> ## Documentation Index
> Fetch the complete documentation index at: https://hacktronai-changelog-e1a164be.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Changelog

> New features, improvements, and fixes to the Hacktron platform.

<Update label="July 2, 2026" tags={["Whitebox","Code Review","Integrations"]}>
  ## Choose your scan model and control which PRs get scanned

  **Model tier selection**: When you run a cost estimation, you can now choose between Default and Legacy AI models before the scan starts. Default uses the current generation; Legacy gives you the previous generation if you need it for reproducibility or cost reasons.

  **Per-scan AI triage**: Large scans now include AI-assisted finding triage automatically, while smaller scans let you opt in at the checkout step. The triage fee is applied to your credit balance alongside the scan cost, so you see the full charge before confirming.

  **Mark Resolved from Slack**: The finding overflow menu in Slack now includes a "Mark Resolved" action alongside Mark Valid, Mark False Positive, and Mark Accepted Risk. You can also type `!fixed` or `!resolved` as a thread reply to resolve a finding without leaving Slack.

  **Author and label filters in repo config**: `.hacktron/config.yaml` now supports `skip.authors`, `include.authors`, and `include.labels` fields. Use them to skip bot PRs by author, restrict scanning to PRs from specific contributors, or trigger scans only when a particular label is applied.

  **[Start a Whitebox scan →](/white-box-pentest/quickstart)** · **[Connect Slack →](/platform/communication-apps/slack)** · **[Configure repo scanning →](/code-review/config)**
</Update>

<Update label="June 23, 2026" tags={["Context","Code Review","Whitebox","Integrations","MCP"]}>
  ## A new Context page for your repositories, applications, and threat models

  **Context page**: A dedicated Context page now gathers what Hacktron knows about your code, split across Repositories and Applications tabs. Cards are sorted by most recent threat-model update and show a badge for each model's status; clicking one opens its threat model.

  **Applications**: Group related repositories into an application, and Hacktron synthesizes an application-level threat model by merging the threat models of its member repos. You can scan an application as a single target so findings are grounded in the combined model, and any context documents you upload to the application are folded into it.

  **Threat models**: Repository and application threat models now open in an inline reading view with a file tree and outline, and you can edit them with your changes preserved across regenerations.

  **Redacted findings on public PRs**: For public repositories, the PR review comment no longer includes full titles, descriptions, proof-of-concept code, or file locations for findings outside the changed lines. You see a count and a link back to Hacktron, so sensitive details stay out of the public thread. Private and internal repos are unchanged, and inline comments on the diff itself are unaffected.

  **Org-level fail-on severity default**: Organization admins can now set a default severity threshold for PR/MR checks in settings. Individual repo configs still take precedence when set.

  **Enterprise SSO sign-in**: A dedicated single sign-on page and a "Single sign-on (SSO)" button on the login screen let users authenticate via your organization's SAML or OIDC identity provider. Invite tokens survive the IdP round-trip, so onboarding links still work.

  **Duplicate marking in the MCP tool**: The `update_finding` MCP tool now accepts a `duplicate_of` field so you can mark or unmark duplicates programmatically.

  **[Explore the Context page →](/platform/context/overview)** · **[Group repositories into an application →](/platform/context/applications)** · **[Learn how threat models work →](/platform/context/threat-models)** · **[Set a fail-on severity threshold →](/code-review/config#fail-the-check-on-findings)** · **[Read the API reference →](/api-reference/findings/update-finding)**
</Update>

<Update label="June 18, 2026" tags={["Code Review","Whitebox","Billing"]}>
  ## Dismiss a finding and your PR check clears instantly

  **PR and MR checks update on triage**: When you mark a finding as a false positive or accepted risk, the GitHub check or GitLab commit status flips back to passing right away, with no manual re-run needed. If you later reopen the finding, the check fails again to match.

  **Close findings as duplicates**: You can now mark a finding as a duplicate of another finding in the same repository, and unmark it if needed. A duplicated finding inherits its canonical finding's severity when the PR gate counts blocking issues.

  **Scan volume chart**: The dashboard's scan volume widget now shows a stacked bar chart instead of a line graph, with a tooltip on each bar showing the Code Review and Whitebox scan counts for that day.

