Skip to content

What's New 🚀🚀

2024-03-29

Supply Chain Inventory

  • BoostSecurity now natively supports the generation of a comprehensive and searchable list of the components used to build your software. With this feature, you can easily identify third-party components, such as GitHub actions and CircleCI orbs, which can potentially pose a security risk to your build pipeline. This feature provides end-to-end visibility of your entire supply chain, allowing you to quickly and effectively respond to new risks as they are detected.

User Management Improvements

  • Enhancements to user creation and management to allow you to grant administrator access to new users from the BoostSecurity UI as well as review all user account access.

2024-03-07

Scanner Configurations

  • Simplify your scanner configuration by creating global and easy-to-use rule sets for your configurable scanners. You streamline the provisioning process and better enable central control of how your scanners run within Boost.

Improved CI/CD Scanner Provisioning

  • All SCMs can now provision the CI/CD scanner as defualt scanner protection for all new Organizations and Repositories on the scanner coverage page, rather than on the integrations view as before.

Scanner Coverage

  • At-a-glance scanner coverage! Gain insight into where your portfolio has coverage, from static analysis to secrets detection to third-party dependencies and much more!
  • Immediately highlight coverage gaps in your program and fill them with a 1-click deployment of built-in scanning and detection technologies to gain up-to-the-minute insights into all areas of your application risk.
  • Mass-provision catered scanning for your repositories, with built-in filters to find all repositories of a specific language or framework, allows you to quickly assign the best scanning technology for that language in one action!

2024-02-16

Policy Improvements

  • Policy changes now can be processed instantly allowing users to globally adjust the Findings and Violations reported within their boostsecurity.io instance without requiring a new set of scans to update your data.

  • Open Source Security Foundation (OSSF) scoring can now be a part of your policy definition, enabling you to get violation alerts when your 3rd party dependencies represent a greater risk to your organization.

SCA Findings

  • SCA findings now directly inform you if they are Transitive or Direct from within the Finding view

2024-01-27

Policy UI Improvements

  • Improved the experience of creating Policies with significantly reduced page load times.

Super-fast Findings

  • Findings page now loads in a fraction of the time for larger datasets giving a much more responsive and engaging feel to the page.

Suppression By Policy

  • Users can now apply auto-suppression by policy enabling greater freedom to automatically hide lower risk findings but still be able to quickly call them up for review during triage or audit efforts.

Scan History

  • Scan history shows applied policy now providing more readily available insight into how individual scans were processed to create the Finding and Violation counts you see with your scans.

2023-11-12

ZTP for ADO and Bitbucket

  • ADO and BitBucket now enjoy the same guided simplicity in scanner provisioning that GitHub and GitLab received previously.

Findings Grouping

  • Created “Group By” view in the Findings page. Findings and Violations can now be grouped together by Rules, Repositories, Images, or Categories, allowing for more robust insights into your current risk exposure.

Security Events

  • Security Events now persist independently of open findings so you never miss a potential gap in your build security.

2023-10-23

Dashboard Improvements

  • Dashboard now provides policy filtering giving you the same system-wide overview metrics you’re used to, but with the ability to narrow that analysis down to specific policies you’ve defined.

Scans View Improvement

  • One-click filtering from scan list page to the findings they produced.

SBOM License Alerts

  • License policies and management capabilities have been added to enable at-a-glance filtering for prohibited licenses, license details within finding and violation information, and most importantly, the ability to define policy restrictions around certain licenses so you can always be automatically notified if a component has been added that carries a forbidden policy.

Zero Touch Provisioning (ZTP) Becomes Turn-key

  • Massive ZTP usability updates starting with GitHub and GitLab, we’ve now taken the guesswork and frustration out of provisioning new scanning tools into your code bases. Significant improvements to user guidance in our ZTP wizard to provide specific instruction, statusing, and automation around the provisioning process from start to finish.

  • ZTP scan execution throttling is now supported, giving you the control and flexibility to run scans less frequently based on your own criteria to help control costs within your cloud CI environment.

Findings Groupings

  • The “Group By” capability has been added in the findings view. THis enables you to group findings by rule id, repository, category and container image when reviewing findings.

SBOM Licenses

  • Expanded SBOM to check for license details and support policy definitions for license types

2023-10-09

Top Repository Contributors

  • The top contributors to a code repository has been added as part of the details of related findings.

OSSF Scorecard SBOM

  • Added OSSF Scorecard enrichment to SBOM data.

