Release Notes v41-v100

19 Aug 2022

The primary location for Sophos Factory release notes is moving to this Community site. For posterity, we are posting all historical release notes from v100 back.

v100, 1/18/22

Added a Run button to the pipeline designer page when viewing a catalog pipeline.
Added a feature to pin jobs to the top of the job list page.
Added text search to more API list endpoints and list pages - projects, jobs, and credentials.
Added several presets to incoming webhook jobs. Presets make it easier to configure webhooks for specific external providers. Presets are available for GitHub, GitLab, Bitbucket, and Terraform Run Tasks webhook types.
Improved the styling of the project image uploads list page.
Various minor UI improvements

Runner Agent v1.105.18

Fixed an issue in the CIS-CAT module where the Report Directory and Report Prefix properties were being ignored.
Fixed an issue where passwords in the Git Clone module were not being properly escaped.

v99.4, 12/20/21

Increased max request body size to 4MB in all API servers.

v99.3, 12/15/21

Fixed an issue where scheduled jobs were sometimes calculating timezone offsets incorrectly.
Fixed several incorrect timezone offsets in the scheduled job timezone options.
Improved the display of loading placeholders in the application.

v99.2, 12/13/21

Fixed a bug where expressions were failing validation for CIS-CAT tool installer version.
Fixed a bug where the Create Runner dialog did not have a default type selected when opened.
Minor changes to notification emails.

v99.1, 12/9/21

Runner Agent v1.104.0

Fixed a bug where the HTTP Request module was improperly formatting request bodies.

v99, 12/8/21

Product Changes

Product name has changed to Sophos Factory. The current product name will remain in some places, such as the refactr.it domain, and these will be updated in the near future.
Branding and colors have been updated in the application.
Terms of service and privacy policy have been updated.
Public pipeline catalogs are now governed by separate terms. Catalog terms must be accepted from the application before publishing a public pipeline catalog.

Other Changes

The platform hosting has changed from Microsoft Azure to Amazon Web Services.
- This change will be seamless for the application, however it means that runners will now be created as EC2 instances, which may have some implications for pipelines. The runner operating system is not changing from CentOS 8.x.
- IP addresses for *.refactr.it platform DNS names are changing. DNS records are changing from A to CNAME for the following public subdomains:
  - app.refactr.it
  - api.refactr.it
  - hooks.refactr.it
Container-based runners have been removed. All remaining container runners have been automatically converted to virtual machine runners.
Per-step tool versions now install tools globally on the runner. Previously, when selecting a tool version for an individual step, the agent attempted to isolate tool installation to that step.
Updated tool version lists. Some outdated/incompatible tool versions have been removed from the version dropdowns in the pipeline builder.
Fixed an issue where the Node.js Script module with an inline tool version was not using the correct Node.js version.
Fixed an issue where the Terrascan IaC file field in the pipeline builder was not selecting the correct radio button when Remote URL was used.
Fixed a bug where credential data field validation errors were not being displayed in the “Create Credential” dialog.
Improved the color of loading spinners in dark theme.
Added the “body” property to the run event log for the HTTP Request step module.
Removed the “Contact Support” dialog in the application. To create a support request, send an email to support@refactr.it.

v98.2, 7/11/21

Fixed an issue where default values for SecureString variables were not be handled properly in job and run variables.
Fixed an issue where default values for pipeline variables were not being merged properly in scheduled jobs.
Various internal upgrades.

v98.1, 7/7/21

Fixed a bug in the coloring of markdown editors in dark theme.
Fixed a bug in the Create Job modal where the page could break in certain cases.

v98, 7/6/21

Improved the background color of various code inputs.
Added a verbosity option to all pipeline steps. Verbosity controls how much data is sent from the agent to the application, which determines how much data is displayed on the run page. For backwards compatibility, the default verbosity of most step modules has not changed. HTTP Request steps can now have their request/response details omitted from the run page by setting the verbosity level to warn. Any “shell” type modules can have their stdout/stderr omitted from the run page by setting the verbosity level to warn.
Fixed a minor bug in the drag and drop animation for variable reordering.
Fixed a potential security vulnerability caused by CORS misconfiguration.