  **Upload scans named after the archive**: When you start a Whitebox scan from an uploaded archive, the scan now takes the archive's filename as its name instead of a generic label.

  **Legal agreement before trial or billing**: You now review and accept the terms of service before starting a free trial or adding a payment method.

  **[Set up GitHub or GitLab →](/code-review/integrations/github-gitlab)**
</Update>

<Update label="June 15, 2026" tags={["Code Review","Billing","MCP"]}>
  ## Control your scans and account security like never before

  **Multi-factor authentication controls**: Secure your account with MFA requirements and additional verification steps. Admins can enforce MFA across their organization.

  **API access through MCP protocol**: Connect external tools and scripts to Hacktron's finding-triage toolset through a new remote MCP server endpoint with OAuth and API key authentication.

  **Skip scans with repository configuration**: Use `.hacktron/config.yaml` to skip pull request scans based on file patterns, keywords in titles, or labels.

  **[Secure your account with MFA →](/platform/account-settings)** · **[See MCP integration →](/mcp/get-started)** · **[Configure repository scanning →](/code-review/config)**
</Update>

<Update label="June 11, 2026" tags={["Integrations", "Code Review"]}>
  ## GitLab now works just like GitHub

  **Automatic merge-request scanning**: Connect a GitLab project and
  merge-request scans turn on by themselves, exactly as they do for GitHub. Turn
  them off per project whenever you want.

  **GitLab in signup and trials**: Connect GitLab during signup or a trial and
  it follows the same guided setup as GitHub, start to finish.

  **[Set up GitLab →](/platform/repositories/gitlab)**
</Update>

<Update label="June 10, 2026" tags={["Code Review", "Billing", "Integrations"]}>
  ## Go from a Slack alert to a fix in one click

  **Fix with AI in Slack**: Finding alerts in Slack now carry a "Fix with AI"
  button that deep-links the issue straight into Cursor or Claude. See the
  alert, open your editor, fix it.

  **No-card free trials**: Start a free trial without a credit card. You enter
  payment details only when you decide to subscribe.

  **Findings close themselves on abandoned PRs**: Close a pull or merge request
  without merging and its findings move to a new "Closed" state. Reopen the PR
  and they come back, and anything you already triaged stays put.

  **Up-front unsupported-language notices**: Cost estimation now tells you when a
  repository is mostly in a language Hacktron cannot scan yet, instead of failing
  with no explanation.

  **Clearer GitLab connection setup**: The Connect GitLab dialog walks you
  through GitLab's group Service Accounts step by step and adds a GitLab.com /
  Self-hosted toggle that matches the GitHub Enterprise setup.

  **[Connect Slack →](/platform/communication-apps/slack)** · **[Start a free trial →](/code-review/billing)**
</Update>

<Update label="June 7, 2026" tags={["Self-Hosting", "Integrations", "Code Review", "Whitebox"]}>
  ## Scan self-hosted GitHub Enterprise Server

  **GitHub Enterprise Server**: Point Hacktron at self-hosted GitHub Enterprise
  Server for white-box scans and PR reviews, and run several Enterprise hosts
  next to github.com at the same time.

  **GitLab MR feedback matches GitHub**: Merge-request comments now carry
  severity badges, collapsible proof-of-concept, trace diagrams, and a "Fix with
  AI" block. Trigger a review with `@hacktronai review`, and triage shows up the
  same across the web app, Slack, and the MR thread.

  **Scan an exact tag or commit**: Target a specific tag or commit when you pick
  a repository for a Whitebox scan, not just a branch.

  **Richer Jira ticketing**: Search large Jira projects and assignee lists while
  filing a ticket, and issues you create from a finding link back to it.

  **[Set up GitHub Enterprise Server →](/platform/repositories/github-enterprise-server)** · **[See how reviews work →](/code-review/integrations/github-gitlab)** · **[Set up Jira →](/platform/project-management/jira)**
</Update>

<Update label="June 4, 2026" tags={["Code Review"]}>
  ## PR comments that fix the bug for you

  **Sharper GitHub PR comments**: Pull-request comments now use crisp severity
  badges instead of emoji, with a "Fix with AI" prompt that reproduces the
  issue, fixes the root cause, and adds a regression test.