Security Events

  • The Security Events page is now a standalone page.

2023-10-05

PDF Reports

  • A column picker was added for the feature related to sending PDF reports from the scan history. With that change, you can select which columns from the scan history should be included in the report.

SBOM Packages Filter

  • We updated the image displayed in the SBOM service when the filters selected yield no packages to display.

2023-09-27

ADO SCM Integration

  • Expanded ADO SCM integration to allow for full account connection in addition to the previous project-specific connections.

Bitbucket CI/CD

  • Added additional CI/CD checks to BitBucket

GitLab SCA Findings

  • GitLab now generates SCA Findings.

SCA Findings generation from SBOM

  • We added the ability to generate SCA findings from SBOM.
  • We also improved the generation of SCA via SBOM.

Black Duck Connector

  • The Black Duck connector integration is added.
  • Black Duck suppressions are now supported.

Findings view: Violations and Findings tab

  • The Findings view is now splitted into two tabs, one for violations and one for findings.

Project Risk Scoring

  • Each project (resource) now have a risk scoring card.

2023-09-25

Export Findings in a CSV File

  • Get a detailed list of your findings in a structured manner via a .CSV file.

Policy Updated At Column Addition

  • We added the Updated At column to policies to give you a detailed view into when a policy was updated.

Checkmarx Integration

  • Checkmarx has been added to the list of integrations to BoostSecurity.
  • Import of Checkmarx scans can now be triggered by webhooks.

Sonarqube Integration

  • A new integration, SonarQube has been added.
  • Import of SonarQube scans can now be triggered by webhooks.

Synk Connector Integration

  • The connection between the security software Synk and BoostSecurity has been achieved.

Added support for Semgrep commercial scanner.

2023-08-09

GitLab Account-Wide Integration

  • Introducing GitLab account-wide integration with a convenient "Select All" option for GitLab in ZTP. To enhance your workflow, make sure to remove existing GitLab installations before proceeding.

  • A Personal Access Token (PAT) with API privileges and access to all organizations is now required for seamless integration.

SAST-Related Findings Deduplication

  • The latest update to the SAST tool includes a new deduplication feature for easier management of related findings.

2023-07-27

ZTP Provisioning for Azure DevOps

  • Zero Touch Provisioning now supports Azure DevOps, offering a streamlined experience for you.

Projects View Optimization

  • The projects page is now optimized to give a centralized overview of the security exposures identified in your projects.

2023-07-10

Policy Version 2 UI

  • Embrace the future of policy management with the all-new Policy UI version 2. Gain unprecedented control and granularity over policy decisions and actions.

  • For new policies, experience the power of the new UI (V2) while retaining visibility and editing capabilities for existing policies created with the old UI.

Checkov Rule Curation

OSV Integration Added

MobSF Integration Added

2023-06-17

Manual Trigger for ZTP Scans

  • ZTP scans can now be triggered manually on the scans page.

**SBOM Filtering

  • Filter for SBOM on the SBOM page.

Scanner Provisioning

  • Resolved duplicate entry when using UI to provision scanner

2023-06-13

Scan History PDF Report

  • Generate and send PDF reports for your scan history effortlessly, enhancing your documentation and reporting capabilities.

Webhook Integration Visibility

  • The Webhook integration is now visible to all users, providing enhanced transparency and ease of use.

Jira Integration

  • The JIRA integration was added to enable defect creation.

2023-06-08

SCA Enrichment Improvements

  • Improve your Software Composition Analysis (SCA) with enriched SCA data. Discover the new Fixable filter and delve into enhanced findings details for SCA and Container-related issues.

Repository PII Information Indication

  • Safeguard sensitive data by adding repository attributes indicating the presence of Personally Identifiable Information (PII).

  • Dive into comprehensive details of findings, now including a dedicated filter and section for PII information, providing better visibility and control.

2023-05-15

  • The CWE Rules database was improved.

2023-05-11

Zero Touch Provisioning for Various Platforms

  • Experience Zero Touch Provisioning on multiple platforms, including Github, Bitbucket, and both SaaS and On-Prem versions of GitLab.

2023-05-03

Checkov Scanner for Ansible

  • Improve your Ansible security with the new Checkov scanner module, now available to fortify your projects.

2023-04-21

Microsoft Teams Outbound Notifications

  • Seamlessly integrate BoostSecurity with Microsoft Teams for outbound notifications, ensuring you easily stay in the loop.

