Gitlab Full Integration, Bamboo CI new language/library supports, brand new project overview!

A major highlight has been the revamp of our project overview. We've shifted our attention to branch and repository-centric monitoring. The idea is to provide a clearer, more granular view of your projects. By breaking it down step-by-step, we aim to offer a more intuitive, detailed perspective on your project's security stance.

🌟 Latest Update: v2309.30

πŸš€ New Features - API

🌟 Project Overview

Gain a clearer perspective on your project’s compliance status. At a glance, discern which compliance benchmarks your project meets or falls short of.

🌟 Scan History

Dive into the history of your project's scans. With each scan entry, get detailed insights into newly discovered vulnerabilities and those that were resolved. This feature ensures that you're always in the loop about how each scan impacted your project's security standing.

🌟 GitLab Sign-in and Synchronization

Effortlessly sign into GitLab, select your projects, and sync them directly on our SAST platform for immediate scanning.

  • GitLab Cloud Authentication: We're expanding our cloud capabilities! Logging into GitLab via our cloud interface is available.

🌟 Bamboo CI/CD Plugin - Private Distribution

The CodeThreat Bamboo CI/CD Plugin provides integration between your Bamboo pipelines and CodeThreat SAST platform. With this plugin, security becomes an integral part of your CI/CD process, ensuring that your code is secure at every stage of the development lifecycle.

Key Features

  • Automated Scans: Trigger CodeThreat security scans automatically as part of your Bamboo build process.

  • Results within Bamboo: View detailed vulnerability reports directly within your Bamboo environment, without the need to switch to a separate platform.

Configurable Failure Criteria

One of the standout features of our Bamboo CI/CD Plugin is the ability to define specific failure criteria based on the results of a scan. This feature is invaluable for teams that need to ensure their code meets certain security thresholds before proceeding to the next stage in the CI/CD pipeline.

How it Works:

  1. Setting Thresholds: Users can set a maximum allowable threshold for vulnerability severities, such as 'Critical' and 'High'.

  2. OR Condition: The scan will mark the build as failed if any of the set criteria are met. For instance, if you set the maximum 'Critical' vulnerabilities to 5 and the scan returns 6, the build will fail.

  3. AND Condition: All set conditions must be met for the scan to fail the build. For example, if both 'Critical' and 'High' vulnerability thresholds are exceeded, only then will the build fail.

  4. Weakness Pattern Matching: This advanced feature allows users to specify particular patterns of weaknesses or vulnerabilities. If detected in the scan, these patterns can be used to fail the build.

πŸš€ New Features - Analyzers

🌟 ColdFusion Support

We’re thrilled to introduce comprehensive support for ColdFusion. As we expand our language portfolio, we remain committed to rigorous vulnerability checks.

//coldfusion analyzer capabilities

CF Location Validation 
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS) 
Denial of Service (DoS)
Hardcoded Password 
Header Manipulation & Cookies 
Information Leak 
Insecure File Upload 
Detection of Leftover Debug Code 
Log Forging 
Missing HTTP Only Cookie Attribute
Missing Secure Cookie Attribute 
OS Command Injection
PDF Cross-Site Scripting
Path Manipulation
Resource Injection
SQL Injection
Unauthorized Include
XPath Injection

🌟 Sensitive Information Scanning

Our platform's scanning capabilities just got broader! While previously limited to specific source codes, we now offer sensitive information scans across all file types, not just the ones we officially support.

  • .Class File Analysis: Elevating our static scanning capabilities, we now offer artifact scanning for .class files, a groundbreaking step towards ensuring your compiled Java code remains vulnerability-free.

  • Enhanced C# Libraries Support: In our pursuit of ensuring a holistic and in-depth analysis of your projects, we're delving deeper into the diverse landscapes of .NET. We've broadened our scanning capabilities to cover:

// new standard2.0 libraries support for

Web Authorization Mechanisms
Mobile Web Optimizations
Data Handling and Utility Analysis 

πŸ› Bug Fixes

  • XML Analyzer Enhancement: Addressed and rectified an issue with the XML analyzer which previously hindered the scanning of certain XML files.

  • C# Tainted Input: Fixed a critical issue in our analyzer where potential tainted inputs in C# code were being inaccurately assessed. This correction ensures a more precise vulnerability detection in C# projects.

  • GitLab CI/CD Plugin: Resolved a bug affecting the display of scan progress on the job page.

  • API Rate Limiting: Fixed a bug affecting the counting of API rate limits.

  • Dashboard Loading: Optimized the database queries to fix the intermittent slow loading times on the user dashboard.

  • Data Visualization: Fixed a bug where some charts in the reports section displayed skewed data due to a calculation error.

Last updated