* Fixed vulnerability aging report errors to ensure the page loads reliably.
* Included missing database migrations and resolved migration conflicts for smoother upgrades.
* Improved test execution throughput and coverage reporting to support release stability.
**New Features:**
* Added SBOM (Software Bill of Materials) generation and dependencies view for better visibility into your project components.
* Enhanced vulnerability filtering with the ability to filter SCA dependency vulnerabilities by criticality in the scan view.
**UI & Experience:**
* Improved user interface elements for a better experience.
* Fixed various button interactions and display issues.
**Reliability & Stability:**
* Resolved CLI and IDE integration issues to ensure proper connectivity.
* Enhanced security detection capabilities with expanded vulnerability coverage.
* General bug fixes and improvements for better stability.
**Developer Tools:**
* Updated change log pipeline for improved release documentation.
**New Features:**
* Added support for Coverity integration to expand security scanning capabilities.
* Introduced self-service billing management for easier subscription control.
* Enhanced feedback system to track and display AI agent response history.
**UI & Experience:**
* Improved project navigation when accessing Projects from the Teams page.
* Enhanced dependency filtering to help you better manage project dependencies.
**Reliability & Stability:**
* Improved error handling and logging for better system stability.
* General bug fixes and performance improvements.
**New Features:**
* Added project filter to dependencies view for easier navigation and management
* Added Reachable toggle for endpoint findings filters to help prioritize security issues
**UI & Experience:**
* Fixed Policy Playground line highlighting issue after security scans
* Improved code review diff parsing for better accuracy in change detection
**Reliability & Stability:**
* General bug fixes and improvements
**New Features:**
* Added AI-powered Software Composition Analysis (SCA) for enhanced dependency scanning.
* Implemented user login audit logs for improved security monitoring.
* Added webhook support for user-related events with asynchronous processing.
* Enhanced reporting capabilities with additional metrics and insights.
**Integrations:**
* Improved Azure Repos integration with better URL mapping support.
* Fixed SAML group synchronization for more reliable identity management.
**UI & Experience:**
* Improved color contrast for better accessibility and readability.
* Updated styling for ticket and pull request creation workflows.
* Enhanced issue filtering functionality to work more reliably.
* Fixed logs page to auto-refresh automatically.
* Resolved text display issues throughout the interface.
**Security & Permissions:**
* Enhanced authorization controls for project management operations.
* Improved role-based access control (RBAC) enforcement for API operations.
* Standardized group permission handling for consistent behavior.
**Reliability & Stability:**
* General bug fixes and performance improvements.
* Enhanced test coverage for better system reliability.
**New Features:**
* [Added SCIM Token visibility](/sso#sso-scim-provider-configuration) in the SSO configuration modal for easier identity management setup.
**Reliability & Stability:**
* Improved scan tracking and pull request monitoring with enhanced timeout handling.
* General bug fixes and performance improvements.
**Documentation:**
* Enhanced automated documentation generation for better resource availability.
**New Features:**
* Added support for Glob Pattern configuration in policies, now accessible through the user interface
* Introduced API grouping support for better organization and data management
* Added Agent integration support for Azure DevOps
**UI & Experience:**
* Enhanced dependency view data loading for improved performance
* Improved rendering of tables in security findings markdown display
* Enhanced email validation during sign-up process
**Bug Fixes:**
* Fixed issue where duplicate projects could be created under certain conditions
* Resolved false positive feedback form submission issues
* Fixed database migration issues affecting permissions
**Reliability & Stability:**
* Optimized database queries with new indexing for better performance
* General bug fixes and improvements for enhanced system stability
**New Features:**
* Enhanced webhook notifications now include a summary of scan findings for easier integration and monitoring.
**UI & Experience:**
* Improved clarity for Software Composition Analysis (SCA) issues caused by auto-generated lock files.
* Enhanced the issue detail view page for better readability of SCA findings.
* Policy-only scans now properly display all skipped items for better visibility.
**Reliability & Stability:**
* General bug fixes and improvements for enhanced application stability.
