24th May — 9th June
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Integrations | Enhanced Imperva WAF integration with Custom Blocking Support | SaaS | Traceable now supports Custom Signature-based and User-based blocking through the Imperva WAF integration. For more information, see Imperva Integration. |
Catalog | Schema Drift Detection Across API Spec Components | SaaS and On-prem (1.25) | Conformance Analysis now detects mismatches across all parts of your API specifications, including request and response bodies, headers, and parameters. This enhancement helps you identify undocumented, shadow, or orphan endpoints by comparing live traffic against your API specifications, providing security and development teams deeper visibility into API drift. For more information, see Conformance Analysis. |
Protection | Enhanced WAAP Dashboards and Security Events Explorer | SaaS | The Security Events are now accessible under the Protection module in the Traceable platform, providing different perspectives on investigating threats. The Threat Requests tab shows spans that triggered one or more detection rules, while the Rule Triggers tab shows each detection rule and the matching spans. These improvements provide more flexible and focused ways of analyzing malicious activity across APIs. |
Testing | Support for Scanning SOAP APIs | SaaS and On-prem (1.25) | Traceable now supports Live and Replay AST scans on SOAP APIs. During scanning, Traceable parses the XML request and response bodies and uses updated plugins to detect vulnerabilities in SOAP traffic, extending testing coverage beyond REST APIs. |
10th May — 23rd May
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Integrations | Akamai Integration with Network List Support | SaaS | Traceable now supports the use of Network List IDs in the Akamai integration, enabling categorized and scalable IP and threat actor blocking. You can manage all blocked entries through a single, reusable network list in Akamai for easier policy updates and streamlined enforcement. For more information, see Akamai Integration. |
Protection | Known Bots (Traceable-Categorized Bots) | SaaS | Traceable now categorizes and identifies known internet bots, such as search engine crawlers or malicious scrapers, under the Known Bots view. This enables you to monitor their activity across APIs and take the necessary actions. |
Protection | Role and Scope Configuration for BFLA Detection (Security Scheme) | SaaS | Traceable now supports configuration of user roles and scopes to enhance BFLA (Broken Function Level Authorization) detection. You can leverage Traceable’s auto learned role-scope mappings or define configurations manually to detect unauthorized access patterns and protect your application against misuse. For more information, see Security Scheme. |
18th April — 9th May
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Catalog | Annotating Issue Status Changes | SaaS and On-prem (1.23) | Traceable now allows you to add comments while changing an issue's status. These comments are automatically highlighted in the Status log, providing context for the update and creating an audit trail. This helps improve collaboration and accountability during issue resolution. For more information, see Issue Management. |
27th March — 17th April
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Catalog | WSDL Specification Support | SaaS and On-prem (1.22) | Traceable now supports uploading WSDL API specifications for SOAP endpoints. Traceable automatically detects any mismatches between the uploaded documentation and observed traffic. This helps ensure that the SOAP APIs are behaving as expected, reducing security issues, and simplifying compliance. |
Catalog | Redesigned Issues Page | SaaS and On-prem (1.22) | Traceable introduces a redesigned Issues page that provides a centralized view of issues detected across sources (Live Traffic, Compliance, and AST). The enhanced filtering, grouping, and download options help you easily identify, analyze, and work towards remediation of high-impact findings. For more information, see Issues Overview and Issue Management. |
Catalog | Change Insights Report | SaaS and On-prem (1.22) | Traceable now offers a Change Insights reporting template that highlights newly discovered APIs and Issues over the past 7, 30, or 90 days. This helps you monitor changes in your API posture, track new and emerging issues, and prioritize security reviews. These changes are accessible under the Reports section. |
Protection | Bot Protection Dashboard | SaaS | Traceable now provides a Bot Protection dashboard offering a high-level view of malicious bot activity across your APIs. This helps you quickly identify abnormal patterns, prioritize threats, and make informed decisions. For more information, see Bot Protection Dashboard. |
27th February — 26th March
