2023 Release Notes 🚀🚀¶
2023-11-12¶
- ADO and BitBucket now enjoy the same guided simplicity in scanner provisioning that GitHub and GitLab received previously.
- Created “Group By” view in the Findings page. Findings and Violations can now be grouped together by Rules, Repositories, Images, or Categories, allowing for more robust insights into your current risk exposure.
- Security Events now persist independently of open findings so you never miss a potential gap in your build security.
2023-10-23¶
- Dashboard now provides policy filtering giving you the same system-wide overview metrics you’re used to, but with the ability to narrow that analysis down to specific policies you’ve defined.
- One-click filtering from scan list page to the findings they produced.
- License policies and management capabilities have been added to enable at-a-glance filtering for prohibited licenses, license details within finding and violation information, and most importantly, the ability to define policy restrictions around certain licenses so you can always be automatically notified if a component has been added that carries a forbidden policy.
Zero Touch Provisioning (ZTP) Becomes Turn-key
-
Massive ZTP usability updates starting with GitHub and GitLab, we’ve now taken the guesswork and frustration out of provisioning new scanning tools into your code bases. Significant improvements to user guidance in our ZTP wizard to provide specific instruction, statusing, and automation around the provisioning process from start to finish.
-
ZTP scan execution throttling is now supported, giving you the control and flexibility to run scans less frequently based on your own criteria to help control costs within your cloud CI environment.
- The “Group By” capability has been added in the findings view. THis enables you to group findings by rule id, repository, category and container image when reviewing findings.
- Expanded SBOM to check for license details and support policy definitions for license types
2023-10-09¶
- The top contributors to a code repository has been added as part of the details of related findings.
- Added OSSF Scorecard enrichment to SBOM data.
- The Security Events page is now a standalone page.
2023-10-05¶
- A column picker was added for the feature related to sending PDF reports from the scan history. With that change, you can select which columns from the scan history should be included in the report.
- We updated the image displayed in the SBOM service when the filters selected yield no packages to display.
2023-09-27¶
- Expanded ADO SCM integration to allow for full account connection in addition to the previous project-specific connections.
- Added additional CI/CD checks to BitBucket
- GitLab now generates SCA Findings.
SCA Findings generation from SBOM
- We added the ability to generate SCA findings from SBOM.
- We also improved the generation of SCA via SBOM.
- The Black Duck connector integration is added.
- Black Duck suppressions are now supported.
Findings view: Violations and Findings tab
- The Findings view is now splitted into two tabs, one for violations and one for findings.
- Each project (resource) now have a risk scoring card.
2023-09-25¶
- Get a detailed list of your findings in a structured manner via a
.CSVfile.
Policy Updated At Column Addition
- We added the Updated At column to policies to give you a detailed view into when a policy was updated.
- Checkmarx has been added to the list of integrations to BoostSecurity.
- Import of Checkmarx scans can now be triggered by webhooks.
- A new integration, SonarQube has been added.
- Import of SonarQube scans can now be triggered by webhooks.
- The connection between the security software Synk and BoostSecurity has been achieved.
Added support for Semgrep commercial scanner.
2023-08-09¶
GitLab Account-Wide Integration
-
Introducing GitLab account-wide integration with a convenient "Select All" option for GitLab in ZTP. To enhance your workflow, make sure to remove existing GitLab installations before proceeding.
-
A Personal Access Token (PAT) with API privileges and access to all organizations is now required for seamless integration.
SAST-Related Findings Deduplication
- The latest update to the SAST tool includes a new deduplication feature for easier management of related findings.
2023-07-27¶
ZTP Provisioning for Azure DevOps
- Zero Touch Provisioning now supports Azure DevOps, offering a streamlined experience for you.
- The projects page is now optimized to give a centralized overview of the security exposures identified in your projects.
2023-07-10¶
-
Embrace the future of policy management with the all-new Policy UI version 2. Gain unprecedented control and granularity over policy decisions and actions.
-
For new policies, experience the power of the new UI (V2) while retaining visibility and editing capabilities for existing policies created with the old UI.