v97, 6/28/21

Added project and organization email notification system. Notifications can be configured by visiting the project and organization settings pages.

v96, 6/22/21

Runner Agent v1.100.1

Added SonarQube SonarScanner module. See the step module reference for more information.

v95, 6/11/21

Added Inputs and Outputs tabs to the pipeline builder step sidebar. The outputs tab now shows the available fields of the steps.<step id>.result object for the selected step.
Removed hover effect on scrollbars.
The form fields for many array-type step properties now clear the property from the pipeline YAML when emptied, rather than adding an empty array.
The Run Pipeline dialog now opens with the current pipeline revision, rather than always the latest revision, when opened from the pipeline builder.
Added a description field to pipeline output variables, which is now displayed in the step sidebar for included pipeline steps.
Runner list API endpoints and pages now sort by created date.
Fixed a bug in 2 list API endpoints where one of the fields query params was not being respected.
Fixed a bug where several list API endpoints would have an inconsistent sort order in some cases.
Other various UI improvements and fixes.

Runner Agent v1.99.12

Added 3 new step modules for working with Helm charts. See the step module reference for more information.
Added a response_type property to the HTTP Request step module. If provided, this property enforces an expected response body format.
The HTTP Request module now supports downloading binary response bodies to a file, and will stream the response in a memory efficient manner.
Fixed a bug where the Docker Build & Push and Checkov modules were not respecting the Working Directory property in some cases.
Fixed a bug where the Terrascan module’s policy_path field was not validating correctly.
Fixed an issue where if a CLI-driven module outputed only whitespace on the stdout or stderr, it could cause an exception in the agent.

v94.1, 5/30/21

Fixed a bug that prevented some step property dropdowns from switching to expression mode.
Fixed a bug where some step property dropdowns with multiple inputs would appear empty.
Improved the behavior of some step property dropdowns to remove fields from the step when empty, rather than adding an empty array.

v94, 5/29/21

Internal upgrades

Runner Agent v1.97.4

Added Docker Build & Push step module. See the step module reference for more information.

v93.2, 5/24/21

Fixed a bug which could cause an Oops! message in the pipeline builder in rare cases.

v93.1, 5/23/21

Fixed/improved several UI issues in dark theme, including text selection color.
Improved syntax highlighting modes for various code input fields.

v93, 5/19/21

Added a missing field in the OpenAPI schema Run model.
Various minor UI cleanups and bug fixes.
Addressed a CVE.

Runner Agent v1.95.11

Added support for dynamic loops in pipeline steps. See the Building Pipelines page for more information.
Added Azure CLI step module.
Added a deepequalto test function for expressions. See the expression reference for more information.
Removed strict RSA format validation for SSH Public Key credential types when created dynamically using the Credential step module.
Fixed a bug where the condition field on steps contained the pre-evaluated value after execution. It should now be a boolean after step execution, if it was set.

v92.1, 5/7/21

Improved syntax highlighting contrast of various code input fields in dark theme.
Various minor cleanups and fixes to dark theme.
Removed syntax highlighting from the run page Raw Text view.
Added shell syntax highlighting to runner startup script input field.
Addressed several CVEs.

v92, 5/2/21

Added dark theme.

v91, 4/30/21

Added AWS CLI step module. See the step module reference for more information.
Azure Resource Group and Azure ARM Deployment step modules now support authenticating with a Tenant ID in addition to a domain name. Either value may be provided in the Azure Service Prinicipal credential.
Subscription ID is now optional in the Azure Service Principal credential type. Currently this value must still be provided when using the Azure Resource Group and Azure ARM Deployment step modules.