**New Features:**
* Added project-tag search capability across all search fields in Zapier integration
* Introduced new API to retrieve projects programmatically
* Added feedback link for issues
**UI & Experience:**
* Updated code vulnerability side panel to match the improved SCA (Software Composition Analysis) design
* Fixed double search bar display issue in the dependencies tab
* Resolved rendering issues where some SCA issues appeared without titles
**Security:**
* Enhanced content security enforcement on the dependencies page
* Implemented authentication improvements for critical functions
* Strengthened authorization controls to prevent bypass vulnerabilities
* Applied additional security hardening measures
**Reliability & Stability:**
* Improved PR comment formatting for quality scanner results
* Enhanced issue history tracking and fingerprinting
* Resolved multiple error conditions reported through monitoring
* Fixed development environment setup issues
* Improved logging for better troubleshooting and diagnostics
* General bug fixes and performance improvements
**Reliability & Stability:**
* Improved system logging and error tracking for better monitoring and diagnostics.
* General bug fixes and performance improvements.
**New Features:**
* Added SAML group import and configuration for enhanced team access control.
* Added support for filtering issues by branch.
* Introduced new permissions for updating issue status.
* Added pull request search filtering on scan page.
**UI & Experience:**
* Improved issue quick view for better usability.
* Enhanced the fix debug section with clearer documentation.
* Fixed back button navigation on issue pages when changing decisions.
* Resolved pagination issues for the issues list.
* Fixed double scrollbar issue in Advanced search.
* Improved diff viewer performance and loading behavior.
**Scanning & Code Quality:**
* Code quality scans are no longer enabled by default on full scans.
* Enhanced scanning logs for better visibility and diagnostics.
**Reliability & Stability:**
* Fixed SAML metadata endpoint access issues.
* Resolved SAML SSO issue that could create duplicate companies.
* Improved GitHub integration compatibility.
* General bug fixes and performance improvements.
**Bug Fixes:**
* Resolved an issue where Infrastructure as Code (IaC) scan results were not displaying correctly for users.
**Improvements:**
* Enhanced overall system stability and performance.
**New Features:**
* Added support for enhanced Checkmarx integration with improved scan metadata tracking.
* Enabled large SAST scan file upload capability through the CLI for better handling of comprehensive security scans.
**Reliability & Stability:**
* Improved performance and handling of large security scan uploads.
* General bug fixes and improvements.
**Bug Fixes:**
* Fixed an issue with the false positive filter not working correctly on the new scan page.
**UI & Experience:**
* Scan view now defaults to showing only open issues for easier issue management and improved focus on active security concerns.
**Reliability & Stability:**
* Resolved database integrity issues to improve data consistency and application stability.
* General bug fixes and improvements.
**New Features:**
* Added the ability to cancel scans in progress, giving you more control over your workflow.
**Reliability & Stability:**
* Resolved database migration conflicts for improved system stability.
* General bug fixes and performance improvements.
**New Features:**
* Added direct dependencies filtering option with new UI controls
* Enhanced issue filtering capabilities for MCP server and agent
* Improved Azure repository integration with custom rules for better project identification
* Added Infrastructure as Code (IaC) support
**UI & Experience:**
* Refreshed scanner page design for improved usability
* Updated integration page with consistent styling and expiration indicators
**Performance:**
* Optimized advanced search queries for faster results
**Reliability & Stability:**
* General bug fixes and improvements
* Enhanced system stability and performance
**Improvements:**
* Enhanced admin interface compatibility and performance.
* General bug fixes and stability improvements.
**Bug Fixes:**
* Fixed an issue with advanced search default scan type settings.
* Resolved errors in GitHub webhook processing to ensure reliable integration.
* General bug fixes and stability improvements.
**Reliability & Stability:**
* Enhanced error handling for improved system reliability.
* Performance optimizations and backend improvements.
**Search Improvements:**
* Fixed an issue with advanced search when using the false positive filter, ensuring more accurate search results.
**Reliability & Stability:**
* General bug fixes and improvements to enhance platform performance.
**New Features:**
* Added filter view for better organization and navigation.
