Release on June 11, 2024

Enhancements

  • Webhooks - users can now add headers sent with the webhook to include authentication headers, enabling webhooks to access authenticated endpoints.
    • Webhooks and their headers can be managed from the Project settings in the Webhooks section. To add a header, do the following:
      • Select a suitable Header name from a drop-down menu or type your own.
      • Provide a Header value to proceed.

📘

There is no limit to the number of custom header values you can add.

Bright's documentation


  • Scan Health monitoring - Easily spot and filter authentication and network issues during a scan with colored indicators based on successful request percentage. This health status refers to scan results, not overall Entrypoint health, highlighting test interactions during scanning.
    • New columns have been added to the Entrypoints table on the Scan Info page: Health, Successful Requests, and Total Requests. The Health metric is calculated by dividing the number of successful requests by the total number of requests.
    • New filters for Health, Successful Requests, and Total Requests are available.
    • Successful Requests are any responses that are not 401 (Unauthorized) or 403 (Forbidden).

Bright's documentation


  • Users can now add metadata to run a new scan call to simplify automation workflows and provide additional metadata for a complex programmatical flow. This is relevant only for API start scans.
  • To add metadata, add the customerMetadata parameter into the request body:
{
  "tests": [
    "csrf",
    "sqli"
  ],
  "buckets": [
    "string"
  ],
  "entryPointIds": [
    "EP_ID"
  ],
  "discoveryTypes": [
    "archive"
  ],
  "poolSize": 50,
  "crawlerUrls": [
    "https://example.com"
  ],
  "attackParamLocations": [
    "artifical-fragment"
  ],
  "extraHosts": {
    "example.com": "127.0.0.1"
  },
  "headers": [
    {
      "name": "Authorization",
      "value": "Bearer token",
      "mergeStrategy": "replace"
    }
  ],
  "fileId": "FILEID",
  "hostsFilter": [
    "localhost:3000"
  ],
  "repeaters": [
    "REPEATERID"
  ],
  "smart": true,
  "optimizedCrawler": true,
  "maxInteractionsChainLength": 5,
  "subdomainsCrawl": true,
  "skipStaticParams": true,
  "projectId": "PROJECTID",
  "exclusions": {
    "requests": [
      {
        "patterns": [
          "(?<excluded_file_ext>(\\/\\/[^?#]+\\.)((?<image>jpg|jpeg|png|gif|svg)|(?<font>ttf|otf|fnt|fon))(?:$|#|\\?))"
        ],
        "methods": [
          "GET"
        ]
      }
    ],
    "params": [
      "^(?!.*login).*$"
    ],
    "htmlSelectors": [
      "/html/body/div[1]/table/tbody/tr/td[8]/a",
      ".mat-focus-indicator .mat-menu-item ng-tns-c46-3"
    ]
  },
  "inclusions": {
    "headers": [
      "Authorization"
    ]
  },
  "slowEpTimeout": 100,
  "targetTimeout": 120,
  "name": "brokencrystals owasp top 10",
  "authObjectId": "AUTHOBJECTID",
  "schedule": {
    "type": "future",
    "repeatInterval": 1000,
    "repeatIntervalUnit": "hours",
    "repeatWeekdays": [
      0
    ],
    "nextRunAt": "2024-06-10T10:17:06.825Z",
    "endAt": "2024-06-10T10:17:06.825Z",
    "runNow": false,
    "skipConcurrent": true
  },
  "module": "dast",
  "templateId": "TEMPLATEID",
  "info": {
    "client": {
      "name": "bright-cli",
      "version": "10.0.0"
    },
    "provider": "string",
    "source": "api"
  },
  "configSource": {
    "type": "integration",
    "metadata": [
      {
        "system": "azure",
        "issueSourceId": "ISSUESOURCEID"
      }
    ]
  },
  "customerMetadata": "TEXT_PLACEHOLDER"
}

  • The customerMetadataThe field is a string type, so any text information can be placed here. The maximum length of this field is 10000 characters.
  • To request previously added metadata, use the endpoint: /api/v1/scans/{SCAN_ID}/customer-metadata