Skip to content

What's New 🚀🚀

2025-04-29

End of Life Detection

  • BoostSecurity's SBOM and SCA scanners have been updated to now support detection and enrichment of End-of-Life (EoL) packages. You can:

    • Filter your entire SBOM to identify EoL packages.

    • Receive proactive notifications when EoL packages are detected in your codebase or introduced via pull requests.

SCM Integration Enhancements

  • GitHub

    Boost has added support and detection of RuleSets for branch protection settings. You can now identify if your repositories lack secure configuration using RuleSets and can alert your team whenever your security posture weakens based on RuleSet changes.

  • GitLab

    GitLab integration now supports Group and Service Access Tokens in addition to Personal Access Tokens

  • Azure DevOps

    Connection to ADO now supports Microsoft Entra ID in addition to Personal Access Tokens.

Policy Enhancements

  • Our incredibly powerful and flexible policy engine has been updated with some additional usability improvements, allowing users to reorder their rules quickly through the UI to create even faster and simpler customization by manipulating the execution order of your rules.

Findings Detail Redesign

  • Finally in this sprint, we’ve rolled out a redesigned Findings Detail panel for an improved user experience. Key improvements include:

    • A cleaner, more intuitive layout.
    • Easier navigation to critical insights.
    • Faster access to actions and remediation steps.

2025-04-02

Filters Redesign

Filtering within Boost just got a major upgrade!

We’ve completely redesigned filters across all relevant pages to improve usability, reduce complexity, and maximize screen space. This update ensures you can find the data you need more quickly and take action with greater ease.

Highlights:

  • Cleaner, more intuitive filter layout
  • Enhanced usability on all filtered pages
  • Optimized screen real estate for improved workflow

Performance Enhancements

Working with large datasets just got significantly faster.

Our backend team has optimized filtering and search algorithms for high-volume use cases, resulting in a 10x improvement in load times when handling six-figure datasets on the Findings page.

Ideal for teams managing:

  • Tens of thousands of violations
  • Hundreds of thousands of findings

Your triage workflow just got supercharged.

Runtime Reachability Support

We’ve expanded our reachability features!

Building on last year’s Code Reachability capabilities (powered by the OSV scanner), we now support Runtime Reachability via our Dynatrace integration.

You can now: - Identify which vulnerabilities Dynatrace has confirmed have Runtime Reachability - Build policies around runtime-loaded vulnerabilities - Prioritize risks more effectively

This gives your security policies even greater precision.

Other Improvements

  • Policy Rule Clarity: We’ve improved language and consistency in our policy rule definitions, making it easier for new users to understand and use the policy engine effectively.
  • GitLab Integration: Now supports Service Account Access Tokens with the same functionality as Personal Access Tokens.
  • Azure DevOps Integration: Now supports Microsoft Entra ID connections with the same functionality as Personal Access Tokens.

2025-02-21

Code to Cloud - Integration with Dynatrace

  • Dynatrace is an industry leader in Infrastructure and Runtime observability, and as a Boost user you can now benefit from all Dynatrace has to offer as enrichment to our source code, CI/CD, and Supply Chain risk detections! Provide your developers with runtime context of which vulnerabilities are in production or have public routes from the internet. Provide your infrastructure team with code context of which repository or development team members are responsible for the code running on a specific service!

Enhanced Default Coverage

  • Add SAST to the auto-provisioning list! With Boost you can now automatically detect new assets and provision static analysis scanning to the newly detected code with no human intervention. This joins the existing automated provisioning capabilities for Supply Chain, Secrets, SBOM, and SCA!

Expanded Critical Risk Detection

  • Our ability to identify critical risks has expanded once again, this time to flag repositories that contain PII and are missing branch protection settings.

2025-01-31

Deeper Runtime Detections and Policies

  • Boost will now enrich services and findings with detected Root user access and Privileged containers. For example, you can now have policies that alert when detecting certain vulnerabilities existing within services that have Root Access.

Enhanced Asset Discovery Information

  • With multiple potential sources of asset detection (Source Control Management, 3rd party Scanner, etc), it can become unclear where an asset in Boost originated from. We have enhanced the Asset Management page with additional metadata to help you track your asset origins

Export CIS Supply Chain Compliance Report

  • We’re continuing to enhance our Compliance feature with file exporting. Filter your portfolio or compliance rules down to just the scope you want to report on and create CSV data exports for downstream reporting or archiving

2024

2023

2022