Links

v2310.29

Enhancing CI/CD Insights and Dashboard Clarity!
Sharpening our CI/CD integration and dashboard functionality for unparalleled project visibility. With advanced analyzers now in play, expect more robust and insightful code analysis—tailored to drive your development forward efficiently.

🌟 Latest Update: v2310.29

🚀 New Features - API

🔍 New Scan Policies:

  • From 'Code Quality' to 'Sensitive Information Exposure', we've got you covered against the latest threats
Advanced Security
OWASP Top 10 Focus
API Security
Code Quality - Best Practices
Data - Privacy Protection
Mobile Security
Cryptography - Authentication
File - Resource Management
Web Client-Side Security
Sensitive Information Exposure

🌟 CI/CD Report Chart Updates:

See What Matters: Directly spot resolved or new issues from our ci/cd plugins. Faster identification means quicker actions.

🌟 Async/Sync Scan Option on CI/CD :

  • Synchronous: Wait for the scan to finish and check if it meets or violates set fail criteria.
  • Asynchronous: Initiate the scan and move on to other pipeline job; no need to wait for scan results.
🌟 Scan History
Dive into the history of your project's scans. With each scan entry, get detailed insights into newly discovered vulnerabilities and those that were resolved. This feature ensures that you're always in the loop about how each scan impacted your project's security standing.

📊 Dashboard Enhancements

  • Weekly progression of total open issues with a new visual chart.
  • Introducing the RiskMap: A strategic overview highlighting the most frequently occurring
  • Stay updated with the "Recent Scans" section, showcasing scans initiated in your organization.

🚀 New Features - Analyzers

"When pioneering a new framework or methodology for app development, it's not just about how innovative or efficient that approach might be. It's also essential to anticipate the challenges developers might face, especially concerning code quality measurements. A cutting-edge tool might promise rapid development cycles or novel features, but if it complicates or hinders quality assessments, developers might end up bearing unforeseen costs. Our latest analyzers are designed with this holistic perspective in mind, ensuring compatibility and precision across a broad spectrum of frameworks." - CodeThreat Analyzer Team
💡 Enhanced Taint Analysis Behaviors:
  • Field Sensitivity & Inheritance Update:
    • What's New: We've improved our class field analysis capabilities, especially focusing on inheritance properties within OOP paradigms.
    • Scan Impact: Users can expect a more sound analysis in projects that heavily utilize OOP inheritance structures. For instance, if there's a tainted field in a base class, our analysis will now more reliably trace its impact across derived classes, ensuring fewer false negatives.
  • Recursive Flow Update:
    • What's New: Our recursive analysis now dives deeper into nested and recursive code patterns, efficiently avoiding redundant checks.
    • Scan Impact: For codes with heavy recursive calls or nested structures, the results will now be more precise. This optimization translates to a reduction in false positives, especially in algorithms that have intricate recursive patterns. It means when you see a warning in a recursive function, it's more likely a genuine issue and not just an artifact of redundant checking.
  • Method Declaration Ref Update:
    • What's New: We've bolstered our tracking capabilities, focusing on references and usages of method declarations.
    • Scan Impact: This enhancement paves the way for a deeper, more context-aware analysis. Consider a scenario where a method declaration is frequently reused or referenced in multiple parts of the code. Our upgraded analysis methods will give a more holistic view of the method's interactions and its potential vulnerabilities, improving the soundness of the results.

🐛 Bug Fixes

  • Smooth Sign-ins: We've optimized the GitLab login experience, especially for names with unique characters.
  • UI/UX Enhancements: Addressed minor component glitches.
Last modified 1mo ago