Product Updates

Aptori now delivers comprehensive vulnerability mapping across a broad range of industry standards, compliance frameworks, and attack taxonomies—helping security and compliance teams prioritize remediation, accelerate audits, and understand threat context more effectively. With this enhancement, every reported issue is automatically mapped to the most relevant frameworks, offering deeper insight into both technical risk and regulatory impact.

The new Policy Editor enables users to create, manage, and apply custom security policies using the Rego policy language. These policies extend the power of the Aptori Sift engine by allowing organizations to define rules tailored to their specific security, compliance, or coding standards.

Aptori now supports integration with multiple Jira servers, enabling organizations to manage cross-team and multi-instance workflows more effectively.

Aptori now integrates  EPSS Version 4 (Exploit Prediction Scoring System) to deliver smarter, data-driven vulnerability prioritization. Each issue is dynamically updated with the latest EPSS scores,

Aptori now supports a new issue status called "Fix Not Available". This status is designed for scenarios where a vulnerability or issue has been confirmed, but no viable fix currently exists—such as third-party dependency limitations or architectural constraints.

The Aptori UI now supports configuration file downloads using the Sift Version 2 schema

The new Configurable Data Retention feature gives administrators control over how long Aptori scan results are retained.

The new Generator Sets feature allows users to define global, reusable variables that automatically populate matching fields across all tests.

Aptori now supports automated export of scan results in the GitLab DAST (Dynamic Application Security Testing)report format,

The Search Bar now supports search across all Assets, making it easier to find and manage specific assets in large environments.

The Python SDK has been expanded to include new functions for managing Users, Groups, and Report generation

new findBy API endpoint has been introduced to simplify searching for Assets, Projects, or Groups

The Projects page has been redesigned with a streamlined table layout that improves clarity and navigation.

Users can now create and assign custom labels to Assets, Projects, and Groups.

Leverage the OSV-Scanner to detect vulnerabilities in your project's dependencies.

The Infrastructure as Code (IaC) scanner analyzes code that defines and manages IT infrastructure to detect security vulnerabilities, misconfigurations, and compliance issues before the infrastructure is provisioned.

AWS vulnerability scanning helps you easily detect and mitigate vulnerabilities within your cloud infrastructure.

Achieve visibility of your AWS infrastructure with automated scans designed to minimize your attack surface and prioritize issues for efficient resolution.

A new Inspections feature in Aptori-Sift empowers you to craft test cases tailored to your application's unique business logic, simplifying the process of validating custom policies that address specific aspects of your application.

The Exploit Prediction Scoring System (EPSS) is an approach to predict the likelihood of a given vulnerability being exploited in the wild. Produced by the Forum of Incident Response and Security Teams (FIRST), EPSS employs a data-driven, probabilistic model that estimates the risk of exploitation within 30 days. This system uses a combination of vulnerability characteristics and real-world data to provide a dynamic score, offering a more nuanced and responsive measure than static vulnerability assessments. 

Aptori now includes integrations with industry-leading application security scanners for Software Composition Analysis (SCA), Dependency Checks, Secrets Detection, Container Scanning, and Static Application Security Testing,

Aptori's Sift, an API security testing tool, can autonomously generate and execute test cases to confirm the effectiveness of an authorization policy. Sift ensures comprehensive testing of all possible scenarios involving creators, actors, actions, and entities, handling anything from 10 to thousands of test cases, all completed swiftly within seconds.