Change History

Please note that old scan results are not updated, unless indicated! New scan results are added every three days and will include the additional details!

2025-09-09

• Fixed a bug that sometimes showed an empty host list
• Suspended sites are now checked weekly instead of daily to reduce load on the system. If they are not reachable for three consecutive checks they will be deleted automatically. Users will be notified by MessageHub about all actions taken.
• Improved Performance: Various optimizations have been made to enhance the overall performance of the system.

2025-09-07

Major Groups System Overhaul:
I have completely modernized the groups functionality with several important improvements:

• Enhanced Group Access: Users can now access and participate in groups they're members of, even without full groups permissions. This allows better collaboration while maintaining security.
• Role-Based Permissions: Implemented proper role-based access control with three levels:
  • Viewer: Read-only access to group content
  • Editor: Can add and remove hosts from groups
  • Manager: Can manage group members and hosts
• Ownership Transfer: Group owners can now transfer ownership to other users with groups permissions. The former owner automatically becomes a manager to preserve their access.
• Privacy Improvements: Replaced the problematic "all users" dropdown with a secure username input field when adding group members.
• MessageHub Notifications: Users now receive notifications for all group activities:
  • When added to a group
  • When removed from a group
  • When their role is changed
  • When they receive group ownership
• Site Visibility Fix: Corrected the separation between personal sites and group sites. Users now see their personal sites in their dashboard and group sites only in the appropriate group contexts.
• UI/UX Improvements: Fixed modal forms, JavaScript timing issues, and permission-based UI elements throughout the groups interface.

These changes make the groups system much more intuitive and secure while enabling better team collaboration. All existing groups and memberships remain intact.

2025-09-06

I have added support for passkeys (WebAuthn) to SIGMA. You can now register a passkey as a second factor for your account. This can be done in your user profile. Once registered you can use the passkey to login to your account.

2025-09-05

The bugswatting continues, but the scans are running again! Apparently my DB tables were missing some indexes which made the scan queue crawl to a halt. I have added the indexes and now everything seems to be running fine again. I will continue to monitor the situation closely. In the meantime, please let me know if you encounter any problems.

I have also added a new feature: You can now request a rescan of a site manually. This will add the site to the scan queue and it will be scanned as soon as possible. You can start a new rescan every 30 minutes. A site can also only be rescanned every 30 minutes. If you try to request a rescan too soon after the last scan, you will be informed about the remaining cooldown time.

I have also added a full fledged API for your sites. You can find the documentation here. Please note that the API is a special feature that needs to be activated for your account. If you want to use the API, please contact support via the contact form.

To conserve resources the retention time for old scans has been set to three months. Scans older than three months will be deleted automatically. If you need scans to be kept for a longer time, please contact support.

Last but not least, some statistics were added to the homepage.

2025-09-04

I am starting to fix the site. I have begun by making it php 8.3 compatible. Unfortunately this introduced some bugs, so please be patient while I am fixing them.

2020-09-15

• New admin tool to synch sites between users. If you want to share the sites you are watching with a colleague you can send a mail to sigma-support or use the contact form.

2020-09-13

• New Feature:
  The site list is now sortable! Simply click on the column titles to select the column to sortby. Switch direction by clicking the same column again. This took longer than I expected. At first I tried to sort the table using several javascript extensions, but none of them worked as I expected. So I finally resorted to do it serverside. In the end I believe that was the correct way as it also enabled me to cut down on the DB calls drastically. We will see if it works out ....
• Fixed search in sortable table (note to self: test all functions before releasing ....)
• Added sort-funtionality to API Sites list

2020-09-11

• New Feature:
  Added options to add or remove a site from a list to the site actions. Now you do not need to edit a list to add or remove sites.
• New Feature:
  New notifications can now be sent to your email once a day. You can select to have only sent notifications generated since your last login or or all new notifications of the last day. The default is to have no mails sent! Messages marked as read will not be sent. You can change your mail settings in your profile.
• Changed the appearance of the user profile to accommodate new options. Passwords are now changed in a new modal and Two Factor Authentication can also be reached from there.
• The invitation options in the user profile will not be shown if invitations have been disabled (makes sense, doesn't it?)

2020-09-08

• Invitation system deactivated
  The site is now at a point where it can process more sites and it has nearly all important features. To make SIGMA easier accessible for more users I have disbaled the invitation system. If I see that too many people register, I can always enable it again.

2020-09-06

• Added information about other projects
• Added a support menu to make the contact form and the FAQ easier and more logical to access
• Cleaned up the last problems after deleting some central scripts (by accident)
• Some cosmetic changes

2020-09-03

• Added a quick link to the details in the notifications
• Some general content polishing
• Changed color of the save-button in the list editor. Caught myself to often returning to the list without saving my changes.
• Added some screenshots
• Notifications correctly identify an initial scan.
• FAQ entries are now shown in categories
• Added indicators for 'Scan in progress' and 'Site suspended'
• Fixing odd bugs here and there

2020-08-30

Due to an outage at SSLLabs not much work was done today. In addition a strange database problem occured where the DB claimed the unique key set for a scan was already in the database when in fact it was not. Removing the offending queue entry only led to the DB complaining about the next key ... The only thing that helped was backup the DB, drop it, and restore it from scratch. Together with looking for the cause of the sudden scan problems this took most of my time. However once things started to work again, I got some of the things I had planned for today done:

• You will now recieve a notofication when the status of your site changes:
  • Change in the grade (better or worse)
  • Vulnerabilities detected
  • Certificate problems
  • Warning if the certificate expires in 14 days
  Some of this may need some finetuning, but at least now you know when something changes. Additional notifications will be added as I find a usecase or per your suggestion.

