Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion changelog.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,29 @@ description: "New features, improvements, and fixes to the Hacktron platform."
rss: true
---

{/* CHANGELOG:INSERT last-prod-sha=fbbbf5cf881c716c00a469e53524fdbbecbb46fd - the changelog workflow inserts new <Update> blocks directly below this line. Do not remove this marker. */}
{/* CHANGELOG:INSERT last-prod-sha=ae06975838cf55342ddb4a17c8ae26a0a5837e10 - the changelog workflow inserts new <Update> blocks directly below this line. Do not remove this marker. */}

<Update label="July 11, 2026" tags={["Whitebox","Code Review","Integrations","API"]}>
## See every taint step and export findings your way

**Interactive taint trace reader**: The finding detail view now shows an annotated, step-by-step code reader for taint traces. You can jump between source, propagation, and sink steps, see highlighted ranges in the exact file, and navigate up or down through each step without leaving the page.

**Findings export on the findings page**: The findings list now has a CSV, SARIF, and JSON export button that honors your active filters, so you can export exactly the findings you are looking at into your own tooling or ticketing system.

**Findings export via the REST API**: A new `GET /rest/findings/export` endpoint lets you pull approved findings as CSV, SARIF, or JSON over an API key. You can scope it to a single repository with the `repo_url` filter and combine it with the existing severity, state, and date filters.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the public API path for findings export

When users follow the API reference linked from this changelog, this advertises GET /rest/findings/export, but the public API docs define https://api.hacktron.ai/v1 as the base URL and the checked OpenAPI spec has no /rest/findings/export path, only /findings and /scans/{id}/findings/export. This would lead readers to call https://api.hacktron.ai/v1/rest/findings/export, which is inconsistent with the documented public API; please either publish the endpoint in the OpenAPI/docs or change the changelog to the public path.

Useful? React with 👍 / 👎.


**Model tier selection**: The cost estimation step now shows a Default / Legacy model picker. Your choice is saved with the scan and used when the scan starts, so you can trade off depth against cost before committing.

**Bitbucket automatic PR scans**: Bitbucket is back as a fully working integration. Connect your Bitbucket workspace, activate repositories, and Hacktron will scan pull requests automatically, the same way it does for GitHub and GitLab.

**Author and label filters in repo config**: `.hacktron/config.yaml` now supports `skip.authors`, `include.authors`, and `include.labels` so you can exclude specific committers or restrict scans to PRs with particular labels. Exclusions always win over includes.

**GitHub inline comments for no-line findings**: When a finding has no associated line number, Hacktron now posts a file-level comment on the GitHub pull request instead of silently skipping the annotation. Nothing gets lost.

**Mark Resolved from Slack**: The finding Work Object overflow menu in Slack now includes a "Mark Resolved" action alongside the existing Mark Valid / Mark False Positive / Mark Accepted Risk options.

**[Read the API reference →](/api-reference/introduction)** · **[Set up GitLab →](/platform/repositories/gitlab)** · **[Connect Slack →](/platform/communication-apps/slack)**
</Update>

<Update label="June 23, 2026" tags={["Context","Code Review","Whitebox","Integrations","MCP"]}>
## A new Context page for your repositories, applications, and threat models
Expand Down