Enhancement

Runtime Indicators for Repeaters

We add runtime indicators to the Repeater selector and the Repeater settings page.

You can now see the number of queued, running, and scheduled executions for each repeater. You can also filter and search repeaters by connectivity and workload, making it easier to choose the right repeater.

In addition, the Repeater settings page now shows the number of projects connected to each repeater as well as filtering and searching options.

This helps you select repeaters with full visibility into their current usage, improving workload distribution and overall system awareness.

Task Duration Limits

You can now set execution duration limits for scans and discoveries using hours or days via Scan/Discovery Overview tab -> Task duration limit.

When the limit is reached, the execution is automatically paused. The system shows a clear pause reason and sends notifications in the UI and by email.

You can configure this feature through both the UI and the API, and it is enforced by the scheduler.

This gives you more control over long-running executions, helps prevent runs from continuing indefinitely, and makes it easier to manage system resources.

MCP Server Discovery and scan

The crawler now detects MCP servers and extracts their tools, resources, and prompts as separate entrypoints.

In the UI, you can see the MCP server name in a new column. You can also filter entrypoints by MCP type in the table. (Need to be added via the add filter option)

This update gives you better visibility into MCP-related attack surfaces and lets you start working with MCP entrypoints right away, without waiting for additional grouping.

For more information, visit our documentation

Updates to Injection Testing and Unconfirmed Issues

As part of our ongoing efforts to improve the accuracy and reliability of our security testing, we updated how unconfirmed issues are handled in the platform.

• Unconfirmed Issues
  New unconfirmed issues will no longer be generated.
  Existing unconfirmed issues will remain in the system, but will not be automatically removed.

• MongoDB (NoSQL) Injection Test
  This test is deprecated and removed from the platform, as it primarily generated unconfirmed issues.

These changes are intended to reduce noise and help you focus on verified, actionable findings.

If you would like to fully remove existing unconfirmed issues from your environment, please contact our support team.

Important: These changes do not impact any API functionality or existing API calls.

STAR Enhancements ⭐

Better Golang support

STAR agents can more deeply understand the connectivity between affected code and entry points in Go applications.

Anthropic support

STAR can be powered by Anthropic inference.

OpenAI-compatible endpoint support

Any OpenAI-compatible endpoint can now be used for STAR, such as Azure or self-hosted inference.

UI Enhancements

• Authentication Flow Redesign - Simplified configuration flow and improved UX for faster, clearer setup.

• Confirmation dialog for stopping discoveries - A confirmation dialog now appears when stopping a discovery, helping prevent accidental interruptions.
• Scheduled Tasks show exact start time - The Scheduled Tasks widget now displays a fixed start date and time ("Start Time") instead of a countdown.
• Wider dashboard drawers- Dashboard drawers are now wider, reducing the need for horizontal scrolling and improving readability.

Deprecation Notice - July 7, 2026

We are deprecating the unpaginated endpoint: GET /api/v1/scans/:scanId/issues

What’s changing

This endpoint currently returns the full list of issues for a scan without pagination. This behavior will be limited. Starting July 7, 2026, the endpoint will return a maximum of 100 issues per request.

What you need to do if you are using this endpoint:

• Migrate to the paginated endpoint: GET /api/v2/scans/:scanId/issues
• Update any automation, scripts, or integrations to support pagination
• Avoid relying on full dataset retrieval in a single request