Guides
API Reference
Start typing to search…

Release Notes 5.2 (2503)

September 2025

Summary

Release 5.2 (2503) introduces a new product called AppSecOps and brings major enhancements across FinOps, Assessments, SecOps, Platform, and Reporting modules and improvements to AI Agents. This version deepens support for dimension-based budgeting and RBAC, introduces advanced cost metrics and optimization logic, and expands reporting capabilities. Key highlights include enhanced dashboards, dynamic tagging governance, and ontology-based assessment agents - empowering customers with greater control, visibility, and automation.

FinOps

Dimensions – Budget Support

Introduces dimension-based budgeting, allowing users to define budgets scoped to business entities like departments or projects.

  • Dimensions – Budget Management
    Enables users to create and manage budgets tied to specific dimension groups such as specific departments, projects, or business units. This allows for more granular financial planning and accountability.
  • Dimensions – Budget Listing
    A dedicated Budget Listing page now shows all Dimension-scoped budgets in one place. You can easily filter, sort, and track budgets by business context—delivering the same familiar listing experience, tailored for Dimensions.
  • Dimensions – View A Budget
    The View Budget page now displays dimension-specific information across all tabs, helping you understand, monitor, and troubleshoot budgets in their full business context.

Dimensions – Billing Inventory

Enhances billing inventory with dimension-aware grouping and access control.

  • Billing Inventory Summary – Group By
    Group and filter costs by Dimensions like Department or Project, reducing tag reliance and adding business context at resource level costs.
  • Billing Inventory – Dimensions RBAC (Global)
    Enforces role-based access control at the dimension level across global billing inventory views. This ensures users only see data relevant to their assigned dimensions.

Dimensions – Dashboard Enhancements

Improves dashboard usability and access control for dimension-based analytics.

  • Dimensions – Improved Backend RBAC Control
    RBAC is now enforced at the dimension level, ensuring users only see data they are authorized to access. A tenant-level flag provides flexibility, making this especially valuable for MSPs and large enterprises managing multiple tenants and teams.

Support for Additional Cost Metrics

Adds new metrics such as Indirect Partner Margin to provide more accurate financial insights.

  • PARTNER Margin Value and Partner Profit Margin (for Indirect Partners)
    Calculates indirect partner profitability using platform-derived buy/sell prices. This helps partners who buy from distributors to understand their margins and optimize pricing strategies.

BillOps – Billing Plans

Adds support for flexible pricing and allocation logic.

  • Support for specific destination contracted cost
    Admins can define where billing plan results are written—Customer, Partner, or Dimension Contracted Cost. This lets partners track buy/sell prices, indirect partners calculate buy costs from distributors, and enterprises manage shared or complex allocations.
  • Charge Description Support
    Add filters for charge descriptions in pricing and allocation rules. Apply markups, discounts, or margins; exclude indirect charges; and allocate credits, discounts, or other charges—manually or automatically—across thousands of line items for accurate, automated billing at scale.
  • Billing Plans – Usage Charge Allocation
    Allocate usage charges—whether direct (resource-Id) or unassigned (without resourceId) —across tenants, accounts, or Dimension group cost centers. Apply fixed %, equal, or proportional methods to ensure fair distribution of shared or untagged consumption.
  • Billing Plans – Indirect Charge Allocation
    Distribute non-usage charges like credits, refunds, enterprise support, taxes, or marketplace fees. Use flexible allocation methods to ensure these indirect costs are accurately attributed across partners, customers, or dimension groups.
  • Billing Plans – Custom Charge Allocation
    Admins can add custom charges—fixed amounts or % of spend—into billing plans. These can appear as new “custom charge” line-items or as part of an existing category, rolling into Partner, Customer, or Dimension contracted-cost metrics for precise allocations. [Note: Tiered allocation method coming in next release]

BillOps – Cost Center Support

Virtual service accounts to allocate and track costs for distributors, partners, customers, and org units beyond cloud accounts.

  • CoreStack Cost Centers
    Introducing CoreStack Cost-Centers. These act as virtual service accounts to hold costs for distributors, partners, customers, or org units. They enable allocations beyond cloud accounts—supporting complex multi-tier use cases. Cost-Centres are auto-created, visible in all reports, and support allocations, RBAC, and margin analysis.
  • BillOps – Cost-Centre Support in Filters
    The Cloud Accounts filter is now renamed to Accounts and expanded to include Cost-centers, ensuring virtual service accounts appear consistently across reports and dashboards.

