Release Notes
Product Version
1.4
Release Date
November 28, 2025
Brief Description
This release is focused on optimizing product performance, improving UI/UX, and integrating with even more leading security tools. We continue to improve processes and expand the capabilities of the solution.
Summary
- SSO Authentication - a new authentication method in TRON.ASOC
- Transitioned to a new database (Clickhouse) to improve user experience - Basis for new high-performance features
- New integrations - SASTAV, Gitlab Advanced SAST, AppSec.Sting
- Background creation of large reports is now available
- Added the ability to upload files when configuring customizable project fields
- Now unsupported tools in TRON.ASOC are accounted for more accurate scanning statistics
-
- other pleasant UI and UX improvements and system capabilities.
What's New (New Features)
SSO Authentication (Single Sign-On)
- Quick integration of single sign-on via IdP
- Centralized user access management
- Automatic synchronization of accounts and roles from IdP
- Reduced authentication setup time
- Enhanced security through a single authentication point
- Simplified login process for users (Forced SSO)
What changed for the user: Simplified and secure login to TRON.ASOC using SSO without the need to create separate accounts.
Clickhouse
Transitioned to the column-oriented database management system (DBMS) Clickhouse, designed for processing analytical queries in real-time, which reduced the query processing time within ASOC.
What changed for the user: Dashboard and metric generation in TRON.ASOC became faster.
Improvements (Improvements & Enhancements)
Manual Tools
Now it is possible to explicitly recognize any security tools (by added tool name) that are not integrated into ASOC. The platform will take scan results into account in overall statistics, metrics, and will allow filtering vulnerabilities by this tool.
What changed for the user: Various manual tools not integrated into TRON.ASOC are now separately filtered and accounted for in overall metrics.
Large Report Generation
- Reduced system load when working with large data volumes
- Improved stability when generating complex reports
- Reports are now created in the background without the need to wait for real-time report receipt
- Users can continue working in the system during generation
- Upon completion, a notification with a link to the ready report is sent
- Reports can be downloaded multiple times
What changed for the user: It is now possible to generate large reports without data limitations and in the background.
User Triage Process Improvements
Added the ability to directly navigate via link to the Git source from a specific security issue.
Quality Control Metrics Detailization in Project
Added information about failed quality control metrics to security checks, to see target and actual indicators for the quality control metrics specified.
Integration Interaction Flexibility
- Optimized interaction with Solar Appscreener:
- increased request processing timeout
- added the ability to configure API requests and download them for more flexible tool management
- Added functionality to use security tools without using authentication methods for security tools. In this case, scans from ASOC will be unavailable, but manual import of results will be possible.
- Connection Check (Test connection). In the scanning source settings, added the ability to skip the connection check during scans (in case there is no network access to the sources).
- Expanded access management settings for task trackers. Rights and access to task tracker settings (view, manage, delete, view credentials, create tasks) are separated.
Dashboard
Added configuration of a summary widget for all tools with the ability to "disable" display of tools that are not used or not needed for display on dashboards and in reports.
Security Issue Additional Information Refactoring
Due to the appearance of new characteristics and fields for Security Issues, the following components have been refined:
- refined Duplicates, History tabs - added search, filtering, History display settings, as well as the ability to navigate to the deduplication rule from the Duplicates tab
- unread comment tracking functionality - added the ability to see whether comments in which the user was mentioned have been read.
Extended Scanning Results Information
Now it is possible to view the source branch/tag in scanning results.
Summary Report Refinement
Added the ability to see overall statistics for selected projects in the summary report.
Bug Fixes
Missing Category for Some Security Issues
Adjusted data mapping for correct display of security issue category.
Incorrect Behavior During Duplicate Selection
Now reassigning duplicates does not create dependency chains, and the ability to navigate to the parent (main) duplicate (master-issue) has been added.
New Integrations (Integrations)
SASTAV
Implemented API integration with the SASTAV tool, designed for static application security testing (SAST), detects vulnerabilities, defects, and security violations at the build stage or in CI/CD.
Gitlab Advanced SAST
https://docs.gitlab.com/user/application_security/sast/gitlab_advanced_sast/
Implemented integration with the Gitlab Advanced SAST tool, designed to automate the process of code analysis for vulnerabilities in early development stages and improve application security within the DevSecOps process.
AppSec.Sting
Implemented CLI integration of the AppSec.Sting tool, designed for security analysis of mobile applications.
Upgrade Instructions
Feedback & Support
Conclusion
We continue to expand the functionality of the solution, improve the user experience of interaction, accelerate processes, in order to handle growing volumes of data and ensure system stability under high load.