Comment on page
Gitlab Full Integration, Bamboo CI new language/library supports, brand new project overview!
A major highlight has been the revamp of our project overview. We've shifted our attention to branch and repository-centric monitoring. The idea is to provide a clearer, more granular view of your projects. By breaking it down step-by-step, we aim to offer a more intuitive, detailed perspective on your project's security stance.
Gain a clearer perspective on your project’s compliance status. At a glance, discern which compliance benchmarks your project meets or falls short of.
Issue Trend Chart, you can visually track your project's progress over time. This dynamic timeline showcases both closed and open issues, giving you a comprehensive view of your project’s security posture and its evolution. Stay informed, act promptly, and measure improvements more effectively than ever.
Get an at-a-glance breakdown of vulnerabilities based on their severity. This charts categorizes and quantifies vulnerabilities, helping you prioritize and address the most critical issues first.
Dive into the history of your project's scans. With each scan entry, get detailed insights into newly discovered vulnerabilities and those that were resolved. This feature ensures that you're always in the loop about how each scan impacted your project's security standing.
Effortlessly sign into GitLab, select your projects, and sync them directly on our SAST platform for immediate scanning.
- GitLab Cloud Authentication: We're expanding our cloud capabilities! Logging into GitLab via our cloud interface is available.
The CodeThreat Bamboo CI/CD Plugin provides integration between your Bamboo pipelines and CodeThreat SAST platform. With this plugin, security becomes an integral part of your CI/CD process, ensuring that your code is secure at every stage of the development lifecycle.
- Automated Scans: Trigger CodeThreat security scans automatically as part of your Bamboo build process.
- Results within Bamboo: View detailed vulnerability reports directly within your Bamboo environment, without the need to switch to a separate platform.
One of the standout features of our Bamboo CI/CD Plugin is the ability to define specific failure criteria based on the results of a scan. This feature is invaluable for teams that need to ensure their code meets certain security thresholds before proceeding to the next stage in the CI/CD pipeline.
How it Works:
- 1.Setting Thresholds: Users can set a maximum allowable threshold for vulnerability severities, such as 'Critical' and 'High'.
- 2.OR Condition: The scan will mark the build as failed if any of the set criteria are met. For instance, if you set the maximum 'Critical' vulnerabilities to 5 and the scan returns 6, the build will fail.
- 3.AND Condition: All set conditions must be met for the scan to fail the build. For example, if both 'Critical' and 'High' vulnerability thresholds are exceeded, only then will the build fail.
- 4.Weakness Pattern Matching: This advanced feature allows users to specify particular patterns of weaknesses or vulnerabilities. If detected in the scan, these patterns can be used to fail the build.
We’re thrilled to introduce comprehensive support for ColdFusion. As we expand our language portfolio, we remain committed to rigorous vulnerability checks.
//coldfusion analyzer capabilities
CF Location Validation
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Header Manipulation & Cookies
Insecure File Upload
Detection of Leftover Debug Code
Missing HTTP Only Cookie Attribute
Missing Secure Cookie Attribute
OS Command Injection
PDF Cross-Site Scripting
Our platform's scanning capabilities just got broader! While previously limited to specific source codes, we now offer sensitive information scans across all file types, not just the ones we officially support.
- .Class File Analysis: Elevating our static scanning capabilities, we now offer artifact scanning for .class files, a groundbreaking step towards ensuring your compiled Java code remains vulnerability-free.
- Enhanced C# Libraries Support: In our pursuit of ensuring a holistic and in-depth analysis of your projects, we're delving deeper into the diverse landscapes of .NET. We've broadened our scanning capabilities to cover:
// new standard2.0 libraries support for
Web Authorization Mechanisms
Mobile Web Optimizations
Data Handling and Utility Analysis
- XML Analyzer Enhancement: Addressed and rectified an issue with the XML analyzer which previously hindered the scanning of certain XML files.
- C# Tainted Input: Fixed a critical issue in our analyzer where potential tainted inputs in C# code were being inaccurately assessed. This correction ensures a more precise vulnerability detection in C# projects.
- GitLab CI/CD Plugin: Resolved a bug affecting the display of scan progress on the job page.
- API Rate Limiting: Fixed a bug affecting the counting of API rate limits.
- Dashboard Loading: Optimized the database queries to fix the intermittent slow loading times on the user dashboard.
- Data Visualization: Fixed a bug where some charts in the reports section displayed skewed data due to a calculation error.