Release Date: November 13, 2025

Release 2025.11.1 delivers GitHub App authentication, CVSS-based vulnerability assessment, and CodeSensor performance improvements.

GitHub Enterprise Cloud Integration

GitHub Enterprise Cloud integration now includes GitHub App authentication and clearer VCS type naming.

GitHub App authentication provides organization-level credentials with automatic token refresh, fine-grained permissions, and audit trails. This replaces user-level personal access tokens for customers requiring app-based authentication and eliminates manual token rotation. Installation requires organization admin permissions. Existing personal access token integrations continue working. Migrating from personal access tokens to GitHub App requires re-authorization.

VCS type naming now distinguishes "GitHub Enterprise Server" from "GitHub & GitHub Enterprise Cloud" for clearer configuration during integration setup.

CVSS Score Display

The Vulnerability Assessment tab now displays CVSS base scores for CVE-identified vulnerabilities. CVSS scores appear alongside Critical/High/Medium/Low severity classifications. Filter vulnerabilities by CVSS score range to prioritize remediation using industry-standard metrics.

CVSS scores are available for technology vulnerabilities only. Model vulnerabilities continue showing unified severity classifications.

CodeSensor Performance Improvements

CodeSensor scans complete 40% faster for large JavaScript and TypeScript repositories. A new rules engine removes already-classified code before LLM processing, reducing analysis time and costs. Components requiring LLM analysis carry "LLM-processed" tags in BOM views.

Improved error handling prevents syntax errors from blocking entire scans. These changes particularly benefit repositories with 10,000+ files.

Compliance Framework Updates

Framework PDF exports include an executive summary page showing section scores without detailed questions and answers. The summary appears first in the PDF, followed by complete framework details.

Document Library supports uploading files with duplicate names. The system automatically versions duplicate uploads and retains the ten most recent versions of each document.

Bug Fixes

Critical fixes restore core platform functionality. Resolved issues include package dependency conflicts preventing service builds, User Manager API failures blocking user administration, JavaScript scan timeouts for large projects, and database connection exhaustion causing service crashes.

Additional fixes address GitHub authentication edge cases, BOM status transitions, vulnerability report generation for multi-model systems, concurrent scan processing, and UI performance with large datasets.