* Introduced the ability to add teams to projects and projects to teams for improved collaboration.
* Added exclude button for scanning to give you more control over what gets scanned.
**UI & Experience:**
* Project names and repository URLs are now case-insensitive for easier management.
**Reliability & Stability:**
* Improved error handling for GitLab integrations.
* Enhanced user creation process for better reliability.
* Improved logging for Bitbucket authentication issues.
**Improvements:**
* Enhanced cookie handling for better session management and security.
* General bug fixes and performance improvements.
**UI & Experience:**
* Improved the SCA (Software Composition Analysis) page display and functionality.
* Added cookie consent management for better privacy controls.
**Reliability & Stability:**
* General bug fixes and improvements for enhanced application performance.
**Integrations:**
* Improved Jira ticket creation visibility - tickets are now accessible regardless of fix status.
**Reliability & Stability:**
* Enhanced system performance and stability.
* General bug fixes and improvements.
**Performance & Monitoring:**
* Enhanced application performance monitoring with improved latency tracking capabilities.
**Reliability & Stability:**
* Resolved issues to improve overall system stability and reliability.
* General bug fixes and improvements.
**UI & Experience:**
* Redesigned the clear filters button for a cleaner, more intuitive interface
* Removed confidence filtering from the UI to streamline the issue management workflow
**Performance & Reliability:**
* Improved performance when adding new issues to your dashboard
* General bug fixes and stability improvements
**Reliability & Stability:**
* Improved logging and system diagnostics for better performance monitoring.
**Reliability & Stability:**
* Improved status update handling to prevent errors in edge cases.
* Enhanced data processing reliability.
**New Features:**
* Added export functionality for advanced vulnerability search results.
**Security & Authentication:**
* Enhanced token security with encryption and expiration management.
* Improved password reset validation to support additional special characters.
**Reliability & Stability:**
* Resolved issue creation errors and improved system performance.
* General bug fixes and improvements for enhanced stability.
**New Features:**
* Added [Bitbucket integration support](bitbucket) for seamless workflow automation with your Bitbucket repositories.
**Reliability & Stability:**
* General bug fixes and performance improvements.
**New Features:**
* Added Quick View for viewing security issues with improved navigation
* Introduced Dependency Vulnerability Details page for comprehensive vulnerability analysis
* Added markdown support for enhanced documentation and formatting
* New filter to display only scans with identified issues
* Enhanced policy configuration with support for [append instructions](policies#policy-structure)
* Improved scanner timing metadata for better performance tracking
**UI & Experience:**
* Enhanced vulnerability search with loading indicators for better user feedback
* Fixed sticky navigation and centered navigation buttons for improved layout
* Reorganized scan display with better prioritization of top issues
* Added date information to scan history expansion view
* Improved navigation layout and responsiveness
**Team & Access Management:**
* Enhanced webhook functionality to include user comments from issue history
**Pull Request Improvements:**
* Deactivated PR rules can now be reactivated as needed
* SCA (Software Composition Analysis) issues on PRs are now properly sorted
**Reliability & Stability:**
* Improved error messaging for SAML authentication issues
* Enhanced handling when fix summaries are unavailable
* Quality scanner enhancements for more reliable results
* General bug fixes and performance improvements
**New Features:**
* Added advanced vulnerability search capability to help you find and filter security issues more efficiently.
* Introduced intelligent false positive detection to reduce noise in your security findings.
**UI & Experience:**
* Enhanced pagination controls now properly maintain your selected filters as you navigate through pages.
* Streamlined and optimized the user interface for better performance.
**Integrations:**
* Improved Azure DevOps integration performance for faster and more reliable operations.
**Reliability & Stability:**
* General bug fixes and performance improvements across the platform.
* Backend optimizations for enhanced stability.
**New Features:**
* Enhanced dependency filtering capabilities for better project management.
**Integrations:**
* Improved Azure DevOps integration with better handling of pull request differences.
**Reliability & Stability:**
* Fixed filtering functionality to ensure consistent behavior.
* General bug fixes and performance improvements.
