Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion changelog.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,29 @@ description: "New features, improvements, and fixes to the Hacktron platform."
rss: true
---

{/* CHANGELOG:INSERT last-prod-sha=fbbbf5cf881c716c00a469e53524fdbbecbb46fd - the changelog workflow inserts new <Update> blocks directly below this line. Do not remove this marker. */}
{/* CHANGELOG:INSERT last-prod-sha=df2c8ebd8a794625c913f722090c5e6777cb8d38 - the changelog workflow inserts new <Update> blocks directly below this line. Do not remove this marker. */}

<Update label="July 15, 2026" tags={["Whitebox","Code Review","Integrations","API"]}>
## Walk a taint trace, export your findings, and scan Bitbucket PRs

**Interactive taint trace reader**: Taint findings now open an annotated code view where you can step through each source, propagation, and sink in sequence. Click any step in the sidebar to jump directly to that line in the file.

**Findings export**: Download your findings as CSV, JSON, or SARIF directly from the findings page, filtered to exactly what is currently visible. The export respects all active filters - severity, status, scan, and repository.

**Findings export API**: A new API endpoint (`GET /rest/findings/export`) lets you pull findings programmatically in CSV, JSON, or SARIF, with the same filter options available in the UI including scoping by repository.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the public export endpoint path

This advertises GET /rest/findings/export, but the public API docs define endpoints relative to https://api.hacktron.ai/v1 and the OpenAPI path is /findings/export (api-reference/introduction.mdx:10-16, openapi.json:544). In the public API context, readers will try /v1/rest/findings/export, which is not one of the documented REST paths; the changelog should point to GET /findings/export or the full public URL instead.

Useful? React with 👍 / 👎.


**Bitbucket PR scanning**: Connect a Bitbucket workspace and Hacktron will automatically scan pull requests, the same way it does for GitHub and GitLab.

**Model tier selection for scans**: When starting a whitebox scan, you can now choose between the Default and Legacy model tiers before committing to a cost estimate.

**PR filter rules for authors and labels**: Your `.hacktron/config.yaml` now supports `skip.authors` and `include.authors` to exclude or restrict scans by PR author, and `include.labels` to trigger scans only on labeled pull requests.

**GitHub file-level comments for line-agnostic findings**: Findings with no specific line number now post as file-level comments on the GitHub pull request instead of being silently dropped.

**Mark Resolved from Slack**: The finding Work Object overflow menu in Slack now includes a Mark Resolved action alongside the existing triage options.

**[Read the API reference →](/api-reference/findings/list-findings)** · **[Set up GitLab →](/platform/repositories/gitlab)** · **[Connect Slack →](/platform/communication-apps/slack)**
</Update>

<Update label="June 23, 2026" tags={["Context","Code Review","Whitebox","Integrations","MCP"]}>
## A new Context page for your repositories, applications, and threat models
Expand Down