CodeWallDocs

Changelog

Recent changes and updates to the CodeWall platform.

Notable changes, new features, and improvements to the CodeWall platform.

April 2026

New features

  • MCP server testing — test Model Context Protocol servers for tool injection, enumeration, and access control vulnerabilities
  • LLM application testing — test LLM-powered apps for prompt injection, system prompt extraction, and data exfiltration
  • Phase-level approval gates — require manual approval before each test phase proceeds, with configurable timeout and rejection actions
  • Command-level approval — granular control over individual commands during exploitation, with always-blocked and approval-required tiers
  • Asset confidence scoring — auto-computed 0.0–1.0 confidence scores for discovered assets, with manual override
  • Axonius integration — import assets from Axonius device inventory
  • Multi-seed targets — provide up to 10 seed domains, URLs, or IPs per test for broader reconnaissance
  • Finding import — import findings from Nessus and Qualys XML scan exports
  • Reachability check API — verify target accessibility before launching tests
  • SARIF export — export reports in SARIF format for CI/CD and IDE integration
  • Security and Developer report templates — two new report templates tailored for security teams and developers
  • Custom dashboard views — create personalised dashboard layouts with 16 available widget types
  • AI chat — conversational AI interface for findings, reports, and test runs
  • Webhook endpoint management API — full CRUD for outgoing webhook endpoints with Slack and Teams support
  • Test objectives — set a high-level objective to steer the agent's focus across all phases

Improvements

  • MFA setup with TOTP and 8 recovery codes
  • Validate phase added to test workflow (between analysis and exploit)
  • Asset detail view now shows notes, HTTP status, service versions, and technologies
  • Report generation now supports AI-generated narratives toggle

March 2026

New features

  • SSO support — OIDC and SAML single sign-on with per-organization configuration and JIT user provisioning
  • Webhook integrations — receive real-time notifications for test events and new findings
  • Scheduled tests — configure recurring penetration tests on daily, weekly, or custom schedules
  • PDF report export — download formatted reports for stakeholders and compliance

Improvements

  • Improved agent reconnaissance for single-page applications (SPAs)
  • Faster exploit validation with parallel proof-of-concept execution
  • Enhanced scope enforcement with glob pattern support

February 2026

New features

  • Jira integration — automatically create tickets for new findings with two-way status sync
  • Slack notifications — configurable alerts for test completions and critical findings
  • Multi-user teams — invite team members with role-based access control

Improvements

  • Improved SQL injection detection accuracy
  • Reduced false positives for informational findings
  • Better handling of JavaScript-heavy applications during reconnaissance

January 2026

Launch

  • Initial platform release
  • Web application and API penetration testing
  • Automated finding classification with CVSS scoring and CWE mapping

Rate Limits

API request limits and throttling behaviour.

On this page

April 2026New featuresImprovementsMarch 2026New featuresImprovementsFebruary 2026New featuresImprovementsJanuary 2026Launch