Changelog
Follow up on the latest improvements and updates.
RSS
Reliably target the right container image, even when your tags don't follow a single naming convention.
What's new
- Define which image tag a target follows using a regular expression
- Match production images across repositories with mixed or non-standard tag conventions
- Keep dynamic targeting — the target automatically follows the matching tag as new versions are pushed
Why this matters
Not every team tags container images the same way — some use semantic versions, some add suffixes like
-dev
, and some use neither. Exact-match and semver rules can't cover those mixed cases, which means the wrong image can end up in scope. With regex tag matching, you can describe your own tag pattern and consistently resolve the correct production image, even across repositories that don't share a convention.
Getting started
When setting up or editing a container image target, choose the regex option for your tag rule and enter your pattern. You can find out more about adding container images in our support documentation here.
See everything exposed across your perimeter — every monitored port, the service running on it, and what needs your attention — in one place.
What's new
- View a single list of every exposed port across your targets, with the service and software version behind each one
- See a screenshot of every exposed web service, so you can tell a forgotten admin panel from an intended login at a glance
- Search and filter by port, service, or product to find every target running it in seconds
- Filter by host status or certificate expiry to surface newly appeared services or certs about to lapse
- Available now on Cloud and Pro, with port coverage scaling by plan
Why this matters
The exposures that cause incidents are rarely the ones you already know about — it's the forgotten admin panel, the database that was never meant to be reachable, or the legacy service nobody owns. Attack Surface view puts your whole internet-facing perimeter in front of you, so you can take what's unnecessary offline and lock down what needs to stay. Reduce what's exposed today and you're harder to attack tomorrow.
Getting started
See the Attack Surface in the left nav of your portal to see what's exposed across your targets.
Your open Intruder issues now flow straight into Vanta, so your vulnerability evidence stays current without manual uploads.
What's new
- Sync your open occurrences directly into Vanta's vulnerability inventory, alongside the reports you already upload
- Resolved or snoozed issues drop off automatically on the next sync — no manual cleanup in Vanta
- Snapshots refresh as your data changes: when a re-scan confirms a fix, or you add or remove targets
- Available to all customers who connect Intruder with Vanta
Why this matters
Keeping Vanta's view of your vulnerabilities up to date used to mean uploading reports by hand. Now your live issues sync across on their own, so your compliance evidence reflects what Intruder is actually seeing — without the busywork. Less to maintain, and a more accurate picture for auditors.
Getting started
Already connected to Vanta? Disconnect and reconnect the integration in your portal to switch sync on — this is needed for Vanta to grant the new permission. New connections have it on by default. Find the Vanta integration on the Integrations page.
improved
CSV export for open issues
You can now export open issues into CSV directly from the issues page.
What's new
- Export open issues to CSV using the new export button on the issues page
- Download includes all current issue data specific to the filters selected
Why this matters
Until now, you could only export fixed or snoozed issues. With this update, you can pull your open issues into a CSV and report on active risk.
Getting started
Head to the Issues page and click the export button next to the Sort control to download your open issues as a CSV.
Use Intruder's AI pentesting agents to actively test your issues using the similar methods employed by human pentesters and get recommendations grounded in real-world risk and context.
What's new?
- AI-driven issue investigation —Select one or more occurrences to run a pentest on and let the agent do the hard work. It will confirm whether an occurrence is real, flag false positives, and recommend a severity increase or decrease based on what it actually finds.
- Full agent transparency —For each investigation, the agent produces a summary, detailed findings, and a full transcript of every step it took, including the exact requests sent, responses received, and the reasoning behind each conclusion.
- Safe, targeted testing —The agent probes individual findings from your vulnerability scans. No data is altered or destroyed during the process, and no additional agent deployment is required for internet-exposed targets.
- Monthly credits included —Each occurrence investigation uses one credit, allocated monthly: 5 on Cloud, 10 on Pro, and 50 on Enterprise.
Why this matters
Traditional vulnerability scanners are rule-based and can't reason about context — they tell you a finding exists, but not whether it's truly exploitable. Manual pentests can, but they're slow and expensive.
AI pentesting closes that gap: the agent reasons about each finding the way a human pentester would, so you get exploitation-grade insight in minutes rather than weeks — with no manual engagement needed.
You can now view a full audit trail of key actions across your Intruder account, giving you greater visibility, accountability, and support for compliance requirements.
What’s new?
- Dedicated audit log –View a centralised log of important user and system actions across the platform.
