Release on August 6, 2024
Enhancements
Schedule Discoveries: Bright now allows users to automate the timing and frequency of discoveries, with three available options:
- Run a Discovery immediately
- Schedule a one-time scan for a specific date and time
- Set up recurrent scans to run at regular intervals
Previously, it was allowed to run a Discovery immediately only.
Email One-Time Password - Bright now supports Email One-Time Passwords (OTP), allowing automatic authentication for users within the tested applications.
Multiple One-Time Passwords - add several OTPs within one authentication object. Users are allowed to create up to five OTPs at once.
Also, now it’s possible to rename an OTP by opening the OTP settings:
The new version of Bright-CLI (12.2.0) -
- Repeater proxy changes:
- Renamed existing flags (
proxy-internal
andproxy-external
) to reduce confusion about their functionality:
Renameproxy-internal
toproxy-target
.
Renameproxy-external
toproxy-bright
. - Add a new
proxy-domains
optional flag - can be used with eitherproxy-target
orproxy
. Accepts a comma-separated list of domains to be proxied. Domains not in the list will not be proxied.
- Renamed existing flags (
- Run a scan with projects Entrypoints - Added support for running scans with project-level Entrypoints via the CLI. There are two new options available:
- Users can request a list of Entrypoint IDs to run the scan on specific Entrypoints.
- Example:
bright-cli scan:run --entrypoint <entrypoint_id1> <entrypoint_id2> <entrypoint_id3>
- Example:
- If a project is specified and the --entrypoint flag is added without specifying Entrypoint IDs, the scan will run on the first 2000 project-level Entrypoints.
- Example:
bright-cli scan:run --project <PROJECT_ID> --entrypoint
- Example:
- Users can request a list of Entrypoint IDs to run the scan on specific Entrypoints.
ARIA selector support - Bright now supports ARIA selectors for Manual Browser-based authentication flow and Recorded Browser-Based Authentication flow for finding the elements on the page.
ARIA is a set of attributes that can be added to HTML elements that define ways to make web content and applications accessible to users with disabilities who use assistive technologies.
Previously, Bright web app could only interact with text or CSS selectors.
For example, to specify the element using Manual Browser-Based Authentication, type the following in the Auth flow settings:
- Type:
text input
- Name:
aria/Email
- Value:
admin
For those who use the Recorded Browser-Based Authentication flow, the transition will be completely seamless and won’t require any action.
Rendering the HTML DOM of the authentication object's page - Bright now displays the page's rendered HTML code in Browser-Based Authentication flows, enhancing the ability to debug non-working authentication objects, particularly in SPA applications. Additionally, functionality to copy the rendered HTML DOM data has been added for easier analysis and troubleshooting.
Integrate Snyk projects in a bulk action - now users can select multiple items without saving progress after each added project.
Add workstation parameter - Bright IDE Extension now allows developers to add their unique workstation names. These names can be configured in the extension settings. If empty, the hostname will be saved as a workstation ID.
To enter the settings, open the Command Palette by Command + Shift + P
from macOS or Control + Shift + P
for Windows, then type bright in the search bar to filter the fields.
Save Repeaters information after disconnect - now the information about a Repeater (version, description, etc) will be saved in the Bright web app even if the connection is lost.