Changelog
Follow up on the latest improvements and updates.
RSS
You can now view a full audit trail of key actions across your Intruder account, giving you greater visibility, accountability, and support for compliance requirements.
What’s new?
- Dedicated audit log –View a centralised log of important user and system actions across the platform.
- See who did what, and when –Each event includes the user, action taken, timestamp, and IP address for complete traceability.
- Built for teams –Improve collaboration and accountability when multiple users are managing your security posture.
See which actions are captured in the audit log here.
Why this matters
Previously, customers with multiple users had limited visibility into account activity, making it difficult to investigate changes or meet compliance requirements.
With audit logging, you now have the transparency needed to maintain trust, investigate issues, and support compliance-driven workflows.
You can find the audit log within your Settings.
Gain continuous visibility into vulnerabilities across your containerised workloads with our new agentless container scanning. Automatically scan container images hosted in AWS, GCP, and Azure with no additional setup required if you've already connected your cloud accounts.
What’s new?
- Zero-maintenance scanning –No agents to deploy or manage. We integrate directly with your cloud registries using your existing cloud connections.
- Intelligent tag-based targeting –Define tag rules (likeproduction,latest, orv*) to scan only the images that matter. We automatically scan the most recently pushed version matching each rule, reducing noise and focusing on what's actually running.
- Continuous threat detection –New images matching your rules are scanned immediately when pushed. Existing images are rechecked daily for newly disclosed CVEs, ensuring you're always aware of emerging threats.
- Actionable vulnerability insights –Every finding includes CVE details, CVSS severity ratings, information on whether fixes are available, and clear remediation guidance to help your team respond quickly.
Getting started
If you've already connected AWS, GCP, or Azure to Intruder, container scanning is ready to go:
- Head to Discovery and find the new Container images section
- Review automatically discovered container tags from your connected registries
- Create tag rules to define which images to monitor
- Start receiving vulnerability findings immediately
For more information on getting started, see our help guidance here
New to cloud integrations?
Click Add asset
in Discovery and connect your cloud account in minutes. Supported registries
- AWS Elastic Container Registry (ECR)
- GCP Artifact Registry
- Azure Container Registry
Licensing note
Each scanned container image and tag combination (e.g.,
api-service:production
) uses one infrastructure licence from your plan.Need more capacity? Add licences via your billing page or speak with your account admin.
Availability
Container image scanning is included in Cloud, Pro, and Enterprise plans
improved
Filter issues by comment status
The issues table now includes a comment status filter, so you can instantly cut through a long list and see only the issues that have - or haven't - been commented on.
What's new
- "Has comment" filter -A new filter option in the issues table which shows only issues with comments attached to the occurrences.
- Combines with existing filters -The comment filter works alongside all current filters so users can build precise views without losing their existing filter context.
- Live filtering -The occurrences list updates immediately when the filter is applied, with accurate counts reflecting the current selection.
Why it matters
You can already see at a glance which issues have comments via the icon in the table - but when you're working through a large set of issues, spotting what still needs attention isn't always easy. This filter lets you jump straight to the undocumented items, so nothing gets missed.
Scan reports can now include the full raw scanner output as an additional column in the CSV export. This gives technical teams direct access to the underlying data produced by each scan, without needing to use the API or extract it manually.
What's new
- Raw scanner output column - A new "Scanner output" column can be included in any CSV scan report, containing the complete raw data returned by the scanner for each finding.
- Optional inclusion via checkbox - A checkbox at the point of export allows you to choose whether to include raw output, keeping the default report experience unchanged.
- Row-level granularity - Each row in the exported CSV corresponds to an individual occurrence, preserving the full detail of the scan results.
How it works
- Navigate to "Reports"
- Select the "Download scan report"
- Choose the scan report you would like to download
- Check the "Include raw scan output" checkbox
Why it matters
Until now, the raw scanner output wasn't exportable without using the API. This change makes that data available directly from the report download, in a format that's immediately usable without additional workarounds.
You can now create and update scheduled scans directly through the public API, bringing scan scheduling in line with the rest of your automated workflows.
What's new
List and create schedules
- Use the new /api/v1/scans/schedules/
endpoint to retrieve your existing schedules or create new ones.Retrieve and update schedules
- Use /api/v1/scans/schedules/{id}/
to fetch or modify a specific schedule.Why it matters
For teams running automated security workflows, managing scan schedules through the portal creates an unnecessary manual step. These endpoints mean you can build, adjust, and maintain your scan schedules entirely through the API - keeping your setup consistent, repeatable, and fully under version control.
