Skip to content

Release notes

Release notes
  • Version: 6.2.0
  • Build number: 16943
  • Release date: 2025-05-02 (general availability)
  • Server version: nanitor-6.2.0.13521-16943-master
  • Agent version: nanitor-6.2.0.13521-16943-master
  • Collector version: nanitor-6.2.0.13521-16943-master

Welcome to Nanitor v6.2.0!

Nanitor v6.2.0 introduces major enhancements to API extensibility, agent feed visibility, asset discovery, and a unified security-benchmark rule list — ensuring security and compliance teams can operate with greater insight and precision.

For organizations, MSSPs, and partners, this release includes a powerful stand-alone network scanner, and introduces significant Public API enhancements that emphasize support for integrations and automation workflows. These improvements are especially beneficial for managed service providers looking to align Nanitor more deeply with their internal tools or client-facing platforms. This enhanced API foundation makes it easier to build custom reporting tools, orchestrate data flows, or embed Nanitor capabilities within existing dashboards.

Highlights

Public API Enhancements

API docs updated
Significant updates in the API docs. See https://api-docs.nanitor.com

We've refactored our Public API from the ground up to simplify integration, improve validation, and support fine-grained filtering. The API documentation is now significantly clearer and more comprehensive.

New flexible filtering syntax allows passing multiple values, like ?hostname=joes-laptop,annes-laptop and operators ?hostname=notin:foo,bar. All fields support flexible filtering unless noted otherwise in the documentation. For more information, see the documentation: https://api-docs.nanitor.com/#section/Filters

Key changes:

  • Introduction section and more thorough authentication instructions added to the documentation.
  • Cleaner schema & Swagger — every endpoint now ships with better examples of requests and responses. Documentation has also been improved for most endpoints and fields.
  • Flexible filtering support added, including operator support and multiple values.
  • Additional example values provided for fields, requests, and responses.
  • A number of API properties have been marked as deprecated and renamed versions added for improved consistency.
  • Detail endpoints have been added to correspond to all list endpoints that did not have a corresponding detail endpoint.
  • In certain places where an ID for an associated object was provided but no other information, an embedded object has been added with further info.
  • New query filter fields have been added for various endpoints, including search fields for many list endpoints for ease of searching for objects in a similar manner to the search box in the Nanitor Portal.

The new version of the Public API is v1.2.0. We've tried to ensure that the updates are compatible with the previous versions so that existing integrations should not be affected.

How to use it

  1. View the updated and much improved API docs website.
  2. Open Organization Management → API Keys and create a token and get started using the API.

Track Agents with Verified Vulnerability-Feed Coverage

Agents now report the exact OVAL/OSV definition timestamp they’re using, giving you ground-truth confirmation instead of assumptions.
Coverage status is surfaced directly in the Nanitor UI — both in the Asset Inventory grid and each Asset Details pane.

Key benefits

  • Instant insight — spot stale or missing definitions to be able to react in time to stay secure.
  • Evidence-based — agents supply the feed’s build time and version, so nothing slips through the cracks.
  • Rapid troubleshooting — outliers may flag disk-space issues, network blocks, or outdated agents.
  • Audit confidence — prove every asset is scanned against the freshest data.

How to use it

Viewing and filtering assets by OVAL feed coverage
Filtering and viewing assets by OVAL-feed coverage status.
  1. In Asset Inventory, open More → Vulnerability OVAL Coverage and filter by Up to date, Outdated, or No coverage.

This enables filtering the list based on the property.

  1. Click Customize columns and add Vulnerability OVAL Coverage (hidden by default) to show the column in the list and enable sorting and export of it.

  2. From any asset, open Details and review the Vulnerability OVAL Feed Coverage line to see the exact timestamp and hash.

Coverage info in Asset Details
Per-asset feed timestamp and version in Asset Details.

NOTE: OVAL coverage is our most detailed vulnerability detection method with the widest coverage and lowest false positive rate. No OVAL coverage on a supported platform can be due to out of date agent versions or operational issues on the device, such as being out of disk space, etc.

Tip: After upgrading to 6.2.0, agents need one full check-in before coverage data appears, so “No coverage” may show for up to 24 hours.

Network Scanner for Rapid Asset Discovery

Downloading the Nanitor scanner from GitHub
Downloading the [Nanitor scanner from GitHub](https://github.com/nanitor/nanitor-scanner).

Nanitor now offers the powerful Python-based nanitor-scanner, which employs well-known open-source tools, including Nmap, Gobuster, and httpx, to perform quick, agent-less discovery. It merges every tool’s output into a single JSON file that can be imported directly into Nanitor. (GitHub - Nanitor/nanitor-scanner: Nanitor scanner - A comprehensive network scanner for security assessments and discovery)

Key benefits

  • Faster onboarding — quickly map local or unfamiliar subnets during initial deployments or when auditing environments.
  • Rich host context — includes hostnames, open ports, service banners, OS fingerprints, and device types.
  • Auto-scope convenience — omit the -n/--network flag to automatically detect local interfaces and scan connected subnets, including detailed layer-2 info when run on-network.
  • Seamless API import — send results to your Nanitor organization with a single command.
  • Open-source flexibility — customizable, and easy to integrate into your workflows.