Runner Agent v1.94.6

The agent no longer requires a configuration file, if all required configuration properties are provided through environment variables.
Pipeline steps that execute as subprocesses will now inherit select environment variables from the agent process, particularly $HOME.

v90, 4/27/21

Added and updated icons in various places in the application.
Updated various empty page messages.
Updated error toast styles.
Increased the maximum number of items displayed in some dropdowns.
Many dialogs now autofocus the top input when opened.
Various other UI improvements.

v89, 4/21/21

Added a pinned property to pipelines which, when true, will pin the pipeline to the top of the pipeline list page.
Fixed a bug where entering “undefined” for a step’s ID would cause layout errors in the pipeline builder.
Security patches

Runner Agent v1.93.0

Added a date_format expression filter which can generate date strings with a customizable formatter.
Added underscore-separated aliases for all findStep*() expression helper functions, such as find_steps_by_tag(), to make helper names consistent.
Changed Ansible tool installer to inherit the system virtualenv. This change fixes an issue where pip packages installed from a Shell Script step were not resolvable by the default Python interpreter used by Ansible.
The Ansible tool installer no longer automatically installs the ansible[azure] or libcloud. Cloud-hosted managed runners still have these libraries installed by default.

v88.1, 4/9/21

Fixed a bug where the “Disable on failure” feature was not being respected when runs were failed for exceeding the maximum run duration.
Fixed a bug where some dropdowns were displaying images at too large a size.

v88, 3/28/21

Added links to included pipelines from the pipeline builder for catalog includes.
Reorganized API schema tags for catalog endpoints.
Added a feature to update pipeline revision comments after creation.
Various minor bug fixes and enhancements.

Runner Agent v1.92.1

Added hmac, quote, split, merge, and merge_deep expression filters.
Added a env.PIPELINE_REVISION_ID env variable.

v87.3, 3/23/21

Changed the permissions required to publish private catalogs. All organizations on plans enterprise starter or higher can now create and share private organization catalogs. All public catalogs still require approval from Sophos Factory support.
Fixed a bug where privately shared catalogs could not be cloned in some cases.
Improved some API error messages.
Various minor UI improvements.

v87.2, 3/16/21

Fixed a bug where pipelines with multiple pipeline include steps were causing errors in the runner in some cases.

Runner Agent v1.91.1

Increased the memory usage limit for expression evaluations from 8MB to 32MB.

v87.1, 3/15/21

Minor fixes.

v87, 3/14/21

Added additional security around session tokens stored by browsers. This update will invalidate all user sessions.
Decreased two-factor authentication expiry from 7 days to 24 hours. Users with 2FA enabled will be be required to authorize with a mobile device after being logged out for 24 hours.

Runner Agent v1.91.0

Fixed a bug where ignore_errors was not working properly for pipeline include steps with failed sub-steps. ignore_errors should now properly propagate nested errors.
Fixed a bug where pipeline include steps contained merged input variables after execution. Pipeline include step variables are now set properly after execution.

v86.2, 3/11/21

Added horizontal scrollbar to the content area of most pages in the application on small screen sizes.
Fixed some layout issues where tables were overflowing their content area incorrectly on small screen sizes.

Runner Agent v1.90.6

Fixed an issue where using the Ansible installer module could lead to errors relating to the libselinux dependency not being resolved.

v86.1, 3/9/21

Fixed a bug where some buttons were not disabled in the builder for catalog pipelines.
Fixed a bug where the unsaved changes alert could appear in the builder for catalog pipelines.
Fixed a bug where the PIPELINE_REVISION virtual environment variable was not being set in the agent.
Some minor UI cleanups.

Runner Agent v1.90.5

Added a PIPELINE_CATALOG_ID virtual environment variable, which contains the ID of the catalog that owns the pipeline, if the run is from a catalog pipeline.

v86, 3/1/21

Release of Solution Catalogs. Catalogs are shared projects that can be published publicly. Users outside your organization are able to view, run, and include pipelines from published catalogs in their projects.
Breaking changes to API and pipeline YAML structure, detailed below.
Various fixes and UI improvements.