**New Features:**
* Scheduled scans are now enabled by default for all projects.
* Added filtering capabilities for scheduled scanning to help you manage your scan configurations.
* Introduced support for container scanning (only available per request).
* Enhanced project tagging functionality for better organization.
**Improvements:**
* Improved scheduled scan editing experience on initial load.
* Enhanced GitLab scheduled scan integration to properly detect branch names.
* Better handling of tag management in scheduled scans.
**UI & Experience:**
* Fixed font rendering issues in SCA (Software Composition Analysis) views.
* Resolved layout display issues in SCA interface.
**Reliability & Stability:**
* Fixed several issues with scan error handling and API responses.
* Improved content access management workflows.
* General bug fixes and performance improvements.
**Bug Fixes & Improvements:**
* Resolved an issue with editing scheduled scans to ensure configuration changes are properly saved.
* Improved text formatting and structure in policy descriptions for better readability.
**Improvements:**
* Enhanced repository connection reliability and error handling.
* Improved PolicyIQ feature accessibility across different plan types.
**Bug Fixes:**
* Resolved credential validation issues when accessing repositories.
* Fixed plan verification logic for PolicyIQ features.
**New Features:**
* Added [blocking rules capability to Software Composition Analysis (SCA)](/blocking_rules#rule-types) for enhanced security control.
**Reliability & Stability:**
* General improvements and bug fixes for better platform performance.
**Authentication & Access:**
* Improved SAML login group validation for more reliable authentication.
**Reliability & Stability:**
* Enhanced version comparison logic for software composition analysis.
* General bug fixes and performance improvements.
**New Features:**
* Added ability to edit SAML configuration settings for enhanced authentication management.
**Reliability & Stability:**
* General improvements and bug fixes to enhance platform stability.
**Authentication & Access:**
* Enhanced Single Sign-On (SSO) authentication with improved group-based access controls and configuration options.
**Reliability & Stability:**
* General bug fixes and improvements for enhanced system performance.
**New Features:**
* SCA license information is now optional, giving you more flexibility in compliance workflows.
* Email addresses are now automatically normalized to lowercase during sign-up and registration for consistency.
**Access Control Improvements:**
* Admin users now have full access to all projects, even when access controls are enabled.
* Enhanced content access control functionality across the platform.
* Resolved issues with access control permissions not applying correctly.
**Integrations:**
* Improved Azure DevOps integration to handle pull request links more gracefully.
* Fixed GitLab comment posting functionality.
* Enhanced error handling for git operations.
**Bug Fixes & Improvements:**
* Fixed counting accuracy issues in reporting.
* Resolved performance issues in dependency analysis.
* General stability improvements and bug fixes.
**Integrations:**
* Enhanced third-party scanner integration support for improved compatibility.
**Authentication & Security:**
* Improved Single Sign-On (SSO) authentication flow for better reliability.
**Reliability & Stability:**
* General bug fixes and improvements for enhanced system performance.
**New Features:**
* Added support for scheduled scans on remote projects that haven't been fully onboarded yet.
**Reliability & Stability:**
* Resolved security vulnerabilities to improve application safety.
* General bug fixes and improvements for enhanced stability.
**Authentication & Security:**
* Improved Google authentication and single sign-on experience.
**UI & Experience:**
* Enhanced pagination controls for easier navigation through content.
* Improved project selection in scheduled scan settings.
**Reliability & Stability:**
* General bug fixes and performance improvements.
**New Features:**
* Added dropdown menu to PR rule management page for easier configuration.
**UI & Experience:**
* Enhanced CSV export functionality for SAST findings with additional data fields.
* Improved project search functionality on content access page.
**Reliability & Stability:**
* Fixed issues with pull request commenting to prevent duplicate comments.
* Resolved project lookup errors that could occur in certain scenarios.
* Improved endpoint discovery processing for more accurate results.
* General bug fixes and performance improvements.
**New Features:**
* Added CVSS scoring display for dependency vulnerabilities to help you better assess risk levels.
* Introduced webhook subscriptions for automated workflow integrations.