  **[See how PR reviews work →](/code-review/integrations/github-gitlab)**
</Update>

<Update label="June 3, 2026" tags={["Billing", "Code Review", "Integrations"]}>
  ## Share Code Review limits across your whole org

  **Org-pooled limits, annual seats, and a Usage page**: Code Review limits are
  now pooled across your whole organization instead of capped per seat, you can
  buy developer seats on an annual prepaid plan, and a new owner-only Usage page
  shows usage and any overage for the period.

  **Redesigned sidebar navigation**: Cleaner, collapsible sections that remember
  what you left open, with account actions moved into the sidebar header.

  **On-demand PR reviews**: Comment `@hacktron review` on a pull request to
  review it on the spot, even on drafts or external-contributor PRs.

  **Request GitHub access without being an admin**: If you do not own the GitHub
  organization, clicking Connect sends an installation request to your admin and
  marks it pending. The integration appears the moment they approve.

  **Smoother Jira setup**: A cleaner Jira configuration and per-ticket dialog,
  with sensible defaults already on for new installs.

  **Slack Connect onboarding**: Sign up with a work email and set up
  notifications right away through a Slack Connect step.

  **[See billing and plans →](/code-review/billing)** · **[Set up Code Review →](/code-review/setup)**
</Update>

<Update label="June 1, 2026" tags={["Whitebox", "Code Review"]}>
  ## Findings open straight into the taint trace

  **Redesigned vulnerability views**: The taint-trace and call-graph views are
  rebuilt, opening right into the trace with smooth collapse animations, and the
  full-page finding view now has the same actions as the sidebar.

  **"Whitebox" everywhere**: Scans we used to call "Pentest" are now "Whitebox",
  with "Whitebox Scans" and "PR Reviews" split apart so it is obvious which is a
  full code scan and which is a pull-request review.

  **Finding history**: Every finding now shows a timeline of how it changed from
  one scan to the next.

  **[Explore Whitebox scans →](/white-box-pentest/overview)**
</Update>

<Update label="May 26, 2026" tags={["Code Review"]}>
  ## No more repeated comments for the same bug

  **Cross-finding duplicate detection**: Hacktron now spots when a new finding
  repeats one it already reported and links the two, so PR comments point back to
  the original instead of saying the same thing twice.
</Update>

<Update label="May 19, 2026" tags={["Dashboard", "Code Review", "Integrations"]}>
  ## A rebuilt dashboard, split by the work you do

  **New dashboard**: Separate Overview, PR Review, and Whitebox Scan tabs, so
  each kind of work shows the metrics that actually matter for it.

  **Taint-trace timeline and call graph**: Vulnerabilities now show a
  step-by-step taint-trace timeline and an interactive call graph, with source,
  propagation, and sink marked, so you can follow exactly how an issue moves
  through your code.

  **Richer Linear integration**: Pick a default Linear project, back-fill tickets
  for existing findings, map finding severity to Linear priority, and mirror
  Linear status changes back onto the linked finding.

  **[Set up Linear →](/platform/project-management/linear)**
</Update>

<Update label="May 16, 2026" tags={["Billing"]}>
  ## Keep reviewing past your limit instead of getting blocked

  **Owner-controlled spillover billing**: Organization owners can switch on
  spillover billing so PR reviews keep running past your included limit, billed
  as overage instead of stopping cold.

  **[See usage and spillover billing →](/code-review/spillover-usage)**
</Update>

<Update label="May 15, 2026" tags={["Whitebox"]}>
  ## Share a live view of any scan

  **Public scan activity page**: Shared scans now have a public activity page
  with the scan's events, timeline, and the agents that worked on it.
</Update>

<Update label="May 13, 2026" tags={["Billing", "Integrations"]}>
  ## 50 PR reviews a seat, then \$1 each instead of a wall

  **PR review limits with overage**: Every developer seat now includes 50 PR
  reviews per billing period, and any extra reviews bill at \$1 each so they keep
  running instead of stopping.

