What's New 🚀🚀

---

2025-05-28

SBOM Direct File Upload

• You can now upload standalone CycloneDX SBOM files directly to BoostSecurity without the need for build pipeline or source code access. This feature is particularly useful for teams working in environments like Mergers & Acquisitions due diligence, where source code may be unavailable. Simply upload a CycloneDX SBOM, and Boost will automatically enrich it with:

  • Known vulnerability data (CVEs, EPSS, CVSS)
  • Malware insights
  • OpenSSF Scorecard metrics
  • Open source license detection
  • Nightly monitoring for emerging threats, including 0-day vulnerabilities

This ensures your SBOMs receive the same level of analysis and protection as those generated through integrated pipelines.

Audit Logging and Activity Reports

• We’ve introduced a new Audit page for administrators to track, filter, and report on user activity within the platform. Gain visibility into:

  • Who modified which security policies, and when
  • Which scanners were added or removed—and by whom
  • Key operational actions across your instance

This feature enhances accountability and compliance across your teams.

Scan History Filters

• Since day one, Boost has empowered teams to define security policies that proactively notify developers of potential weaknesses, whether through pull request comments or build fail checks—before code merges into the main branch. However, visibility into how often and where these policies were triggered has been limited.

With our new Scan History filters, it's now significantly easier to track when and where policy enforcement occurs, giving you deeper insight into your security posture across the development lifecycle. With these filters, you can quickly view:

• All scans that triggered Fail Checks
• Scans that flagged policy violations in pull requests

This provides clearer insights into policy coverage and developer feedback loops over time.

Performance Enhancements

• Managing thousands, or tens of thousands of repositories? You’ll see a major boost in performance. Our backend optimizations have achieved up to 10x improvement in load times on the scanner coverage page. As your codebase grows, Boost scales with you - ensuring a smoother, faster experience for enterprise-scale operations.

2025-04-29

End of Life Detection

• BoostSecurity's SBOM and SCA scanners have been updated to now support detection and enrichment of End-of-Life (EoL) packages. You can:

  • Filter your entire SBOM to identify EoL packages.

  • Receive proactive notifications when EoL packages are detected in your codebase or introduced via pull requests.

SCM Integration Enhancements

• GitHub

  Boost has added support and detection of RuleSets for branch protection settings. You can now identify if your repositories lack secure configuration using RuleSets and can alert your team whenever your security posture weakens based on RuleSet changes.

• GitLab

  GitLab integration now supports Group and Service Access Tokens in addition to Personal Access Tokens

• Azure DevOps

  Connection to ADO now supports Microsoft Entra ID in addition to Personal Access Tokens.

Policy Enhancements

• Our incredibly powerful and flexible policy engine has been updated with some additional usability improvements, allowing users to reorder their rules quickly through the UI to create even faster and simpler customization by manipulating the execution order of your rules.

Findings Detail Redesign

• Finally in this sprint, we’ve rolled out a redesigned Findings Detail panel for an improved user experience. Key improvements include:

  • A cleaner, more intuitive layout.
  • Easier navigation to critical insights.
  • Faster access to actions and remediation steps.

2025-04-02

Filters Redesign

Filtering within Boost just got a major upgrade!

We’ve completely redesigned filters across all relevant pages to improve usability, reduce complexity, and maximize screen space. This update ensures you can find the data you need more quickly and take action with greater ease.

Highlights:

• Cleaner, more intuitive filter layout
• Enhanced usability on all filtered pages
• Optimized screen real estate for improved workflow

Performance Enhancements

Working with large datasets just got significantly faster.

Our backend team has optimized filtering and search algorithms for high-volume use cases, resulting in a 10x improvement in load times when handling six-figure datasets on the Findings page.

Ideal for teams managing:

• Tens of thousands of violations
• Hundreds of thousands of findings

Your triage workflow just got supercharged.

Runtime Reachability Support

We’ve expanded our reachability features!

Building on last year’s Code Reachability capabilities (powered by the OSV scanner), we now support Runtime Reachability via our Dynatrace integration.

You can now: - Identify which vulnerabilities Dynatrace has confirmed have Runtime Reachability - Build policies around runtime-loaded vulnerabilities - Prioritize risks more effectively

This gives your security policies even greater precision.

Other Improvements

• Policy Rule Clarity: We’ve improved language and consistency in our policy rule definitions, making it easier for new users to understand and use the policy engine effectively.
• GitLab Integration: Now supports Service Account Access Tokens with the same functionality as Personal Access Tokens.
• Azure DevOps Integration: Now supports Microsoft Entra ID connections with the same functionality as Personal Access Tokens.

2025-02-21

Code to Cloud - Integration with Dynatrace

• Dynatrace is an industry leader in Infrastructure and Runtime observability, and as a Boost user you can now benefit from all Dynatrace has to offer as enrichment to our source code, CI/CD, and Supply Chain risk detections! Provide your developers with runtime context of which vulnerabilities are in production or have public routes from the internet. Provide your infrastructure team with code context of which repository or development team members are responsible for the code running on a specific service!

Enhanced Default Coverage

• Add SAST to the auto-provisioning list! With Boost you can now automatically detect new assets and provision static analysis scanning to the newly detected code with no human intervention. This joins the existing automated provisioning capabilities for Supply Chain, Secrets, SBOM, and SCA!

Expanded Critical Risk Detection

• Our ability to identify critical risks has expanded once again, this time to flag repositories that contain PII and are missing branch protection settings.

2025-01-31

Deeper Runtime Detections and Policies

• Boost will now enrich services and findings with detected Root user access and Privileged containers. For example, you can now have policies that alert when detecting certain vulnerabilities existing within services that have Root Access.

Enhanced Asset Discovery Information

• With multiple potential sources of asset detection (Source Control Management, 3rd party Scanner, etc), it can become unclear where an asset in Boost originated from. We have enhanced the Asset Management page with additional metadata to help you track your asset origins

Export CIS Supply Chain Compliance Report

• We’re continuing to enhance our Compliance feature with file exporting. Filter your portfolio or compliance rules down to just the scope you want to report on and create CSV data exports for downstream reporting or archiving

2024

• For detailed release notes from 2024, please refer to the 2024 release notes page

2023

• For detailed release notes from 2023, please refer to the 2023 release notes page.

2022

• For detailed release notes from 2022, please refer to the 2022 release notes page.