BlogOpen a Ticket
Changelog
Back to All

Invicti ASPM Release v1.112.0 27th May, 2026

16 days ago by Seda Akkan

Invicti ASPM v1.112.0 released!

New Features

  • CheckmarxOne API Security integration — ASPM can now ingest API security findings from CheckmarxOne alongside existing SAST results.
  • AI-based remediation advice in Pull Requests — Multi-provider AI support is now available for PR remediation suggestions, replacing the previous single-provider implementation.
  • EUVD Threat Intelligence integration — The European Union Vulnerability Database (EUVD) has been added as a new Threat Intelligence source to enrich vulnerability data.
  • VEX (Vulnerability Exploitability eXchange) support — Scanner-provided VEX applicability data from JFrog Xray, Snyk, and BlackDuck is now ingested, stored, and displayed. A dedicated VEX statement card with status badges and a sortable VEX column are available in vulnerability detail views.
  • AI-based CWE predictor — Missing CWE classifications on vulnerabilities are now automatically predicted using vector similarity matching.
  • Wiz tag filtering — Cloud finding results from Wiz can now be filtered by tags. Additional cloud filter fields — finding status, CVSS score, and detection date — have been added to the filter modal.
  • Infrastructure group severity and name filters — Severity and infrastructure group name filters have been added to Infrastructure Group rules and the infrastructure vulnerability search endpoint.
  • Runtime Exposure page redesign — The Runtime Exposure page has been redesigned to match the updated DAST-SAST Correlation design. The new layout includes real scanner logos, improved filter dropdowns, CWE-based sorting, and dark mode improvements.

Improvements

  • Issue priority sync — Issue priority is now automatically synced to the severity of the highest open linked vulnerability when vulnerabilities are updated.
  • Mend multi-instance and multi-project support — Multiple Mend instances can now be configured within a single integration, and project names are correctly backfilled for existing scan data.
  • BlackDuck VEX mapping — The KnownNotAffected remediation status is now supported, and AFFECTED entries are enriched with upgrade guidance where available.
  • Azure multi-org sync resilience — Organizations that fail during repository listing are now skipped individually rather than failing the entire sync operation.
  • AMAN deduplication performance — Parent election writes have been batched and the merge status update has been hardened for improved performance and consistency.
  • VEX filter indexes — Database indexes for VEX filters on the scan vulnerabilities collection have been added to improve query performance.
  • Rapid7 result retrieval — Result retrieval has been hardened with improved diagnostics for failure scenarios.

Bug Fixes

  • Audit Log export event name — An incorrect constant name in the Audit Log export event type definition has been corrected.
  • Nuclei scanner report failures — Nuclei scanner report processing failures have been resolved.
  • Jira assignee field on bulk Assign modal — The Jira assignee hide behavior on the Asset Management bulk Assign modal has been restored. When "Use Assignee Field" is disabled in Jira integration settings, the assignee is no longer included in any payload.
  • Frontend security dependency updates — axios and follow-redirects have been upgraded to resolve active Snyk findings.