Catalogs Update Breaking Changes, 3/1/21

We will be introducing a few breaking changes and fixes in order to support the upcoming catalogs release. These changes affect the pipeline YAML schema and the resource schemas and path params of several API endpoints. If you’re currently using the Sophos Factory API, or storing/processing pipeline definitions outside of the application, please read on.

The pipeline_revision_id field of the Job API resource is changing from a number to a resource ID string.
The pipeline_revision_id field of the Run API resource is changing from a number string to a resource ID string.
The step properties of pipeline include steps in all pipeline definitions will have the following changes:
1. The properties._id step property key is changing from _id to pipeline_id. The value will remain the same.
2. The properties.revision step property key is changing from properties.revision to properties.pipeline_revision_id. The value is also changing from a number to a resource ID string.
API endpoints that use a {revision} path parameter are changing to use a {revision_id} parameter. This parameter is a resource ID string, instead of a revision number.

The common theme of these changes is that “revision numbers” are changing to “revision IDs” in all interfaces.

Existing runner agents will continue to function. However, runner agent versions before 1.91.x will enter our deprecation schedule, and will eventually no longer function, so it is recommended to update your self-hosted runner agents as soon as possible. We expect to support existing versions for 2 months after this release.

Additionally, all /catalog/* endpoints will be removed. These will be replaced with a new set of /catalogs/* endpoints with the release of Solution Catalogs.

These changes are expected to take effect on 2-28-21.

v85, 2/6/21

Improved the security of session token storage in web browsers.
Added an organization image feature. To upload an image for your organization, visit Account Settings -> Organization.

v84, 2/4/21

Added Aqua Trivy step module. Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts.
Removed an undocumented webhook events endpoint. This endpoint will be added again in a future release.
Fixed a limitation where some step module arguments fields had a minimum length.

v83, 2/1/21

Added Accurics Terrascan step module. Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code.
Added HashiCorp Vault credential step module. This module can fetch secrets from a HashiCorp Vault instance and load them into Sophos Factory credentials.
Some minor UI updates.

v82.1, 1/26/21

Fixed a bug where run quotas were not being applied correctly for runs created by incoming webhook.
Fixed a bug where the job page would not load in some cases.
Fixed a minor issue in rich text editor display.

v82, 1/25/21

Jobs have a new trigger type called “incoming webhook”. Incoming webhook jobs can be easily triggered from external systems that fire webhook events. Variables can be arbitrarily transformed from the input request using an expression.
CentOS 7 containers can no longer be created from the application.
Some bug fixes and QoL improvements.

Runner Agent v1.88.x

CentOS 7 container runners are now considered deprecated and will no longer recieve updates. They will remain in the app for some time, but users are encouraged to change their runners to use CentOS 8 virtual machines.
Added hard isolation technology to expression evaluation. Evaluation of expressions is now sandboxed, which provides an extra layer of security. Note that this does not prevent execution of arbitrary code in your pipelines (in fact, that’s a feature!). Rather, it ensures that expressions can never escape into the runner process environment, and also places limits on CPU and memory consumption during expression evaluation.
The runner agent distributable has changed to a tarball (.tgz) and now contains multiple installation files. Installation documentation has been updated to reflect this change.

v81.1, 1-5-21

Fixed a bug where the delete project button was not showing up in the app.
Improved the horizontal scrolling behavior of the run event viewer on the run page.
Routine security updates.

v81, 12-31-20

Added a “summary” field to pipelines. The summary is now displayed in pipeline cards by default. The “description” field now accepts Markdown syntax, and the description is rendered as rich text on the pipeline page. This is like a “README” file and is helpful for adding more detailed documentation for a pipeline.
Improved the UI of the run page. Run events can now be collapsed.
Added a “default” option to pipeline variables. When this option is true, the pipeline variable value will be used by default when creating runs if a value is not provided. This feature allows users to provide default values for visible variables. Previously only hidden variables could be used as defaults.
Pipeline variable values can now be omitted when saving a pipeline revision, even if the variable is required. The values will now only be required at run time.
Various improvements to API behavior when providing variables to pipelines, jobs, and runs. See below for more info.
Various other UI improvements.