See the updated API Documentation here
Note: These endpoints support external and internal assessment schedules only. One-off assessments are not in scope for this release.
Your GregAI conversations are now automatically saved, so you can pick up exactly where you left off at any time. Whether you switch context, navigate elsewhere in the portal, or come back the next day, your chat history is waiting for you.
What's new
- Persistent chat history- Conversations are saved automatically as you go, with no manual action needed.
- Resume from anywhere- Navigate away from GregAI and return to the same thread without losing any context or previous insights.
Why it matters
Security investigations rarely happen in one sitting, and useful insights shouldn't disappear the moment you navigate away. With persistent history, GregAI becomes a genuine part of your ongoing workflow rather than a one-off tool - so the context you build up over time stays with you.
You can now view Cyber Hygiene Scores at the tag level, giving you more granular insight into your security posture across different parts of your estate.
What’s new?
- Cyber Hygiene by tag –See Cyber Hygiene Scores broken down by tag, so you can measure performance across teams, environments, or business units.
- Easier comparison across your estate –Quickly identify which areas are improving and which need attention, helping you prioritise remediation efforts more effectively.
- More relevant insights for your team –Focus on the assets that matter most to you by viewing scores aligned to your organisational structure.
Why this matters
Previously, Cyber Hygiene Scores were only available at the overall account level, making it difficult for larger teams to understand performance across different parts of their estate.
With tag-level visibility, you can now track progress more meaningfully, hold teams accountable, and demonstrate improvements with greater clarity.
This update makes Cyber Hygiene Scores more actionable for both enterprise teams managing complex environments and smaller teams focusing on specific systems.
The scan details page now gives you a clear, stage-by-stage view of exactly what your scan is doing as it runs. You get a live breakdown of each phase from preflight through to final report, with real-time updates as your scan moves forward.
What's new
Scan milestone tracker
- A step-by-step view of the full scan lifecycle, so you always know exactly where your scan is up to:- Preparing scan - Validating targets and configuring the scan
- Scanning targets - Actively scanning your attack surface
- Reviewing findings - Filtering noise and prioritising by risk
- Preparing results - Packaging clear, actionable findings for your report
Scan timing
- The milestone view also surfaces when the scan started and how long it has been running, giving you the full picture at a glance.
Why it matters
Long-running scans can be hard to keep tabs on, especially when you need to report back to a team or flag something to support. With milestone-based progress, you always have a clear answer to "where is this scan up to?" - which means less uncertainty during complex assessments and faster diagnosis if something needs attention.
You can now customize your Slack and Microsoft Teams notifications, giving you full control over which alerts are sent and when. This helps your team stay focused on what actually needs attention while reducing unnecessary noise.
What’s new?
- Customizable Slack and Teams alerts –Choose exactly which events trigger notifications, bringing the same level of control already available for email to your integrations.
- Severity-based notifications –Decide which issue levels you want to be alerted on (for example, critical only or high and above).
- Failure-only options –For scans such as Emerging Threat Scans, you can now choose to be notified only when a new vulnerability is discovered.
Why this matters
Previously, Slack and Teams integrations sent every notification by default, which could overwhelm channels with low-signal updates.
With custom notification settings, you can tailor alerts to your team’s needs, keeping communication channels clean, relevant, and actionable.
You can now snooze multiple occurrences of the same issue in one action, making it much faster to manage high-volume findings without losing visibility of future risks.
What’s new?
- Bulk snooze occurrences -Select multiple occurrences within the same issue and snooze them together in a single action.
- One reason, applied once –Provide a single snooze reason and duration that applies to all selected occurrences, removing repetitive 1-by-1 workflows.
- Future occurrences stay visible –Only the selected occurrences are snoozed. Any new occurrences detected in future will still appear as expected.
How it works
- Open an issue on the issues page that contains multiple occurrences.
- Select occurrences individually using the checkboxes, or use the top-left checkbox to select all.
- Click the Snooze action in the top-right of the occurrence list.
- Choose a snooze reason and duration, and optionally add your own additional context.
- Confirm the action - all selected occurrences will be snoozed and moved to the Snoozed section.
Only the occurrences you select will be snoozed. Any new occurrences for the same issue will continue to appear, ensuring you don’t miss emerging risks.
Load More
→