Dashboard & Filter – Enhancements

  • Edit Dashboard Filter Scope
    Dashboards now support editing filter scope after creation. Users can update filter values and visibility, while type and cloud mode remain fixed. Saved views with impacted filters prompt a review to ensure accuracy.
  • Widget Enhancement - Measure by Dimension
    Enhanced support for CoreStack Dimensions in the “Measure by Dimension” widget. Users can select Dimension attributes for the x-axis, optionally group by another Dimension, and view costs/usage/rates aligned to business units, services, or teams.
  • Widget Enhancement – Variation by Dimension
    The Variation by Dimension widget now supports CoreStack Dimensions. Users can track cost, usage, or rate changes across dimensions (e.g., Team, Application, Department) and group by another field. This helps identify business units driving increases or reductions in spend.
  • Cost Trend Widget Enhancement - Top Tag Keys Drill-Down
    The Trend widget’s Top Tag Keys mode now supports multi-level drill-down. Users can start with key tags (e.g., Application) and drill into tag values, then further into tenant, provider, account, region, service, and resources—enabling full traceability of spend.
  • Cost Trend Widget Enhancement - TagStatus Drill-Down
    Trend and summary widgets now support drill-down on Tag Status. Users can analyze Tagged and Untagged costs by tenants, accounts, providers, regions, services, and resource categories, down to top resources—improving tagging governance and cost attribution.
  • New filter - Service Category (FOCUS-Compliant)
    A new filter and grouping option for Service Category enables standardized reporting across Compute, Storage, Network, Database, etc., aligned with FinOps FOCUS for benchmarking and cost segmentation.
  • New Filter - Service Type
    Introduces a filter chip for Service Type (IaaS, PaaS, SaaS), mapped from service metadata. Supports analysis of workload mix (e.g., adoption of PaaS vs. IaaS) and identifying SaaS-heavy consumption.
  • Visual Subscribe Enhancements
    • Widget-level filter toggle to include/exclude filters in PDFs
    • Support for CSV export when subscribing to tables
    • Table PDF exports limited to Top 5/10 rows
    • Option to preview as PDF during subscription setup
    • One page per widget option (where applicable)
    • New limits on widget names (50 characters)

SecOps

AWS Inspector V2

Adds support of Inspector V2 integration to pull AWS vulnerabilities CoreStack platform. We continue to support Inspector classic.

AppSecOps

App Onboarding

This feature allows the user to establish the Organizational hierarchy in AppSecOps using a form-based UI. Currently the system supports a 3-level hierarchy (Portfolio, Application and Project).

Capture SBOM and Map Cloud Resource

  • Upload SBOM
    This feature allows the users to upload the Software Bill of Materials (SBOM) using a form-based UI and provides the user with statistics related to the SBOM uploaded. System also maintains history of the SBOM’s uploaded.
  • Map Cloud Resources
    Users can manually map SBOM (project) to the cloud resource it is deployed on. However, Kubernetes-orchestrated containers are automatically mapped to the pod in the cluster where they run.

AppSecOps Dashboards

  • Risk-prioritized Actionable Supply Chain Issues
    A tabular view of the top 10 supply chain issues, ranked by the Graphion Risk Score. The table dynamically updates based on the selected organizational hierarchy filter.
  • Vulnerability Graph
    A force-directed graph that visualizes the interconnected nature of the organizational hierarchy, software components with associated risks (SBOM lineage), and infrastructure components with related risks (IBOM lineage).
  • Vulnerability by Product
    A heatmap showing the concentration of software components (by count) and highlighting the vulnerabilities associated with each component.
  • Vulnerability by Severity & KEV
    A Sankey chart illustrating how vulnerabilities break down by severity and Known Exploited Vulnerabilities (KEV), and how these categories are related.
  • Open Vulnerabilities by Severity
    A trend chart tracking open vulnerabilities by severity across previous builds.
  • Vulnerabilities over build
    A chart displaying the counts of new vulnerabilities, the software components they affect, and any resolved vulnerabilities across builds.

Assessments

AWS WAF Framework Version Update (Nov 2024)

Updates the AWS WAF assessment framework to align with the latest version released in November 2024. This ensures policy mappings and evaluation criteria reflect current AWS best practices.

Async report generation

The feature helps users to view the generated reports in “Generated Reports” section. This address report generation wait times, now user need not wait till the report gets generated for them to view or download.

