Skip to content

Release notes

Release notes
  • Version: 6.3.0
  • Build number: 13705
  • Release date: 2025-06-11 (general availability)
  • Server version: nanitor-6.3.0.13705-17070-master
  • Agent version: nanitor-6.3.0.13705-17070-master
  • Collector version: nanitor-6.3.0.13705-17070-master

Welcome to Nanitor v6.3.0!

Nanitor v6.3.0 brings new features to help you see, monitor, and audit your security landscape with greater clarity and confidence. As always, this release is built on Nanitor’s belief that assets are the core of your organization’s security: if you can see, understand, and monitor the health of every asset, you can drive effective, risk-based defense.

Whether you’re responsible for compliance, daily operations, or managing security for multiple organizations, these updates are designed to make your work faster, clearer, and more effective.

Highlights in this release (see details below):

  • Feed Overview panel to track and troubleshoot vulnerability definition updates.
  • Service health endpoints for monitoring Nanitor’s operational status with your monitoring tools.
  • Major Asset Graph enhancements for easier visualization of large and complex inventories.
  • Expanded Public API and Activity Log for more automation and audit tracking.

What’s New for Partners and MSPs?

Partners and MSPs gain new capabilities for asset-centric security at scale:

  • Public API enhancements: Retrieve richer asset, software, and audit log data for your own dashboards, reporting, or customer integrations.
  • Service health endpoints: Integrate Nanitor’s health checks with your own monitoring systems for reliable operations and SLA compliance.
  • Integrations improvements: Onboard and connect with third-party platforms more easily.

Customers benefit from these changes, along with improved navigation and usability in the Settings sections (Organization Management and System Management), and a new filter to quickly identify duplicated assets in the inventory.

Highlights

Feed Overview Panel

Know your coverage: Track incoming vulnerability definitions and feed health

The new Feed Overview panel gives you a clear, real-time view of all vulnerability definition feeds flowing into your Nanitor environment. This helps you quickly confirm that new vulnerability and configuration checks are up to date, understand exactly what’s being monitored, and spot any issues as soon as they occur. By making the feed process visible, this panel helps build trust in your vulnerability coverage and makes it easier to react if anything is missing or out of sync.

Key benefits:

  • Instant visibility: See all integrated vulnerability feeds in one place.
  • Track daily updates: Visualize new checks added each day and last update timestamps.
  • Spot problems early: Quickly identify sync issues that may point to connectivity or upstream problems.
  • Audit readiness: Supports compliance by giving partners and customers a clear record of feed status.

How to use it:

  • Navigate to Inventory → Known vulnerabilities, then click "Feeds Overview" (upper right).
  • Use this view to validate feed health, verify update frequency, and resolve data pipeline issues.
Feed Overview dashboard
Example: Feed Overview dashboard showing integrated feeds and recent update activity.

Microservices Health & Readiness Endpoints

Easily monitor the health of Nanitor services - cloud or on-prem

All Nanitor microservices now provide standardized /health and /ready endpoints for integration with your own monitoring stack. Use these endpoints to check Nanitor’s operational status and dependencies at a glance, ensuring your platform stays reliable and responsive.

Key benefits:

  • Service assurance: /health shows if each microservice is running.
  • Dependency awareness: /ready checks if all critical dependencies are connected and operational.
  • Automatable: Integrate with Prometheus, Datadog, Zabbix, or other enterprise monitoring tools.
  • Proactive support: Partners can use these endpoints to guarantee uptime and accelerate troubleshooting.

How to use it:

  • Add /health and /ready endpoints to your monitoring system’s checks.
    Example:
    $ curl https://my.nanitor.net/ui_api/health | jq
{
  "status": "ok"
}
$ curl https://my.nanitor.net/ui_api/ready | jq
{
  "status": "ok",
  "dependencies": {
    "db": "connected",
    "queue": "connected"
  }
}
    Returns a simple status indicating whether the service is running and ready.

Asset Graph Enhancements

See and navigate complex asset environments with ease

The visual Graph Inventory is now smarter and easier to navigate, supporting environments with thousands of assets.

Key benefits:

  • Decluttered graphs: Automatic grouping of nodes by type and connection reduces clutter.
  • Intuitive navigation: New OS-based icons and node visibility toggles.
  • Faster analysis: Merging and aggregation features simplify analysis of large, interconnected environments.
  • Scalable: Especially valuable for MSPs and large enterprises managing diverse inventories.

How to use it:

Open your Graph Inventory (under Inventory → Graph) to see the new grouping, toggling, and aggregation features in action.

Enhanced Asset Graph
The Graph Inventory now groups and aggregates assets, making large environments more navigable.

New Features

Scanner Data Ingestion API

Ingest external scan data for comprehensive asset inventory

We’ve expanded our API and provided an open-source nanitor-scanner to help organizations and partners automate asset discovery. This ensures your inventory and asset health monitoring always reflect reality.

