Web App Scanning: Export Scan Configuration for CI/CD

A new endpoint has been added to the Tenable Web App Scanning API that enables users to export a WAS scan configuration file for use with the new CI/CD (continuous integration / continuous delivery) scanning integration. You can integrate Tenable WAS Docker images with GitHub, GitLab, Jenkins, CircleCI, or Bamboo to scan builds and prevent vulnerabilities before your code and applications are deployed. For more information, see CI/CD Application Scan Overview in the Tenable Web App Scanning User Guide.


Vulnerability Management: Relocate Open Port Findings Enablement

On February 20, 2024, the Relocate Open Port Findings setting will be enabled for all customers that have not yet opted in. This change streamlines how Tenable Vulnerability Management handles open ports. Enabling this setting moves open port findings to the asset level and adds new filters and tags.


Vulnerability Management: Activity Log Improvements

Tenable has made several improvements to the View activity log endpoint that enables users to have more granular control when searching activity logs.


Vulnerability Management: New Parameter for Open Port Findings in Asset Exports

A new boolean body parameter is now available for the Tenable Vulnerability Management Export assets endpoint that enables customers to include or exclude open port findings from info-level plugins. The new parameter is include_open_ports. If the new parameter is omitted, Tenable Vulnerability Management uses a default value of false to exclude open port findings from the asset export.


Vulnerability Management: Permissions Update for Import Assets

The user permissions requirement for the Import assets endpoint has been reduced from ADMINISTRATOR [64] to SCAN MANAGER [40]. For more information about permissions and roles, see Permissions.


Vulnerability Management: FQDNs in Asset Responses

On January 4, 2024, Tenable Vulnerability Management will change how it processes fully qualified domain names (FQDNs) for assets. All FQDNs will be normalized to lowercase and then the duplicates will be merged.


Vulnerability Management: New Upload Credentials File Endpoint Parameter

Tenable has added the query parameter fileType to the Tenable Vulnerability Management Upload credentials file endpoint.


Vulnerability Management: Decommissioning of Legacy Domain for Mainland China

Tenable has deployed a new Tenable Vulnerability Management host URL - - along with the Cloudflare China Network, which provides Tenable with better visibility for troubleshooting and monitoring purposes. The legacy host URL for sensors in mainland China - - will be deprecated on January 31, 2024.


Vulnerability Management: New Report Endpoints

Documentation is now available for new report endpoints. The new endpoints enable customers to programmatically generate reports of vulnerabilities affecting their assets. The reports are generated in PDF format. You can use the following templates when generating a report:


Vulnerability Management: Asset Export Open Port Findings for Info-level Plugins

On December 5, 2023, customers that enabled the Relocate Open Port Findings setting in the user interface will begin to see open port data for info-level findings in their asset export data.