* Added support for multi-select projects in content access management for easier permission configuration.
**UI & Experience:**
* Restored code view in advanced search functionality.
* Improved classification display for long security issue names.
* Enhanced permission management with an improved checkbox experience.
* Refreshed user interface on the users page for better clarity.
* Added fix date tracking and improved related UI elements.
**Reliability & Stability:**
* Fixed issue tracking to properly handle cases where previously fixed issues are detected again.
* Improved fix history management - previous fixes are now automatically archived when new fixes are added.
* General bug fixes and performance improvements.
**New Features:**
* Added new [Teams](teams) & [Content Access Controls](content-access-controls) for project-level access.
**UI & Experience:**
* Improved several interface elements for a smoother workflow.
* Fixed issues with "Add Group" buttons not responding as expected.
**Reliability & Stability:**
* Updating pull-request status will no longer interrupt or fail a running scan.
**Developer Workflow Enhancements:**
* Automatically sets a default branch when no current branch is detected to ensure uninterrupted scanning and smoother onboarding.
**New Defaults & Onboarding:**
* New AI-native SAST scanner version
**UI Improvements:**
* Added export functionality on the user list page.
* General UI refinements to improve clarity and consistency.
**Integrations & Reliability:**
* Fixed an issue causing file fetch failures for Azure DevOps repositories.
**General Improvements:**
* Minor formatting and maintenance updates for overall stability.
**New Features:**
* Introduced the Corgea Agent, enabling expanded automation and improved scan workflows.
**Access Control:**
* Added new permissions for the Integrations page, giving administrators more granular control.
**Notifications & UI:**
* Improved notifications for assigned issues.
* Additional UI fixes to ensure a smoother user experience.
**Developer Workflow:**
* Improved logic for handling PR updates and fallbacks when commit data is missing.
**General Improvements:**
* Overall reliability enhancements and background maintenance.
**Improved UI & Developer Experience:**
* Refined the width of the user detail slide-out for a cleaner layout.
* Enhanced filter controls and applied several UI polish
updates across the platform.
* Corrected the "View More Details" link in check-run views for smoother navigation.
* Improved the Azure DevOps experience by fixing URLs, improving the new-scan interaction, and displaying project names accurately.
**3rd party scanners:**
* Fixed policy bug 3rd party scanners
**Platform Stability & Data Integrity:**
* Prevented the creation of duplicate projects within the same company.
**Configuration Enhancements:**
* Added support for new ignore rules in scan configuration to give teams more control over scan output.
**UI & Workflow Improvements:**
* Corrected filtering behavior for dependency views to ensure accurate and intuitive results.
**User Interface Enhancements:**
* Relocated the user search bar to provide a more intuitive navigation experience.
* Removed an incorrect warning message that appeared for public-repository projects.
**Scanning & Reporting Improvements:**
* Improved CI review comments by using a more concise and helpful summary.
* Expanded internal issue tracking with additional properties for better reporting and analytics.
**Platform Stability:**
* Fixed agent-related actions to ensure consistent scan execution.
* Prevented project tag updates from unintentionally overwriting existing values.
**Improvements:**
* Fixed error because of long file path.
**Bug Fixes:**
* Fixed an issue with dropdown menus not displaying correctly.
**Platform Stability:**
* Improved GitHub reliability by handling user error cases.
* Updated button styling for better visual consistency.
**New Features:**
* Added a SAML tab on the users list page for easier identity management.
**UI & UX Improvements:**
* Fixed page shifting when creating new scans or interacting with menu icons.
* Improved redirection logic for admin users to ensure smoother navigation.
* Fixed an issue where policies were not displaying properly in the policies view.
**New Features:**
* Added support for "New Scan" on projects uploaded as ZIP files.
* Enabled "New Scan" functionality for public repository URLs.
**UX Enhancements:**
* Improved the inbox page with search functionality and cleaner spacing.
* Updated redirection logic to send users without permissions to the inbox page.
**Stability:**
* Suppressed unnecessary Slack webhook error messages for a cleaner log experience.