Runner Agent v1.87.x

Fixed a bug where npm packages installed with npm install -g were not being found by the Node.js step module.
Fixed a bug where project variables were overriding pipeline variables with the same key when evaluating step variables for pipeline includes. The precedence is now reversed.
For VM runners, the docker service is now enabled by default.

Upcoming Changes to Pipeline Variables, 12/31/20

In order smooth over some API behavior, and to pave the way for upgrades to Sophos Factory’s variables system, we are making some changes to API and runner behavior that may be breaking for some users.

Currently, project variables are overriding pipeline variables for included pipelines when the variables have the same key. This is incorrect behavior, and it will be corrected in this update by reversing the precedence (pipeline variables will take precedence over project variables with the same key when evaluating pipeline step include variables). To check whether this might be a change in behavior for your pipelines, look for project-level variables with the same keys as as pipeline variables (including those created by the “Set Variables” step module), and check if those are also being used in the step variables for an included pipeline.
It’s currently possible to create pipeline runs using the API by omitting variables entirely, even if there is at least one required pipeline variable. This defers the full validation to the runner agent, which will always reject these cases. In this update, API requests to create runs (pipeline and job) without variables in the request body when at least one variable is required will be rejected with a 400 status code. Because these cases would currently fail, it’s unlikely this change will affect many users.
It’s currently possible to provide a value at run time for a hidden pipeline variable when using the API. While the value will always be overridden by the hidden value, the API request will pass validation. This behavior is changing so that providing a value at run time for a hidden variable will fail with a 400 status code.
Currently, when creating pipelines, variables marked as required must have a value provided. This behavior is changing so that a value is only required when the variable is marked as both hidden and required.
A new “default” option will be added to pipeline variables, which will specify whether the value specified in the pipeline variables will be used by default if a value is not provided at run time. This is a backwards compatible change.

These changes are expected to take effect on 12/31/20 at midnight PST.

v80, 12-22-20

Fixed a rare bug in the pipeline designer that could break the page.
Added an env.* context variable to expressions which contains the “virtual” environment variables used by pipeline steps.
Improved the error message displayed when a project has no runners assigned and a pipeline is run.
Added a feature for guest users to leave an organization.
Added Vault AppRole credential type.

v79, 12-10-20

Added Java installer step module.

v78, 12-8-20

Added Bridgecrew Checkov and Checkov installer step modules.
Renamed “Bearer Token” credential type to “API Token”. The old “Bearer Token” (bearer_token) has been deprecated and will be removed in a future release.
Fixed a bug in calculation of subscription credits in certain cases.

v77, 11-24-20

Switch to credit-based subscriptions. Organization administrators can now configure subscription credit allocation to runner, user, and project counts.

v76, 11-12-20

Updated the navigation bar to match the Sophos Factory color scheme.
Improved release rollout behavior, which should largely eliminate downtime during updates to the cloud-hosted platform. Expected downtime going forward will mostly be limited to planned maintenance windows.
Fixed a bug where self-hosted runners would not transition to Stopped state after going offline.
Fixed a bug where some form fields were not displaying values correctly.

