Scrut innovations: September 2025 snapshot

In September, we’re excited to bring you Scrut’s Dynamic Application Security Testing (DAST), adding continuous runtime security to your compliance workflows. We’ve also made it easier to manage risks in bulk, prepare for upcoming AI regulations, and strengthen coverage across your tech stack, from Jira-based automations to Azure DevOps integrations.

Here’s what’s new this month:

• Scrut DAST: Continuous runtime security, unified with compliance
• Bulk actions for risks: Edit, close, or delete multiple risks in just a few clicks
  
• Scrut Monitor for Jira: Auto-fetch Jira tickets as compliance evidence
  
• Frameworks coverage: EU AI Act (new), Saudi Arabia PDPL (updated)
  
• Upgraded integration: Microsoft Entra ID OAuth for Azure DevOps
  

Let’s dive in.

Bring continuous runtime security into compliance with Scrut DAST

Pen-tests are great for satisfying audit checkboxes, but they only offer a snapshot. In fast-moving DevOps environments, relying on manual, point-in-time penetration tests leaves applications with months of exploitable blind spots. What gets tested today might be outdated by the next release.

Traditional DAST scanners do exist, but they come with their own challenges. They often surface long lists of findings with little context, flood teams with false positives, and lack prioritization, making it hard to focus on what actually matters.

The bigger problem? Security and compliance end up in silos. Without shared visibility, real risks go unnoticed, remediation slows down, and audit readiness turns into a scramble instead of a steady state.

Scrut DAST helps you overcome these. It complements your pen tests with continuous runtime scanning.

What sets Scrut DAST apart

Continuous, automated runtime testing

Applications change, including code pushes, dependencies, and features, evolve. Scrut DAST keeps pace with these changes by running automated, safe, quick scans in production or deep, authenticated scans for complex, business‑critical flows.

Curated, high-confidence finding

Unlike traditional scanners that produce noisy findings, Scrut DAST filters out false positives, groups findings by relevance, and ranks them by business impact. You’ll get actionable issues, not noise. You can also get support from experts to further validate findings or get more context.

Security + compliance in one place

Security findings don’t live in isolation. Scrut DAST unifies application and business risks in one place so nothing slips through the cracks. Also, continuous vulnerability management automatically becomes compliance evidence.

Take bulk actions on risks in just a few clicks

Risk management gets messy fast when you have to update or close risks one by one. Whether you’re reassigning owners, updating categories, or cleaning up resolved risks, repetitive manual edits slow teams down and introduce inconsistency.

With the new Bulk Actions feature in Scrut’s Risk Management module, you can now update, close, or delete multiple risks at once, right from your Risk Register.

Here’s what you can do:

• Bulk editing of fields: Update assignee, department, category, or custom fields across selected risks. Leave fields blank to keep existing values.
  
• One-click actions: Move multiple risks to Monitoring, Closed, or Reset states instantly or delete outdated ones after providing a reason for better traceability.
• Role-based access: Risk Management Contributors and Admins can perform all bulk actions, while Auditors have view-only access to maintain data integrity.

This capability — rare in most entry-level risk management tools — helps scaling teams manage risk data faster and more accurately without losing control or oversight.

Want to try it out? Head to the Risk Management module in the Scrut platform, select multiple risks, and explore the Bulk Actions menu.

Automate Jira-based workflows with Scrut Monitor for Jira

Compliance teams that rely on Jira no longer need to manually export issues or create screenshots for audits.

With our latest release, Scrut Monitor now integrates directly with Jira to automate the collection of compliance evidence, eliminating the need for manual exports and messy screenshots.

Here’s how it works:

• Run custom JQL queries on Jira at a chosen cadence (daily, weekly, or monthly)
• Automatically generate timestamped CSV/PDF evidence files
• Attach these files as automated evidence directly to Scrut evidence tasks

Does your team live in Jira but spends hours pulling audit evidence from it? Connect Jira to Scrut and let evidence capture run on autopilot. Book a demo to see how Scrut can help you cut up to 70% of your manual audit-prep tasks.

New and updated Frameworks

EU AI Act (new framework)

Scrut now supports the EU AI Act, the world’s first comprehensive regulatory framework for artificial intelligence that is designed to ensure safe, transparent, and trustworthy AI systems.

• Risk-tier mapping to identify applicable requirements
  
• Controls for documentation, oversight, and conformity assessments
  
• Support for GPAI transparency and accountability
  
• Built-in tracking and reporting for audit readiness

Saudi Arabia PDPL (updated mapping)

We’ve fully updated the PDPL mapping with verified control alignments, clearer mappings, and streamlined evidence, removing irrelevant or incomplete items for improved accuracy.

Explore the Scrut Frameworks Library to see the 60+ out-of-the-box frameworks that Scrut supports, or connect with us to set up a customized framework.

New and updated integrations

Microsoft Entra ID OAuth for Azure DevOps: Our Azure DevOps integration now uses Microsoft Entra ID OAuth for improved security, SSO support, and long-term reliability. A one-time reconnection is required to continue using the integration.

Visit the integrations library or get in touch with your Customer Success Manager to add a new integration.

Curious how Scrut works? 

Take our 3-minute interactive product tour (no signup needed!) to see how Scrut can help you simplify evidence collection and daily compliance.