2023-04-20

Azure SCM Integration

  • Boost your productivity by connecting your workflow to the Azure SCM integration.

2023-04-12

SBOM Licenses Filter

  • Gain greater control over your Software Bill of Materials (SBOM) with the new licenses filter, providing enhanced insights into your projects.

Findings Snoozing Support

  • Take charge of your Findings management with the new support for snoozing findings. Customize snooze duration and provide justifications for more efficient workflow.

2023-04-06

Security Events Support

  • Security Events are findings that may indicate a potential breach. These events require manual review to ensure no malicious activity has occurred.

2023-03-31

Single-Commit Pull Requests in CircleCI

  • Simplify your development cycle by integrating single-commit pull requests into your CircleCI workflow.

2023-03-30

GitLab Integration

  • Elevate your workflow with our GitLab integration. Seamlessly connect BoostSecurity to GitLab for enhanced protection measures, collaboration, and streamlined workflows.

2023-03-24

Findings View Enhancements

  • Boost your Findings management with bulk suppression capabilities and comprehensive information, including CVE IDs and advisory links.
  • Visualize resources in the Policies > Resources view with easy-to-identify SCM icons.

2023-03-22

Findings View Filters Improvement

  • Enjoy a smooth interface with improved findings view filters that collapse inactive filters by default, ensuring a seamless experience.

Policies Attributes Filter

  • Experience better resource management with the introduction of the attributes filter and attribute display in the Policies > Resources section.
  • Additional attributes include repository visibility, language, and origin for customized policies.

2023-03-20

GitLab Sign-In Feature

  • Simplify your access with the GitLab sign-in feature, allowing you to use your GitLab credentials seamlessly.

2023-03-15

Bitbucket Sign-In Feature

  • Sign in effortlessly using your Bitbucket credentials, streamlining your access to BoostSecurity.

2023-03-14

JIRA Auto-Close Feature

  • Enhance your JIRA integration with the new auto-close feature, enabling seamless closure of JIRA tickets upon resolution or suppression in code/UI.

2023-03-10

Azure DevOps Extension Live

  • Dive into the world of Azure DevOps with our new extension.

2023-03-09

Findings Viewer Filters

  • Empower the analysis of your findings with new EPSS and CVSS score filters, ensuring you focus on what truly matters.

Insight Graph for Violations/Findings

  • The insights page provides an all-new graph describing violations and findings per scanner.

2023-02-28

CVE Information in SBOM

  • Improve your vulnerability analysis with added visibility into CVE information within your SBOM.

2023-02-23

New Dashboard Landing Page

  • The improved landing page summarizes important trends in the state of your software's security.

2023-02-22

Bitbucket Integration

  • Integrate BoostSecurity with Bitbucket, unlocking new features, including support for Main and PR flow, PR comments, check failures, and more.

2022-11-10

New SCA Scanner Module for Golang

  • Introducing a cutting-edge SCA scanner module for Golang, powered by the Nancy scanner.

2022-11-08

New SCA Scanner Module for Python

  • Improve your Python project security with our new SCA scanner module powered by the safety scanner.

2022-11-04

Insight Violations and Findings Statistics

  • Insight violations and findings statistics now exclude suppressed findings and violations.

2022-11-03

npm-audit Scanner Support

  • Improve your package security with support for the npm-audit scanner.

2022-11-02

Source Scanning with Checkov Scanner

  • Discover enhanced source scanning capabilities with our new Checkov scanner module.

Source Scanning with CodeQL Scanner

  • Empower your source code analysis with our new CodeQL scanner module.

2022-11-01

New SCA Scanner Module for Ruby

  • Improve your Ruby projects with our new SCA scanner module powered by bundler-audit.

2022-10-31

Container Image SBOM Scanner

  • Experience seamless container image analysis with our new scanner module, generating component inventories for container images based on Trivy.

2022-10-28

Container Image Scanning with Trivy

  • Streamline your container image security with our new scanner module, providing enhanced container image scanning capabilities.

2022-10-21

New Source Code Scanner Modules

  • Improve your source code analysis with new modules based on Brakeman for Ruby and Gitleaks, ensuring comprehensive security coverage.

2022-10-20

Source Code Scanner for Go

  • Unlock the potential of Go code security with our new source code scanner powered by Gosec.

2022-10-07

Software Build of Materials (SBOM) Service

  • Introducing our SBOM service and scanner module to provide comprehensive inventory and vulnerability reporting for repositories.