Release on June 11, 2024


  • Webhooks - users can now add headers sent with the webhook to include authentication headers, enabling webhooks to access authenticated endpoints.
    • Webhooks and their headers can be managed from the Project settings in the Webhooks section. To add a header, do the following:
      • Select a suitable Header name from a drop-down menu or type your own.
      • Provide a Header value to proceed.


There is no limit to the number of custom header values you can add.

Bright's documentation

  • Scan Health monitoring - Easily spot and filter authentication and network issues during a scan with colored indicators based on successful request percentage. This health status refers to scan results, not overall Entrypoint health, highlighting test interactions during scanning.
    • New columns have been added to the Entrypoints table on the Scan Info page: Health, Successful Requests, and Total Requests. The Health metric is calculated by dividing the number of successful requests by the total number of requests.
    • New filters for Health, Successful Requests, and Total Requests are available.
    • Successful Requests are any responses that are not 401 (Unauthorized) or 403 (Forbidden).

Bright's documentation

  • Users can now add metadata to run a new scan call to simplify automation workflows and provide additional metadata for a complex programmatical flow. This is relevant only for API start scans.
  • To add metadata, add the customerMetadata parameter into the request body:
  "tests": [
  "buckets": [
  "entryPointIds": [
  "discoveryTypes": [
  "poolSize": 50,
  "crawlerUrls": [
  "attackParamLocations": [
  "extraHosts": {
    "": ""
  "headers": [
      "name": "Authorization",
      "value": "Bearer token",
      "mergeStrategy": "replace"
  "fileId": "FILEID",
  "hostsFilter": [
  "repeaters": [
  "smart": true,
  "optimizedCrawler": true,
  "maxInteractionsChainLength": 5,
  "subdomainsCrawl": true,
  "skipStaticParams": true,
  "projectId": "PROJECTID",
  "exclusions": {
    "requests": [
        "patterns": [
        "methods": [
    "params": [
    "htmlSelectors": [
      ".mat-focus-indicator .mat-menu-item ng-tns-c46-3"
  "inclusions": {
    "headers": [
  "slowEpTimeout": 100,
  "targetTimeout": 120,
  "name": "brokencrystals owasp top 10",
  "authObjectId": "AUTHOBJECTID",
  "schedule": {
    "type": "future",
    "repeatInterval": 1000,
    "repeatIntervalUnit": "hours",
    "repeatWeekdays": [
    "nextRunAt": "2024-06-10T10:17:06.825Z",
    "endAt": "2024-06-10T10:17:06.825Z",
    "runNow": false,
    "skipConcurrent": true
  "module": "dast",
  "templateId": "TEMPLATEID",
  "info": {
    "client": {
      "name": "bright-cli",
      "version": "10.0.0"
    "provider": "string",
    "source": "api"
  "configSource": {
    "type": "integration",
    "metadata": [
        "system": "azure",
        "issueSourceId": "ISSUESOURCEID"
  "customerMetadata": "TEXT_PLACEHOLDER"

  • The customerMetadataThe field is a string type, so any text information can be placed here. The maximum length of this field is 10000 characters.
  • To request previously added metadata, use the endpoint: /api/v1/scans/{SCAN_ID}/customer-metadata