**New Features:**
* Vulnerability Source from OSV: Added detailed vulnerability source information powered by the OSV database, enhancing transparency and traceability in scan results.
**Improvements:**
* History View: Enhanced the history view for a clearer, more streamlined experience.
* Commenting Experience: Improved commenting interface and added AI-powered LLM explanations for better context understanding.
* Repository Dropdown: Fixed overlapping UI elements between the repository dropdown and navigation bar.
* Search Bar on Projects Page: Refined search functionality for smoother navigation and quicker access to projects.
* Case-Insensitive Branch Search: Dropsite branch search is now case-insensitive for easier usability.
**Bug Fixes & Stability:**
* Resolved issues with project list visibility for GitHub repositories.
* Improved handling of missing Git user info to prevent failures.
* Addressed GitLab "branch not found" errors gracefully.
* General bug fixes and performance improvements.
**New Features:**
* Scan Audit History: Added a dedicated tab for viewing detailed scan audit history.
**Improvements:**
* Enhanced messaging and consistency across various pages.
* Displayed a proper 404 error page for invalid scan or issue links.
**Bug Fixes & Stability:**
* Fixed inaccurate counts on the scan page for non-BLAST scans.
* Improved API handling for invalid or missing scan IDs.
* Stability fixes for integration tests and backend reliability.
**Bug Fixes & Stability:**
* Fixed versioning display to ensure accurate build tracking.
* General fixes and optimizations for smoother performance.
**New Features & Enhancements:**
* Enhanced Export Capabilities: Added support for exporting CSV reports that include false positive data for comprehensive security analysis.
* Advanced API Filtering: Introduced filtering and sorting capabilities in the API to provide more flexible data access and integration options.
* Third-Party Scanner Integration: Improved support for third-party security scanners with enhanced deep linking capabilities for seamless workflow integration.
* Checkmarx Integration: Added additional context support for Checkmarx scans to provide more detailed security insights.
**Performance & Usability Improvements:**
* Scan List Optimization: Significantly improved page load times for the scan list to provide faster navigation and better user experience.
* Enhanced Issue Management: Fixed issues with false positive visibility controls to ensure accurate issue filtering and management.
* Improved Scan Organization: Code quality scans are now properly excluded from the main scan list for cleaner project organization.
**Platform Reliability:**
* Enhanced Monitoring: Improved system monitoring with heartbeat functionality for better service reliability.
* Issue Status Management: Fixed issue status inheritance to ensure consistent status tracking across projects.
* Jira Integration: Resolved Jira integration issues for seamless ticket management.
* File Type Handling: Improved file type detection and processing for more accurate scan results.
**General Improvements:**
* Various bug fixes and performance enhancements across the platform.
* Improved user experience based on customer feedback.
* Enhanced system stability and reliability.
**New Features & Enhancements:**
* Project Management: Added permissions to allow authorized users to delete projects when needed.
* CWE Filtering: Introduced an option to filter vulnerabilities by CWE category directly in project settings.
* SAML Integration: Added support for assigning default groups when users log in via SAML.
* Language Detection: The platform now automatically detects the programming language for imported scans, improving compatibility and accuracy.
* Endpoint Discovery: Enhanced the endpoint discovery engine with support for PHP and C# projects.
* Feedback System: Added the ability to provide feedback on false positives to continuously improve detection accuracy.
**Platform Improvements:**
* Improved GitLab and Azure DevOps scheduled scan reliability.
* Enhanced GitHub app installation handling to support webhook timing edge cases.
* Ensured all project types can be deleted consistently.
* Prevented unnecessary processing of privileged users during webhook callbacks.
* Streamlined project linking using project IDs for more consistent behavior.
**General Fixes & Maintenance:**
* Fixed minor UI issues such as button alignment and whitespace handling.
* General performance, stability, and reliability improvements across the platform.
**New Features:**
* Risk Management Enhancements: Added automatic expiry options for accepted risks, making it easier to manage ongoing security decisions.
* Project Settings Update: Improved project settings interface for a smoother configuration experience.
**AI & Automation Improvements:**
* False Positive Detection: Upgraded the false-positive detection system to use GPT-5, providing smarter and more accurate results.
