Security Roots Ltd

Dradis is now Docker-first, with full Docker Compose support, simpler setup, and simpler upgrades. For most teams this means significantly less ops overhead and a deployment path that actually scales. OVA and DUP installs are still supported while teams migrate. If your team runs Dradis via OVA or DUP, now's the time to start planning the move!

Dradis v5.0.0 is here. Powerful reporting engine updates to control alignment and image manipulation. Dradis is now Docker first. Full Docker Compose setup, simpler upgrades, less ops overhead. If your team has been putting off updating, the barrier just got a lot lower. Echo is out of Beta and your custom prompts now surface directly in your workflow. Trigger a suggestion on any finding, review it, save it. Assisted reporting that runs locally and never touches a third-party API. Your findings stay on your infrastructure. Also in v5: dark mode, Personal Access Tokens (PAT) for scoped and agentic API access, GitHub style inline comments in QA, expanded webhook coverage across Issues, Projects and the Results Portal, and BI dashboard access for contributors. Full release notes: https://lnkd.in/dJr-RXmz

🔗 [New Integration Spotlight] The Hackuity - Dradis Pro integration allows you to import of penetration testing results from Dradis Pro into Hackuity platform. The connector is now available on the Hackuity platform. Explore #Hackuity + #DradisPro (and more available connectors) here 👇 https://lnkd.in/gzKVVzdu Security Roots Ltd #cybersecurity #innovation #vulnerabilitymanagement

Curious about using AI to speed up reporting, but can’t justify sending sensitive findings to a third-party cloud, this is for you. Dradis Echo runs on your infrastructure via Ollama. No external APIs. No cloud processing. You choose the model. Your data stays inside your perimeter. Currently with Echo Beta you can re-write and summarize issues. When Echo v1 is released you will be able to: - Rewrite rough tester notes into clearer, client-ready language (with human review) - Expand brief remediation notes into more complete, actionable steps - Standardise tone and terminology across your team’s write-ups - Extract key details from long findings to reduce manual cleanup Echo doesn’t “auto-publish” anything. It suggests, then you review, edit, and approve before saving. If you want to see how Echo fits into your existing workflow (and which use cases you want next), drop a comment or DM .

Webhooks are now available in Dradis Gateway 🎉 If you’re using Gateway to manage client requests and deliverables, you can now trigger automated actions across the rest of your security stack based on real events - without manual follow-ups. Send these events to any HTTP endpoint, then use Zapier/n8n/Make (or your own service) to decide what happens next. What you can automate: - Questionnaire sent → e.g., kick off an onboarding flow, create an intake task, notify your team (Slack/Teams/etc.) - Questionnaire submitted → e.g., sync scope/details into your ticketing or project system (Jira/Azure DevOps/ServiceNow/etc.) - Questionnaire updated → e.g., keep stakeholders and tracking systems aligned as requirements change - Client comment added → e.g., create a follow-up task or flag for review - Deliverable downloaded → e.g., notify the team and update your delivery status This is the first step: Gateway webhooks are supported today, and we’re planning to expand webhook coverage to more Dradis events soon. If you want to see it in action (or tell us which events you want next), drop a comment 

New in Dradis Pro v4.19 Dradis Echo (beta): context-aware, intelligent automation, on your own infrastructure Echo understands your Dradis finding fields, project data, and team standards so it can surface the right suggestion at the right moment - all running locally via Ollama. Private by design - Your sensitive assessment data never leaves your network - No external APIs, no cloud processing, no third-party data handling - No training someone else’s models with your findings Flexible & workflow-aware - Bring your own LLM and switch between models - Build a context-aware library of prompts that match your reporting workflow - Lean on Echo to summarize raw scanner output, rewrite tester notes into executive-ready language, or turn brief remediation notes into detailed steps - Stay in control: review, edit, and approve suggestions, backed by Dradis’ built-in QA workflow Webhooks for Dradis Gateway: turn Gateway events into automation across your security stack Trigger actions from: - Contributor requests - Remediation progress - Project completion Kick off onboarding when a client submits a project, post Slack updates, or sync ticket status across Jira, Azure DevOps, or ServiceNow. IssueLibrary improvements: - Bulk-import issues via CSV - Bulk-delete issues directly from the IssueLibrary view - See each entry’s QA status before importing it into a project Plus editor toolbar upgrades, clearer primary actions, contributor dashboards, webhook instrumentation, and more under-the-hood enhancements. Full release notes: https://lnkd.in/eTAe4DWy

Solid approach to testing Next.js Server Actions - great for report templates. https://lnkd.in/eKQSYug2

State-sponsored actors exploited Cisco ASA zero-days (CVE-2025-20333, CVE-2025-20362) with ROM-level persistence, while Cl0p leveraged Oracle EBS RCE (CVE-2025-61882) via chained SSRF and template injection. Meanwhile, Palo Alto login portals saw a 500% scanning surge — with shared infrastructure across Cisco, Palo, and Fortinet campaigns suggesting coordinated reconnaissance. The pattern is clear: multi-stage exploits and cross-vendor targeting compress response windows. GreyNoise data shows CVE disclosures follow scanning surges within 6 weeks. Which challenge hits your team hardest: tracking complex exploit chains, correlating findings across perimeter devices, or maintaining evidence quality under emergency timelines? Get weekly intel like this → https://lnkd.in/ghWWqUXj

Clients pay for outcomes, not hours. But proving value beyond invoices and timesheets has always required extra work. Dradis v4.18 changes that. The improved Business Intelligence Dashboard now includes: - Year-over-year trends for activities and custom properties - Analysis of the most common issues across all projects - Custom Properties view to segment by test type, vertical, or client tier - Sub-navigation for faster insights No separate tracking. No spreadsheet overhead. Just intelligence built from the work you're already doing in Dradis. Show maturity improvements over time. Benchmark across engagements. Identify repeat issues and standardize your offerings. Manage margins with utilization and capacity visibility. Nicola's deep-dive on the BI improvements: https://lnkd.in/ekfFMFnT

Three developments stood out this week. First, CometJacking turned Perplexity's AI browser into a one-click data exfiltration tool - no credentials needed. Second, Red Hat's GitLab breach exposed 28,000 consulting repositories containing customer engagement reports, tokens, and infrastructure specs. Third, Cl0p exploited Oracle EBS zero-day CVE-2025-61882 for mass extortion, demanding up to $50M from enterprises. Each incident underscores a shift: AI tools expand attack surfaces, self-hosted infrastructure security matters more than ever, and coordinated response beats siloed efforts. Get weekly intel like this → https://lnkd.in/ghWWqUXj