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Integrations | mTLS Support for Jira | SaaS and On-prem (1.21) | Traceable now supports mTLS integration with Jira using server certificates instead of root certificates. The Traceable Customer Success team can provide these server certificates to you, and you can upload them directly to your Jira server for a secure connection. For more information, see mTLS support for Jira Data Center. |
Catalog | Customizable Issue Policies | SaaS and On-prem (1.21) | Traceable now allows you to adjust the scope, severity, and rules for Issue (Vulnerability and Compliance) Policies. This helps you align Traceable’s findings with your internal policies, reduce unnecessary alerts, and better manage your API security. For more information, see Issue Policies. |
Protection | WAAP Detection Policies | SaaS and On-prem (1.21) | Traceable now offers an improved user experience and more detailed controls for Protection policies, with categorization into Web Application Protection, API Protection, and Custom Policies. For more information, see Policies. |
5th February — 26th February
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Catalog | WebSocket API support | SaaS and On-prem (1.20) | Traceable now supports WebSocket API endpoints. These APIs are visible in the Inventory page under Catalog. For more information, see API Endpoints. |
User Attribution Rule Preview | SaaS and On-prem (1.20) | Traceable now provides a live preview of the user attribution rule based on your configured attributes. This feature guides you through the process of rule configuration and allows you to validate them. Using this feature, you can ensure accurate user attribution through the multiple stages of the configuration. For more information, see User Attribution. |
9th January — 4th February
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
Catalog | WSDL specification support | SaaS and On-prem (1.19) | Traceable now generates WSDL (Web Services Description Language) API specifications for SOAP APIs. The generated WSDL specs can be viewed on the API overview page. For more information, see API Endpoints and Endpoint Details. |
Compliance policy | SaaS and On-prem (1.19) | Traceable now auto-resolves Compliance Issues if it is not seen for the last 14 days in a row. All such issues will be marked as "Fixed". For more information, see Issue Resolution. | |
Parameters | SaaS and On-prem | The Parameters page (formerly API DNA) has been redesigned to emphasize data sensitivity, datasets, data types, and parameter details, including mandatory status. Users can now create data classification rules directly from this page for enhanced control. For more information, see Parameters. | |
Boards | Dashboard and reporting | SaaS | Traceable introduces customizable home dashboards and the ability to create custom dashboards tailored to specific use cases. Users can build dashboards using Traceable data sources, including Catalogs, Issues, Threat Activity, and more. Create data widgets and add them to custom dashboards for a personalized view of security insights. Additionally, custom dashboards can be scheduled for automated email delivery as reports, ensuring users stay updated with the latest security data. For more information, see Boards. |
1st December 2024 - 15th January
Product Area | Feature | Deployment Type (SaaS, On-prem, Both) | Description |
|---|---|---|---|
API Catalog | User attribution | SaaS | The improved and simplified user experience enables Traceable users to configure user attribution rules to extract user ID, user role, auth types, and other user-related identifiers for better cataloging and threat protection use cases. For more information, see User attribution. |
Parameters | SaaS | The Parameters page (formerly API DNA) has been redesigned to emphasize data sensitivity, datasets, data types, and parameter details, including mandatory status. Users can now create data classification rules directly from this page for enhanced control. For more information, see Parameters. | |
AST | Mutations and assertions | SaaS and On-prem | Custom Overrides for Vulnerability detections allow users to update the plugin logic according to their organizational needs without creating a custom plugin/ logic. For more information, see Mutations and assertions. |
Protection | Exclusion rules | SaaS and On-prem | Traceable now supports Detection Exclusion Policies, allowing you to configure rules to exclude specific API requests from alerting, blocking, or allowing actions. This provides greater flexibility in managing API security. For more information, see Exclusions. |
Teams and Roles | RBAC | SaaS | Traceable's Role-Based Access Control (RBAC) now includes custom roles, offering enhanced flexibility in user management. This feature allows organizations to define roles tailored to their specific operational needs, ensuring precise access control and promoting secure collaboration across teams. For more information, see RBAC. |
Integrations | ServiceNow ITSM | SaaS and On-prem | ServiceNow ITSM integration lets you create ServiceNow ITSM tickets for Vulnerabilities, threat events, and attacks detected by the Traceable Platform. For more information, see ServiceNow ITSM integration. |