OSV Integration Added
MobSF Integration Added
2023-06-17¶
- ZTP scans can now be triggered manually on the scans page.
- Filter for SBOM on the SBOM page.
- Resolved duplicate entry when using UI to provision scanner
2023-06-13¶
- Generate and send PDF reports for your scan history effortlessly, enhancing your documentation and reporting capabilities.
Webhook Integration Visibility
- The Webhook integration is now visible to all users, providing enhanced transparency and ease of use.
- The JIRA integration was added to enable defect creation.
2023-06-08¶
- Improve your Software Composition Analysis (SCA) with enriched SCA data. Discover the new Fixable filter and delve into enhanced findings details for SCA and Container-related issues.
Repository PII Information Indication
-
Safeguard sensitive data by adding repository attributes indicating the presence of Personally Identifiable Information (PII).
-
Dive into comprehensive details of findings, now including a dedicated filter and section for PII information, providing better visibility and control.
2023-05-15¶
- The CWE Rules database was improved.
2023-05-11¶
Zero Touch Provisioning for Various Platforms
- Experience Zero Touch Provisioning on multiple platforms, including Github, Bitbucket, and both SaaS and On-Prem versions of GitLab.
2023-05-03¶
- Improve your Ansible security with the new Checkov scanner module, now available to fortify your projects.
2023-04-21¶
Microsoft Teams Outbound Notifications
- Seamlessly integrate BoostSecurity with Microsoft Teams for outbound notifications, ensuring you easily stay in the loop.
2023-04-20¶
- Boost your productivity by connecting your workflow to the Azure SCM integration.
2023-04-12¶
- Gain greater control over your Software Bill of Materials (SBOM) with the new licenses filter, providing enhanced insights into your projects.
- Take charge of your Findings management with the new support for snoozing findings. Customize snooze duration and provide justifications for more efficient workflow.
2023-04-06¶
- Security Events are findings that may indicate a potential breach. These events require manual review to ensure no malicious activity has occurred.
2023-03-31¶
Single-Commit Pull Requests in CircleCI
- Simplify your development cycle by integrating single-commit pull requests into your CircleCI workflow.
2023-03-30¶
- Elevate your workflow with our GitLab integration. Seamlessly connect BoostSecurity to GitLab for enhanced protection measures, collaboration, and streamlined workflows.
2023-03-24¶
Findings View Enhancements
- Boost your Findings management with bulk suppression capabilities and comprehensive information, including CVE IDs and advisory links.
- Visualize resources in the
Policies > Resourcesview with easy-to-identify SCM icons.
2023-03-22¶
Findings View Filters Improvement
- Enjoy a smooth interface with improved findings view filters that collapse inactive filters by default, ensuring a seamless experience.
- Experience better resource management with the introduction of the attributes filter and attribute display in the
Policies > Resourcessection. - Additional attributes include repository visibility, language, and origin for customized policies.
2023-03-20¶
- Simplify your access with the GitLab sign-in feature, allowing you to use your GitLab credentials seamlessly.
2023-03-15¶
- Sign in effortlessly using your Bitbucket credentials, streamlining your access to BoostSecurity.
2023-03-14¶
JIRA Auto-Close Feature
- Enhance your JIRA integration with the new auto-close feature, enabling seamless closure of JIRA tickets upon resolution or suppression in code/UI.
2023-03-10¶
- Dive into the world of Azure DevOps with our new extension.
2023-03-09¶
- Empower the analysis of your findings with new EPSS and CVSS score filters, ensuring you focus on what truly matters.
Insight Graph for Violations/Findings
- The insights page provides an all-new graph describing violations and findings per scanner.
2023-02-28¶
- Improve your vulnerability analysis with added visibility into CVE information within your SBOM.
2023-02-23¶
- The improved landing page summarizes important trends in the state of your software's security.
2023-02-22¶
- Integrate BoostSecurity with Bitbucket, unlocking new features, including support for Main and PR flow, PR comments, check failures, and more.