  **Resubscribe in one click**: Canceled organizations now get a Resubscribe
  button to pick their old plan back up.

  **Custom trial duration**: Trials can run for a length you choose, with a clear
  prompt when you reach their limits.

  **Slack invite flow**: Invite teammates to your Hacktron organization straight
  from Slack.

  **[See usage and spillover billing →](/code-review/spillover-usage)** · **[Invite your team on Slack →](/platform/communication-apps/slack)**
</Update>

<Update label="May 4, 2026" tags={["Code Review"]}>
  ## Stop a scan mid-run

  **Cancel a running scan**: Stop a scan that is already in progress right from
  the scan view, no waiting for it to finish.

  **Guided setup checklist**: A getting-started checklist walks you through
  connecting your repositories and turning on Code Review, so new teams reach
  their first scan faster.

  **[Set up Code Review →](/code-review/setup)**
</Update>

<Update label="April 23, 2026" tags={["Code Review"]}>
  ## A home for your Code Review findings

  **Code Review page**: A dedicated page with scan-scoped findings, and PR
  comments that link straight back to the finding in Hacktron.

  **Syntax-highlighted code**: Affected code in the finding view is now
  syntax-highlighted, so vulnerable snippets are far easier to read.

  **[Explore Code Review →](/code-review/overview)**
</Update>

<Update label="April 20, 2026" tags={["API", "Integrations", "Billing"]}>
  ## Drive Hacktron from your own scripts

  **Public REST API**: Reach your scans, findings, and repositories
  programmatically with API keys, backed by interactive API docs.

  **Slack link unfurling**: Finding and scan links now unfurl in Slack with live
  status, severity, and triage, so your team stays in sync without leaving the
  channel.

  **Linear tickets from findings**: Create a Linear issue straight from a
  finding, with the details filled in for you.

  **Cancel and reactivate yourself**: Cancel or reactivate your subscription
  right from the billing page, no support ticket needed.

  **Redesigned billing page**: A rebuilt billing experience with clearer plans,
  credits, and subscription status.

  **[Read the API reference →](/api-reference/introduction)** · **[Connect Slack →](/platform/communication-apps/slack)** · **[Set up Linear →](/platform/project-management/linear)** · **[Manage your subscription →](/code-review/billing)**
</Update>

<Update label="April 6, 2026" tags={["Whitebox", "Code Review"]}>
  ## See how a vulnerability moves through your code

  **Visual trace diagrams**: Vulnerabilities now include a visual diagram, in
  both the finding view and the PDF report, so you can trace how an issue moves
  through your code at a glance.

  **More flexible pentests**: Start a pentest from a public repository URL or an
  uploaded archive, with the source shown in the cost estimate before you commit.

  **Context documents**: Upload notes about a repository so reviews understand
  your codebase and its conventions.

  **Markdown in findings**: Finding descriptions, dismiss reasons, and comments
  now render full Markdown, with one-click copy of the report.

  **[Start a Whitebox scan →](/white-box-pentest/quickstart)**
</Update>

<Update label="March 23, 2026" tags={["Code Review"]}>
  ## Triage findings without leaving the browser

  **Triage from the web**: Dismiss findings with a reason and leave feedback in
  an activity thread, right in the app.

  **[Read the triage guide →](/code-review/findings-feedback)**
</Update>

<Update label="March 18, 2026" tags={["Whitebox", "Billing"]}>
  ## Watch findings arrive as a scan runs

  **Live scan progress**: Scans now stream their progress in real time, so you
  watch findings show up as they are discovered instead of waiting for the end.

  **Cost estimation before you scan**: See an estimated cost before you start a
  scan or pentest.

  **Downloadable reports**: Generate a PDF report of your findings straight from
  the browser.
</Update>

<Update label="March 1, 2026" tags={["Billing", "Whitebox"]}>
  ## Pay for pentests with credits

  **Pentest credits**: Buy pentest credits and spend them on pentests when you
  are ready.

  **Public scan disclosure**: Share a scan and its findings through public,
  read-only pages.

  **[See pentest credits →](/white-box-pentest/billing)**
</Update>

<Update label="February 18, 2026" tags={["Billing"]}>
  ## Simple per-seat billing for your org

  **Organization seat billing**: New Sec Seat and Dev Seat plans with
  straightforward per-seat pricing.

  **[See billing and plans →](/code-review/billing)**
</Update>