* Automated QA Checks: Added issue codes for quality assurance checks and improved retry handling when checks fail.
* Improved Ignore File Support: Added support for ignore files (corgea.yaml) within project settings for more flexible configurations.
**Usability & Interface Improvements:**
* Search Bar Enhancements: Added a "Clear" button and improved multi-select behavior in the search bar.
* CWE Filter Fix: Enhanced auto-search functionality for CWE filters to deliver more accurate filtering.
* Improved Error Messages: Cleaned up and clarified various error messages for better readability.
* Projects Page Fixes: Improved layout and stability on the Projects page for smoother navigation.
* Webhook Settings: Fixed Azure webhook link display for easier configuration.
**Stability & Performance:**
* Scan Overview API: Fixed an issue that could cause server errors when loading scan overviews.
* Command-Line Scans: Improved handling for CLI-based scans to ensure smoother operations.
* General Bug Fixes & Improvements: Various performance and reliability enhancements across the platform.
**Major Platform Updates:**
* Complete UI Redesign: Overhauled the entire user interface with modern design principles and improved user experience.
* Performance Optimization: Significantly improved platform performance with faster load times and smoother interactions.
* Mobile Responsiveness: Enhanced mobile experience with responsive design improvements across all pages.
**Security Enhancements:**
* Advanced Vulnerability Detection: Upgraded security scanning algorithms to detect more sophisticated threats.
* Real-time Security Monitoring: Added continuous security monitoring capabilities for immediate threat detection.
* Enhanced Compliance Reporting: Improved compliance reporting features with more detailed analytics and export options.
**Integration Improvements:**
* New API Endpoints: Added 1new API endpoints for better third-party integrations.
* Webhook Enhancements: Improved webhook reliability and added support for custom payload formats.
* CI/CD Pipeline Integration: Enhanced integration with popular CI/CD platforms for seamless security scanning.
**Developer Experience:**
* Improved Documentation: Comprehensive updates to API documentation and developer guides.
* Better Error Handling: Enhanced error messages and debugging capabilities throughout the platform.
**Infrastructure & Reliability:**
* Scalability Improvements: Enhanced platform scalability to handle increased user load.
* Monitoring & Alerting: New monitoring systems and alerting mechanisms for better system reliability.
* New scans page to view all scans with filters
* Filtering on the reporting page
* Fix feedback redesign
* New Dropsite
* New User management views
* Admin and user token rotation
* New reporting page
* Signin redesign
* Registration redesign
* New issue view. View by CWE, File or all the issues.
* Diff viewer line-by-line or side-by-side
* Added Additional Instructions to inform engineers of additional steps needed
* Advanced False Positive Detection
* Launched Corgea [VS Code](/vsc_extension) plugin
* Support to fix Checkmarx SAST scan findings
* New Dropsite to upload code and vulnerability data without the Corgea CLI
* Added [Azure DevOps Integration](/azure_devops)
* Updated Github PR comment
* Added Projects pagination
* Corgea CLI [pypi package](https://pypi.org/project/corgea-cli/)
* Improvements that increased fix coverage by 10%
* New Projects view to see all projects
* Introduced Corgea Verified to show quality checks
* Improved fix quality
* White consistency improvements
* CLI improvements
* Added filter tags for Date & Issue type on the Issues table
* Introduction of Single tenant support
* CLI authentication checks before scan
* Shortened Fix explanations to improve legibility
* Security fixes
* GitHub Oauth login and registration
* [GitHub App for Corgea](https://github.com/apps/corgea)
* Improved how to fix vulnerable code in large functions
* Updated Fix and Quality models to increase fix quality
* Added Projects to the filter criteria on the Issues list page
* C# language support
* Sorting and filtering of issues
* New CLI tool
* Additional fix quality checks
* CodeQL support
* Github integration for issuing fixes
* Ruby language support
* Java language support
* Go language support
* Added download fix as a git diff and a full file
* Added email notification when fixes are available
* Added ability to delete issue
* Code integrity improvements