Runner Agent v1.82.6

Added a LOG_LEVEL option to configuration file. Options are info, debug, warn, error.
Added global tool installer step modules for all supported tools, plus a few additional tools including the AWS CLI and HashiCorp Vault CLI (a dedicated Vault CLI step module is coming soon!).

v75, 11-7-20

Add an “unsaved changes” dialog when the step sidebar is closed in the builder and there are unsaved changes.
Improved the display of step names in builder steps.
Pipeline include steps in the builder now display an icon.

v74, 11-5-20

Users are now navigated to the job page after creating a job.
Fixed a bug preventing installation of custom kubectl versions from the kubectl step module.
Fixed a bug where some variable combinations would cause errors in the agent.

v72-v73, 10-20-20 - 11-3-20

Internal infrastructure upgrades.

v71, 10-20-20

Removed personal accounts (see below).
Internal infrastructure upgrades.

Personal Account Migration, 10/21/20

Currently, Sophos Factory offers “personal” accounts, which have limited features, and are only accessible by a single user. This functionality is being replaced by “community” plans which, while still free, will require that all users be associated with a named organization.

On 10/11/20, we will be migrating all users to be associated with a single “primary” organization. All personal projects will also be moved into the primary organization assigned to each user.

Important notes:

Personal projects, and all data within them, including pipelines, variables, jobs, and credentials, will become owned by your organization.
- Organization administrators will be able to view, modify, and delete all of your personal account data.
- A temporary group will be created in organizations for each personal account migrated, granting each user access to their migrated personal projects.
All pending organization and project invites will be revoked, and will need to be resent.
If you’re not sure which organization will become your primary organization, please contact us at support@refactr.it

v70, 10-14-20

Internal infrastructure upgrades.
More info is displayed in the UI about the Authy app for 2FA authentication.
Fixed a minor bug in Authy push notification messages.

v69, 10-13-20

Improved responsive layout behavior for desktop screens.
Added a function-style syntax for retrieving credentials, credential('my_cred_id'). Equivalent to the filter style, 'my_cred_id' | credential.
Added several expression test functions for checking the state of local files and directories.
Fixed a bug where template expressions were being coerced to strings in some cases.
Minor UI improvements

v68, 10-12-20

Some SDK improvements (CLI, Node.js API client)
Minor UI improvements

v67, 10-6-20

Reduced minimum job scheduler interval to 1 minute.
Added a feature to enable/disable the automatic disabling of jobs when scheduled runs fail.
Minor UI improvements

v66, 10-5-20

Fixed a bug where some run events would have duplicates in the run log.
Further improvements to API error response behavior.

v65, 10-1-20

Updated login page design.
Added password reset feature from the login page.
Pipeline builder sidebars now remember their last position.
Other minor UI improvements.
Application performance improvements.

v64, 9-27-20

Login emails are now case-insensitive.
Improved logo display in the Authy app on mobile devices.

v63, 9-24-20

Improved the project chooser page with organization filter and New Project button.
Added close buttons to pipeline builder sidebars.
Users are now granted individual access to projects they create, unless they’re in the Administrators group.
Personal project invites have been disabled.
Other minor UX improvements and bug fixes.

v62, 9-20-20

Beta release of virtual machine hosted runners. Visit the Runners page and open the New Runner dialog to create a virtual machine runner.

v61, 9-12-20

Project quotas are now enforced on creation
Fixed a bug in the kubectl module where the dry_run option was being treated as a boolean
Added steps.<id> syntax to pipeline expressions. This is a more compact alternative to findStepById(id)
Improved run event secret replacer algorithm. Now splits secret values on newlines and treats each line as an individual secret.
Some minor UI fixes.

v60, 9-6-20

Increased default maximum run queue size to 100
Improved API error handling and error responses. Added JSON response data for several common API errors.
Some minor UI cleanups

v59, 8-30-20

Fixed a UI bug that was causing flashing on initial page load
Some minor UI cleanups

v58, 8-28-20

Improve application Content Security Policy headers; other application behavior tweaks
Application performance improvements
Some minor UI fixes

v57, 8-23-20

Added Credential step module.
Added more options to the runner config file for controlling log file behavior. Now supports various types of rolling logs.