How to use it

  1. Download the latest release from https://github.com/nanitor/nanitor-scanner.

  2. Set it up:

  3. Follow the instructions in README.md.

  4. We recommend running the scanner on a Linux VM with internal network access.

  5. Run a scan: 

# Scan a specific CIDR
sudo -E python nanscan.py -n 10.0.0.0/16 -o scan_results

Or to auto-detect and scan local subnets:

# Or auto-detect and scan every local subnet
sudo -E python nanscan.py -o scan_results

  1. Import the results into Nanitor

    # Set your endpoint + API key (write-scope)
export NANITOR_API_URL="https://my.nanitor.net/system_api"
export NANITOR_API_KEY="YourWriteEnabledApiKey"

# Import into the desired organisation
python api.py import scan_results/nanitor_import.json --org-id <ORG_ID>

  2. Optionally schedule the scan via crontab to keep the inventory fresh.

Tip: when an agent later installs on a discovered host, its results merge into the same asset record, maintaining a single source of truth. The identification is based on the IP address and hostname and is best effort.

We will be working on improving the UI/UX for the scan information that is ingested, including adding the ability for the API to import the MAC address, SNMP and open port data, which is scheduled for version 6.3.0. Any feedback is much appreciated.

Global Security-Benchmark Rule List

All Rules overview
The new All Rules grid brings every system benchmark into one view and enables searching globally in the rule catalog.

Maintaining consistent hardening policies becomes tricky when you track dozens of operating system benchmarks — for example, CIS Windows Server 2016 vs 2019 vs 2022, or Ubuntu 20.04 vs 24.04.
The new All Rules grid solves this by collapsing every Nanitor security benchmark into a single, searchable table. Type a keyword such as “password” and instantly surface every password-related rule across Windows, Linux, macOS, and network-device baselines. Side-by-side visibility lets you verify that your baselines enforce the same settings everywhere — or quickly spot (and fix) drifts.

Key benefits

  • Unified visibility — see thousands of OS-specific rules from one page instead of hopping between benchmarks.
  • Faster policy tuning — compare overlapping controls (e.g. password complexity or audit logging) and keep settings consistent across versions.
  • Baseline optimization — use the Applicable Assets filter to show only rules that matter to the hosts you actually manage, highlighting coverage gaps.

How to use it

  1. Go to Security Configuration → All Rules.
  2. Search or filter:

  3. Enter a keyword (e.g. password history (like in the screenshot above), logging, firewall) to group related rules.

  4. Review details: click a rule to open its modal, then jump straight to affected assets or to the full benchmark profile via inline links.

  5. Export: click Export → CSV (or → PDF) to pull the filtered set into a spreadsheet or audit bundle.

  6. Iterate: adjust your baseline templates until every benchmark enforces the same control level.

Improvements

These additional updates enhance overall reliability and provide operational insights for advanced users and internal teams:

  • Ubuntu 24.04 Benchmark Support: The CIS benchmark for Ubuntu 24.04 has been implemented and made available.
  • Extended End-of-Life Detection for Linux OS Versions: We've added this for major linux distributions (Debian, RHEL, Ubuntu, AlmaLinux, Amazon Linux, Oracle Linux, SLES).
  • Interactive "Issue Attack Map" Visualization: Issues now have an Attack Map to identify the most prevalent attack paths.
  • Software Inventory CSV Export Now Includes Asset Hostnames: Software inventory exports for compliance use cases now include the hostnames of assets with that software.
  • Identity Audit Report Exports to CSV: The Identity Audit report can now be exported to a CSV file for improved usability.
  • *Affected Devices Included in Vulnerability Notification Emails: Email alerts about multiple vulnerabilities found on a single asset now include the hostname of the asset.
  • API Key Management UI Enhancements: The API Key management page has been improved and made more informative.
  • CPE Match Shown for Transparency in Software Inventory: The matching CPE entry is now shown to better show the link and help troubleshoot vulnerability matching.
  • Forensics Visibility for API-Ingested Vulnerabilities: Vulnerabilities imported through the Nanitor API will now show forensics information in the issue detail, which enables providing findings to help with understanding and remediation when importing vulnerabilities from other sources.
  • Feeds Dashboard & Reporting Enhancements: We've added a dashboard for feeds under Inventory -> Known Vulnerabilities -> Feeds. The purpose of the dashboard is to summarize information about changes in the feed. It is a work in progress and more information will be included in next release notes.

Bug Fixes

  • Fixed processor-core count in Asset Details — physical and logical CPU counts now display correctly on all hosts.

  • Corrected completion status in “Assets” tab for issue resolution projects — an asset is now marked Completed when all issues in the project have been either resolved or excluded on that asset, not just resolved.

  • Eliminated “NaN” values in Assets column when assigning issues to a project — in the issue assignment step when creating an issue resolution project, the Assets count would sometimes be shown as NaN instead of the actual affected count.

Thank you for using Nanitor! For more in-depth documentation, check out the Nanitor User Guide or visit our Knowledgebase.