- See who did what, and when –Each event includes the user, action taken, timestamp, and IP address for complete traceability.
- Built for teams –Improve collaboration and accountability when multiple users are managing your security posture.
See which actions are captured in the audit log here.
Why this matters
Previously, customers with multiple users had limited visibility into account activity, making it difficult to investigate changes or meet compliance requirements.
With audit logging, you now have the transparency needed to maintain trust, investigate issues, and support compliance-driven workflows.
You can find the audit log within your Settings.
Gain continuous visibility into vulnerabilities across your containerised workloads with our new agentless container scanning. Automatically scan container images hosted in AWS, GCP, and Azure with no additional setup required if you've already connected your cloud accounts.
What’s new?
- Zero-maintenance scanning –No agents to deploy or manage. We integrate directly with your cloud registries using your existing cloud connections.
- Intelligent tag-based targeting –Define tag rules (likeproduction,latest, orv*) to scan only the images that matter. We automatically scan the most recently pushed version matching each rule, reducing noise and focusing on what's actually running.
- Continuous threat detection –New images matching your rules are scanned immediately when pushed. Existing images are rechecked daily for newly disclosed CVEs, ensuring you're always aware of emerging threats.
- Actionable vulnerability insights –Every finding includes CVE details, CVSS severity ratings, information on whether fixes are available, and clear remediation guidance to help your team respond quickly.
Getting started
If you've already connected AWS, GCP, or Azure to Intruder, container scanning is ready to go:
- Head to Discovery and find the new Container images section
- Review automatically discovered container tags from your connected registries
- Create tag rules to define which images to monitor
- Start receiving vulnerability findings immediately
For more information on getting started, see our help guidance here
New to cloud integrations?
Click Add asset
in Discovery and connect your cloud account in minutes. Supported registries
- AWS Elastic Container Registry (ECR)
- GCP Artifact Registry
- Azure Container Registry
Licensing note
Each scanned container image and tag combination (e.g.,
api-service:production
) uses one infrastructure licence from your plan.Need more capacity? Add licences via your billing page or speak with your account admin.
Availability
Container image scanning is included in Cloud, Pro, and Enterprise plans
improved
Filter issues by comment status
The issues table now includes a comment status filter, so you can instantly cut through a long list and see only the issues that have - or haven't - been commented on.
What's new
- "Has comment" filter -A new filter option in the issues table which shows only issues with comments attached to the occurrences.
- Combines with existing filters -The comment filter works alongside all current filters so users can build precise views without losing their existing filter context.
- Live filtering -The occurrences list updates immediately when the filter is applied, with accurate counts reflecting the current selection.
Why it matters
You can already see at a glance which issues have comments via the icon in the table - but when you're working through a large set of issues, spotting what still needs attention isn't always easy. This filter lets you jump straight to the undocumented items, so nothing gets missed.
Scan reports can now include the full raw scanner output as an additional column in the CSV export. This gives technical teams direct access to the underlying data produced by each scan, without needing to use the API or extract it manually.
What's new
- Raw scanner output column - A new "Scanner output" column can be included in any CSV scan report, containing the complete raw data returned by the scanner for each finding.
- Optional inclusion via checkbox - A checkbox at the point of export allows you to choose whether to include raw output, keeping the default report experience unchanged.
- Row-level granularity - Each row in the exported CSV corresponds to an individual occurrence, preserving the full detail of the scan results.
How it works
- Navigate to "Reports"
- Select the "Download scan report"
- Choose the scan report you would like to download
- Check the "Include raw scan output" checkbox
Why it matters
Until now, the raw scanner output wasn't exportable without using the API. This change makes that data available directly from the report download, in a format that's immediately usable without additional workarounds.
You can now create and update scheduled scans directly through the public API, bringing scan scheduling in line with the rest of your automated workflows.
What's new
List and create schedules
- Use the new /api/v1/scans/schedules/
endpoint to retrieve your existing schedules or create new ones.Retrieve and update schedules
- Use /api/v1/scans/schedules/{id}/
to fetch or modify a specific schedule.Why it matters
For teams running automated security workflows, managing scan schedules through the portal creates an unnecessary manual step. These endpoints mean you can build, adjust, and maintain your scan schedules entirely through the API - keeping your setup consistent, repeatable, and fully under version control.
See the updated API Documentation here
Note: These endpoints support external and internal assessment schedules only. One-off assessments are not in scope for this release.
Load More
→