Changelog
What is new in NANOTESTING
Every release ships safer scans, clearer findings, and more audit-ready evidence. Each one gets a name we probably should not have let through code review.
Sneaky Walrus
v1.7Compliance and audit views you can scope to a single target, an honest Provisional grade when a check cannot finish, and fewer false positives.
- NewSee compliance for one target at a time: /compliance toggles between your whole workspace and a single target, the dashboard compliance card can scope to a target, and you can export an evidence pack covering several targets at once.
- NewFilter the audit log by target, so you can pull the history for just one system.
- NewA 14-day free trial on the paid plans, now shown clearly on the pricing page.
- ImprovedHonest risk grade: when some checks could not finish, the grade is marked Provisional on screen and in the PDF, and a check that was skipped is never shown as a clean pass.
- ImprovedWider automatic API spec discovery across more frameworks, so contract fuzzing can run without uploading a spec by hand.
- ImprovedLive scan progress now updates on its own, with no manual refresh needed.
- ImprovedClearer Web3 guidance to add a free Etherscan key so on-chain source checks can run.
- ImprovedRefreshed sample report and sample dashboard that match the real product, completed integrations docs, and new in-depth security guides on the blog.
- FixedFewer false positives in HTTP request-smuggling and ERC-20 on-chain probes.
- FixedMore accurate status page that reports the real current status.
Purple Monkey
v1.6Audit-ready compliance evidence packs, an honest posture across seven frameworks, and a phone-friendly dashboard.
- NewCompliance evidence packs you can hand an auditor: a dated, scoped, control-by-control PDF, CSV, or JSON, with the assessment date, the systems in scope, and the evidence behind each control.
- NewTen new in-depth guides in the security blog, each with a shareable preview card so they look great when posted.
- ImprovedHonest compliance posture: controls an external scan cannot assess are clearly marked, never quietly counted as passing.
- ImprovedThe whole dashboard now works one-handed on a phone, with a native-feeling bottom navigation.
Crazy Train
v1.5OWASP Top 10 2025 everywhere, and injection, XSS, and SSRF now count toward your framework posture.
- ImprovedFindings map to the OWASP Top 10 2025 categories consistently across the dashboard and every exported report, so the numbers always agree.
- NewInjection, cross-site scripting, and SSRF findings now roll up into your NIST CSF, CIS, and PCI DSS control posture.
- ImprovedOne shared control catalog means a finding is never dropped or shown under a different control depending on where you look.
Spoiled Milk
v1.4Scan on a schedule, and patch what is actually being exploited first.
- NewRecurring scheduled scans so your posture never goes stale between releases.
- ImprovedDependency vulnerabilities are ranked by real-world exploitation (KEV and EPSS), so you fix what matters this week instead of drowning in CVSS scores.
- ImprovedTrend reports chart your security score over time so you can see the line moving the right way.
Lazy Sunday
v1.3Mobile app scanning and more affordable plans.
- NewScan mobile apps directly: upload an Android APK or iOS IPA and get the same prioritised findings as a web target.
- ImprovedRefreshed pricing so the plans are easier to start on.
- FixedA range of polish across reports and the findings view for a cleaner read.
Disco Hamster
v1.2Compliance mapping arrives, plus signed, shareable reports.
- NewCompliance mapping: every finding is tied to the OWASP, ISO 27001 Annex A, and SOC 2 controls it touches.
- NewSigned, verifiable PDF reports you can share with customers and auditors.