Cycle 20250421

Last updated: May 12, 2025

New Features

  • Slack Integration

    • Fully interactive Slack modal for the /p0 allow command, featuring reusable input blocks (including DateTime and duration fields) and optimistic pre-population of form data to speed workflows

    • Backend handlers for rendering and processing the modal, complete with end-to-end unit tests

    • Automated notifications to requestors and approvers prior to evidence expiry

  • Okta Security Assessments

    • End-to-end workflow for Okta assessments: from data collection to report generation, streamlining periodic security reviews

  • Findings Export Across Projects

    • Single-click export of detailed findings spanning all projects, enabling comprehensive off-platform analysis and reporting

  • Enhanced Graph Visualization Controls

    • Added pan, recenter, and zoom controls to the permission graph viewer for smoother navigation of complex relationships

  • Resource Inventory Type

    • Introduced a new “Resource” category in the inventory, allowing finer classification and improved searchability of assets

  • Custom Resource API & Routing Engine

    • New API endpoints and routing-rule engine for user-defined resource types, offering complete flexibility in how bespoke assets are handled

  • AWS Trust Policy Monitor

    • Real-time monitoring of AWS IAM roles to flag any trust policy that grants unrestricted root access, bolstering your security and compliance posture

Enhancements

  • Microsoft Teams Notifications

    • Clarified error messaging and expanded help text for Teams alerts, making troubleshooting more intuitive

  • Web Request Submission Flow

    • Improved handling of submission responses in the P0 web-request form to surface backend errors directly in the UI for faster issue resolution

  • Modal Context Integrity

    • Ensured that all modal submission handlers receive the full request context, eliminating race conditions and data inconsistencies

Bug Fixes

  • Surfaced backend error messages during web-modal submissions for clearer user feedback

  • Prevented the CLI from crashing when configuration is missing; now prompts users to initialize instead of failing silently

  • Fixed parsing and saving of requested durations in Microsoft Teams workflows

  • Removed an extra, spurious node in lateral-movement paths within attack graphs

  • Restored the missing attack-path visualization in the sidebar

  • Eliminated “ghost” entries appearing in the query builder when in “staged” mode

  • Corrected identity-node label formatting in graph visualizations

  • Restored the ability to select cells on the Posture page table

  • Prevented the findings drawer from re-opening unexpectedly when typing in the ignore box

  • Ensured slash-command replies include the full output for requestors

  • Added newly generated permission sets back into the request-history list

  • Hid AWS accounts without inventory agents from the resource-request dropdown

  • Properly escaped dots in the OpenID domain regex to support multi-segment domains

Security Improvements

  • Remediated flagged issues in external audit tooling to maintain compliance standards

  • Patched a high-severity shell-injection vulnerability identified by static analysis, reinforcing overall system security

Maintenance & Technical Updates

  • Platform Dependencies

    • Upgraded to Node.js 20.x and updated the Azure MSAL package to the latest stable release for performance and security gains

  • Codebase Cleanup

    • Removed deprecated feature flags and obsolete code paths to streamline maintenance and reduce technical debt

  • Audit Logging Enhancements

    • Enriched routing-rule audit events with both identifiers and descriptive metadata for improved traceability