2020-08-29

• New Feature: Message Center
  You may have noticed a new option in your user menu: Message Center. I am continuing the integration of the new messaging system. Please be patient, messages will arrive as soon as I finish the message queue. So far I have integrated it into the scanning process and wrote the message distribution. However it is now 2:30 AM and I am too tired to test it now.
• Added an indicator to the avatar-icon to signal new messages since last login.
• Unread flag will indicate by colour if a message is new (sent since last login: red), or older but still unread. Even though the message is shown directly (I do not expect the messages to be very long) I put in the unread flag in case you would like a system of marking messages as read. You may of course just delete them immediately.
• The Scan Queue system will not send messages directly, but will push notifications into a notifications queue. This queue will be processed regularly by a seperate process to avoid slowing down the scan queue. This will also allow me to send notifications about other events to more than one user more conveniently. The mail queue can either send messages to all users watching one host, or to every user of SIGMA.

2020-08-28

• New Feature: Request Rescan
  This may not sound like much, but it is the first use case for the new internal messaging. What happens if you send a Rescan Request is that a message is sent to the admin group and is shown in the admin dashboard. For now admins can only mark the message as read or delete it. Replying will come next and then you will also get notifications when one of your sites is changing status or problems are detected.
• Polishing the admin backend

2020-08-27

• New Feature: Two Factor Authentication
  Secure your account by activating the two factor authentication in your user menu! Once activated you can deactivate it using the same menu. I made it optional since not everybody likes it, but I strongly recommend activating it.
• Moved the user settings into their own menu. In the future some options from the account settings (namely API Keys and Invitations) will be moved into their own menu options to make room for some cool new features (eg. notifications). The start page will become more of a dashboard.
• Added better error handling to scan process. When the SSL Labs API returns an error for a scan request, the message is now logged and the host in question is suspended until an analysis of the problem can be performed.

2020-08-25

• Lists can now be deleted
• Preparing to add suspend option (admins only)
• Cleaned up action icons in sites overview to allow more options without loosing the overview
• Added list selection button to list view to switch faster between lists
• As usual: Bugs, bugs, bugs ....

2020-08-23

• Lists can now be renamed (delete coming soon)
• Learned to hate the browser cache ... Did I mention lately that 'I hate computers'?
• Selected lists are now 'sticky' (similar to search). Return to the site overview by clicking the button 'Show all Sites'.

2020-08-22

• New Feature: Lists
  When you have a lot of sites in your overview you may want to be able to see only a subset for a better overview and the search option does not give you enough flexibility. This is where lists come in. Define a subset of sites by placing them on a list and then selectively view only this list.
  
  The feature is still in implementation, so some options (rename list, delete list, remove site from list, add a single site to a list) are still missing. However I wanted to give you access of this great feature as soon as possible. BTW the list option will also ecome available in the Certificate and API-views. May take a few days though.
• More bug swatting ....

2020-08-21

• Added option to see more certificate details to the site overview. The details are also available for all archived scans via the Archive view.
• Added an indicator in detail view if insecure protocols are detetcted.

2020-08-20

• Added some details for the main certificate to the details view & DB (valid from, common name(s), alternative names).
• Changed the way vulnerabilities are shown in detail view.
• Updated API site view to reflect latest changes
• Bug fixes

2020-08-18

• Added more information to site over view and site details (Historic results not updated! New scan will have the additional data!)
• If vulnerabilities are found the site status will indicate this. individual vulnerabilities are now shown in site details of new scans.
• Certificate information now taken completely from SSL Labs results, removing the need for an extra server call. Certifcate details coming in next update.

2020-08-13

• Added basic FAQ-system (missing but coming soon: search, categories, likes)
• Prepared to extend result pages

2020-08-11

• Added a functionality to add a list of sites at once. If you need a mass import of sites, please send the list to sigma-support(at)silverday.de. Please put each portal on a seperate line!
  
• Bugfixes

2020-08-10

• Added a certificate status list
  
• Moved the site status lists into a seperate menu
• Bugfixes and queue performance

2020-08-09

• API-Keys
  Using API-Keys you can give others access to your list of sites without the need of an account. This can be useful for providing information easily to a group of people. API-Keys allow access to a site overview, certificate overview, and a JSON dump of all available data. Permissions can be set to include one or more of the views and they can also be limited to a certain date. The JSON-dump should be considere experimental at the moment.
  
  The APIKey feature is available to registered users on request!
  
  
• Queue Management (Admin only)
  Administrators have now easier access to queue management Functionality.
  
  
• Added additional certificate parameters to the DB. Please Note: Existing sites will fill the fields during the next regular rescan within 72h. Historic scans will not be updated.