v56, 8-19-20

Improvements to secret field UI, for example in variable forms for SecureString variables.
New pipeline icon.
Improved step module names, labels, and icons.

v55, 8-15-20

Minor bug fixes and performance improvements.

v54, 8-14-20

Improved pipeline validation. The YAML editor in the builder now gives more detailed validation error messages.
User is now routed to the pipeline builder after creating a new pipeline.

v53, 8-11-20

Added user to pipeline revision history on pipeline details page.
The step sidebar in the pipeline builder now displays detailed validation error messages in a tooltip.
The HTTP Request step module now defaults to https:// if no protocol is specified in the URL. Also improved error messages when an invalid URL is provided.

v52, 8-6-20

Added Go Executor step module.
Minor bug fixes.

v51, 8-5-20

Minor improvements.

v50, 7-30-20

Added three output suppression options to jobs and runs. These are suppress_vars, suppress_outputs, and suppress_events. With all three options enabled, no run data will be sent to the Sophos Factory application from the runner, and variables associated with the run are not saved.
Other minor improvements.

v49, 7-26-20

Ansible playbook content and file path are now exclusive; provide one or the other but not both. Only applies to direct YAML edits.
Git checkout step module destination path is now optional, and defaults to the run directory
After cloning a pipeline, the user is now redirected to the appropriate pipeline list page.
All API endpoints for running pipelines now include additional JSON response fields.
Hidden run variables are no longer displayed on the run page in the Variables dialog.
Added tooltips in a few places.
Fixed a bug where authentication sessions could sometimes be lost without being redirected to the login page.
Performance improvements. In particular, initial page load time has been improved significantly.

v48, 7-20-20

Beta release of self-hosted runners. Users on organization plans can now create new runners from the organization settings page. See the user guide for more information.
Added a few secondary tools to cloud-hosted runner image, including jq CLI tool.
Now enforcing stricter validation on JSON and YAML inputs. In most fields in the application, YAML must only use language features that are transformable to JSON.
Fixed a bug where API status codes were 500 in some cases where they should have been 401.
Various minor UI and performance improvements.

v47, 7-2-20

Launched new documentation site.
Improved the kubectl step module significantly. The module can now execute any kubectl commands, and has an inline/file kubeconfig property for conveniently generating a kubeconfig file for the step.
Added a Run button to the pipeline builder page.
Various minor UI improvements.

v46, 6-17-20

Added CIS-CAT Assessor step module.
Some UX improvements to OpenSCAP scanner step module.
Fixed a bug where builder arrows could disappear in rare cases.
Updated documentation.

v45, 5-29-20

Added OpenSCAP scanner step module. This module executes the oscap and oscap-ssh tools to process SCAP content files such as XCCDF and OVAL, as well as perform automated benchmark assessments against remote systems.
Added Assert step module. This module can be used to fail a pipeline if a condition is not met.
Added Bearer Token credential type support to HTTP step module.
Added read_file() expression helper function.
Added stricter validation for SSH Private Key credentials. Now only allows PEM-encoded RSA keys.
Improved in-app support. New support site.
Some minor UI updates.
Updated documentation, particularly expression reference.

v44, 5-21-20

Added feature to set a custom image for each step in a pipeline, including built-in step modules.
Fixed a bug where HTTP step result fields were not set properly when the step failed and ignore_errors was true.

v43, 3-22-20

Added two-factor authentication feature. Enable this feature from Account Settings -> My Profile by configuring a mobile device.
Some UI bug fixes.

v42, 3-3-20

Fixed a UI bug where new Boolean variables were not being initialized correctly in some variables forms.
Added reference documentation for step results.
Added documentation about step results.
Added documentation about agent Idle TTL and Autostart.
Various other documentation cleanups.

v41, 2-28-20

Added result fields to script step modules (Bash, Python, Node.js, Powershell) and CLI-driven step modules (Ansible Playbook, Terraform). Fields include stdout, stderr, and exit_code.