Policies

Remediation support improvement for 12 AWS and 17 Azure Policies

This remediation coverage improves remediation coverage for AWS and Azure well Architected Frameworks.

Six New GCP policies developed

  • Disable Service Account Key Upload
  • Disable Preemptibility for VM Instances
  • GCP Guest Attributes Access Enabled
  • GCP VPC Peering Policy
  • Restrict Authorized Networks on Cloud SQL instances
  • SQL High Availability Enabled

Platform

Graphion Bundles

AppSecOps is available as part of Graphion and Graphion+ bundles.

  • Graphion includes AppSecOps and SecOps.
  • Graphion+ includes Governance+ and AppSecOps.

AppSecOps Agent V1

Introducing AI agent for AppSecOps. This agent has knowledge to answer any questions related to Supply Chain Vulnerabilities based on the onboarded application information.

Assessment Agent Enhancements V2

Upgraded Assessment AI Agent with improved user experience and updated with additional agentic feeds.

SNOW – Change Management Support

Adds integration support for ServiceNow Change Management workflows. This enables users to link platform actions and events with SNOW change tickets for improved traceability and compliance.

Tag Governance Enhancements

  • Tagging Governance – Resource Coverage Percentage Should Reflect Dynamically
    Updates the resource coverage metric to reflect changes dynamically as tagging improves or degrades. This provides real-time visibility into tagging completeness.
  • Tag Governance – Support for Baseline JSON download
    Adds the ability to download tag baseline configurations in JSON format. This supports versioning, audit, and external analysis.
  • Tag Governance – Allow Multi Cloud Selection in Tag Baseline (Add Existing Tags)
    Enables users to select multiple cloud providers when defining tag baselines. This simplifies governance across hybrid and multi-cloud environments.

AWS Government Cloud Onboarding – FinOps support

  • The AWS Government cloud covers FinOps support and provides dashboards, insights, and automation.
  • The onboarding steps align with strategic and regulatory standards, and ensure cost efficiency, security, and operational control.

Reports

New Reports

  • Next Gen Reports – Azure Detailed Daily Report
    Adds daily granularity to Azure cost reporting. This allows users to track cost trends and anomalies with greater precision.
  • Next Gen Reports – Multi Cloud Weekly Cost Comparison
    Introduces weekly cost tracking across multiple cloud accounts. Includes variance analysis to help users identify cost spikes and savings opportunities.

Report Enhancements

  • Azure Patch Management Report Enhancement
    Adds support for dynamic data collection and scheduling based on patch activity logs. This improves visibility into patch compliance and timing.
  • Next Gen Reports – Subscribe CSV Format
    You can now export reports as CSV (along with PDF) and schedule CSV exports to your inbox. Large files trigger an email with a secure download link.
  • FinOps - Consolidated Charges Report – Enhancements
    Enhances the consolidated FinOps report with layout improvements. This helps users understand cost attribution across dimensions and time periods.
    • Added mandatory fields: Rates, Quantity, Unit of Measure
    • New EA & CSP structure with hierarchy-based grouping (also supports GCP & AWS)
    • Included Charge Description in reports
    • Multi-tenant consolidated reporting support
    • Extended fields (Instance Type, Commitment Discount ID) to reports
    • Dimension-based reporting (e.g., department, project, region)
    • Automatic support for new margin metrics.
    • Service Category & Type filtering enabled (via API)
    • CSV export added for consolidated charges (resolves PDF export limits)
    • FinOps reports: daily granularity (max 30 days)
    • GroupBy Resource ID & Name: supported for 30 days

Bug Fixes

Known Issues

The APIs below are not working as expected. We will try to fix it before the next release:

  • Known issue: When a user switches from one tenant to another and clicks on the View/Edit SBOM option, then no data is presented in the version history.

BillOps - Charge Allocation Rules

  • When using Proportional to Spend or Proportional to Service Category allocation methods, a minor cost discrepancy (approximately 2% to 3%) may occur between source and target totals. A fix is in development, and a backfill will reconcile impacted allocations once released.

BillOps - Pricing Rules

  • In some cases, when historical data is backfilled for existing pricing rules, automatic reprocessing may not trigger. As a temporary workaround, update the plan or rule description to increment its version—this will initiate reprocessing.

Decommissioned Items

NA

External APIs

Updated 9 days ago