Key benefits:

  • Broader coverage: Pull in assets from other scanners (IP, MAC, OS, open ports, etc.).
  • Richer inventory: Data is displayed directly in the Nanitor UI for easy search and reporting.
  • Automation-ready: Partners can schedule scans and automatically import results, integrating Nanitor into existing workflows.

How to use it:

  • Download and configure nanitor-scanner to run network scans.
  • Use the Nanitor API to upload results—Nanitor will enrich and visualize the imported data.
  • Results from any compatible tool can also be uploaded using the same API endpoint.

Public API Enhancements

Automate, integrate, and report on all your assets — your way

Nanitor’s Public API now provides more asset detail, greater audit coverage, and better validation for integrations, automations, and reporting.

Key benefits:

  • More information in Asset Detail endpoint: The asset detail endpoint now includes a list of the top 10 issues and installed software on the asset.
  • Expand parameter for Asset List endpoint: Use expand=issues and expand=software parameters to retrieve the top 10 issues or installed software for each asset in a single API call.
  • Issue and software list endpoints for a given asset: New endpoints have been added to retrieve a full list of issues and installed software for a given asset.
  • Activity Log API endpoint: Query the full Activity Log via the Public API for programmatic audit, monitoring, and reporting.
  • Improved import validation: Public API imports now feature enhanced validation and clearer error feedback.

How to use it:

  • See the Nanitor API documentation for usage and examples. See in particular: https://api-docs.nanitor.com/#section/The-expand-parameter
  • Try the new API parameters and endpoints to enhance your automations and integrations.
Public API expand usage
API: Example of using expand=issues and querying the Activity Log via Public API.

Activity Log Expansion

More system and user events are now tracked in the Activity Log, including:

  • Public API driven asset and label changes
  • Diagnostic requests and logs

Key benefits:

  • Enhanced traceability: Most asset-related changes and events are tracked and audited, supporting compliance and managed services.
  • Improved troubleshooting: Quickly identify the source and timeline of configuration or asset issues.

How to use it:

  • Access the Activity Log from Reports → Activity Log, or retrieve events using the new Public API endpoint.

Duplicate Asset Filter

Clean up your asset inventory

A new filter in the Asset Inventory lets you quickly identify assets with duplicate hostnames or MAC addresses. This helps root out stale or duplicated assets and can reveal integration issues or manual entry mistakes, keeping your asset inventory healthy and reliable.

Key benefits:

  • Cleaner inventory: Detect and resolve duplicates, maintaining a single source of truth.
  • Bug reporting aid: Use the filter to highlight potential platform issues where duplicate assets are being created.
  • Time saver: Archive or merge duplicate records in bulk.

How to use it:

  • Open the Asset Inventory and use the “Duplicate assets” filter (under +More) to view and address duplicates.

Improvements

  • More Linux distributions recognized in inventory: Nanitor now identifies and displays OpenSUSE, OpenSUSE Leap, Linux Mint, VMWare Photon OS, Pop! OS, and more in the Asset Inventory. Note: These OS types are detected and shown, but do not yet have dedicated security configuration or vulnerability checks.
  • Better forensics for macOS: Issue forensics for macOS have been improved to show XML file paths where applicable, making investigations easier.
  • Integrations overview: You can now see all available integrations — including Datto, Ninja, Intune, and the Nanitor API — summarized in one place under Organization Management → Integrations.
Integration Overview
Integrations: Overview of available integrations and links to detailed references.
  • Settings navigation: The Settings pages (Organization Management and System Management) now feature improved navigation and usability for a smoother experience.
  • Asset Graph scaling: Node scaling in the Graph Inventory has been improved for clearer hierarchy and easier navigation in large environments.
  • Collector debug output: Debug output from the Nanitor Collector now supports more view options and the ability to download the log for improved troubleshooting.

Bug Fixes and Performance Enhancements

  • False positives fixed: Corrected misconfiguration checks for Apache Http server (rule: Ensure KeepAliveTimeout is set to 15 or less).
  • Software inventory fluctuation: Addressed issues causing software inventory records to fluctuate or show inconsistently.
  • Access control: Corrected some inconsistencies in permission checks for data visibility throughout the UI (Team member role).
  • Issue attack maps: Issue attack map tab has been fixed to work for all issues, not just the highest priority ones.

Documentation

  • Swagger documentation: API docs: Added branding and improved introduction and usage instructions for easier onboarding and partner integration.

Known Issues

Incorrect issue violation counts in reports

Issue Violations issue: A bug has been discovered in the issue violations count used in the Issue Trend Metrics Report and Issue Progress Dashboard, which caused the count to be erroneously calculated as 0 since January 2025. The issue has now been fixed for new calculations, but the previously calculated counts for January–May 2025 are incorrect. We decided not to make the 6.3.0 upgrade automatically recalculate the historical data, as this would have been an expensive and time-consuming calculation. It is possible to recalculate it if desired, though it might take some time to process. If you need this historical data, please file a ticket with us and we will help you.

Thank you for being part of the Nanitor community! Your feedback helps drive every release and makes the platform stronger. For detailed documentation and support, visit the Nanitor User Guide or the Nanitor Knowledgebase. Need help? Contact us at [email protected].