What's New 🚀🚀¶
2024-03-29¶
- BoostSecurity now natively supports the generation of a comprehensive and searchable list of the components used to build your software. With this feature, you can easily identify third-party components, such as GitHub actions and CircleCI orbs, which can potentially pose a security risk to your build pipeline. This feature provides end-to-end visibility of your entire supply chain, allowing you to quickly and effectively respond to new risks as they are detected.
- Enhancements to user creation and management to allow you to grant administrator access to new users from the BoostSecurity UI as well as review all user account access.
2024-03-07¶
- Simplify your scanner configuration by creating global and easy-to-use rule sets for your configurable scanners. You streamline the provisioning process and better enable central control of how your scanners run within Boost.
Improved CI/CD Scanner Provisioning
- All SCMs can now provision the CI/CD scanner as defualt scanner protection for all new Organizations and Repositories on the scanner coverage page, rather than on the integrations view as before.
- At-a-glance scanner coverage! Gain insight into where your portfolio has coverage, from static analysis to secrets detection to third-party dependencies and much more!
- Immediately highlight coverage gaps in your program and fill them with a 1-click deployment of built-in scanning and detection technologies to gain up-to-the-minute insights into all areas of your application risk.
- Mass-provision catered scanning for your repositories, with built-in filters to find all repositories of a specific language or framework, allows you to quickly assign the best scanning technology for that language in one action!
2024-02-16¶
-
Policy changes now can be processed instantly allowing users to globally adjust the Findings and Violations reported within their boostsecurity.io instance without requiring a new set of scans to update your data.
-
Open Source Security Foundation (OSSF) scoring can now be a part of your policy definition, enabling you to get violation alerts when your 3rd party dependencies represent a greater risk to your organization.
- SCA findings now directly inform you if they are Transitive or Direct from within the Finding view
2024-01-27¶
- Improved the experience of creating Policies with significantly reduced page load times.
- Findings page now loads in a fraction of the time for larger datasets giving a much more responsive and engaging feel to the page.
- Users can now apply auto-suppression by policy enabling greater freedom to automatically hide lower risk findings but still be able to quickly call them up for review during triage or audit efforts.
- Scan history shows applied policy now providing more readily available insight into how individual scans were processed to create the Finding and Violation counts you see with your scans.
2023-11-12¶
- ADO and BitBucket now enjoy the same guided simplicity in scanner provisioning that GitHub and GitLab received previously.
- Created “Group By” view in the Findings page. Findings and Violations can now be grouped together by Rules, Repositories, Images, or Categories, allowing for more robust insights into your current risk exposure.
- Security Events now persist independently of open findings so you never miss a potential gap in your build security.
2023-10-23¶
- Dashboard now provides policy filtering giving you the same system-wide overview metrics you’re used to, but with the ability to narrow that analysis down to specific policies you’ve defined.
- One-click filtering from scan list page to the findings they produced.
- License policies and management capabilities have been added to enable at-a-glance filtering for prohibited licenses, license details within finding and violation information, and most importantly, the ability to define policy restrictions around certain licenses so you can always be automatically notified if a component has been added that carries a forbidden policy.
Zero Touch Provisioning (ZTP) Becomes Turn-key
-
Massive ZTP usability updates starting with GitHub and GitLab, we’ve now taken the guesswork and frustration out of provisioning new scanning tools into your code bases. Significant improvements to user guidance in our ZTP wizard to provide specific instruction, statusing, and automation around the provisioning process from start to finish.
-
ZTP scan execution throttling is now supported, giving you the control and flexibility to run scans less frequently based on your own criteria to help control costs within your cloud CI environment.
- The “Group By” capability has been added in the findings view. THis enables you to group findings by rule id, repository, category and container image when reviewing findings.
- Expanded SBOM to check for license details and support policy definitions for license types
2023-10-09¶
- The top contributors to a code repository has been added as part of the details of related findings.
- Added OSSF Scorecard enrichment to SBOM data.
- The Security Events page is now a standalone page.
2023-10-05¶
- A column picker was added for the feature related to sending PDF reports from the scan history. With that change, you can select which columns from the scan history should be included in the report.
- We updated the image displayed in the SBOM service when the filters selected yield no packages to display.
2023-09-27¶
- Expanded ADO SCM integration to allow for full account connection in addition to the previous project-specific connections.
- Added additional CI/CD checks to BitBucket
- GitLab now generates SCA Findings.
SCA Findings generation from SBOM
- We added the ability to generate SCA findings from SBOM.
- We also improved the generation of SCA via SBOM.
- The Black Duck connector integration is added.
- Black Duck suppressions are now supported.
Findings view: Violations and Findings tab
- The Findings view is now splitted into two tabs, one for violations and one for findings.
- Each project (resource) now have a risk scoring card.
2023-09-25¶
- Get a detailed list of your findings in a structured manner via a
.CSV
file.
Policy Updated At Column Addition
- We added the Updated At column to policies to give you a detailed view into when a policy was updated.
- Checkmarx has been added to the list of integrations to BoostSecurity.
- Import of Checkmarx scans can now be triggered by webhooks.
- A new integration, SonarQube has been added.
- Import of SonarQube scans can now be triggered by webhooks.
- The connection between the security software Synk and BoostSecurity has been achieved.
Added support for Semgrep commercial scanner.
2023-08-09¶
GitLab Account-Wide Integration
-
Introducing GitLab account-wide integration with a convenient "Select All" option for GitLab in ZTP. To enhance your workflow, make sure to remove existing GitLab installations before proceeding.
-
A Personal Access Token (PAT) with API privileges and access to all organizations is now required for seamless integration.
SAST-Related Findings Deduplication
- The latest update to the SAST tool includes a new deduplication feature for easier management of related findings.
2023-07-27¶
ZTP Provisioning for Azure DevOps
- Zero Touch Provisioning now supports Azure DevOps, offering a streamlined experience for you.
- The projects page is now optimized to give a centralized overview of the security exposures identified in your projects.
2023-07-10¶
-
Embrace the future of policy management with the all-new Policy UI version 2. Gain unprecedented control and granularity over policy decisions and actions.
-
For new policies, experience the power of the new UI (V2) while retaining visibility and editing capabilities for existing policies created with the old UI.
OSV Integration Added
MobSF Integration Added
2023-06-17¶
- ZTP scans can now be triggered manually on the scans page.
- Filter for SBOM on the SBOM page.
- Resolved duplicate entry when using UI to provision scanner
2023-06-13¶
- Generate and send PDF reports for your scan history effortlessly, enhancing your documentation and reporting capabilities.
Webhook Integration Visibility
- The Webhook integration is now visible to all users, providing enhanced transparency and ease of use.
- The JIRA integration was added to enable defect creation.
2023-06-08¶
- Improve your Software Composition Analysis (SCA) with enriched SCA data. Discover the new Fixable filter and delve into enhanced findings details for SCA and Container-related issues.
Repository PII Information Indication
-
Safeguard sensitive data by adding repository attributes indicating the presence of Personally Identifiable Information (PII).
-
Dive into comprehensive details of findings, now including a dedicated filter and section for PII information, providing better visibility and control.
2023-05-15¶
- The CWE Rules database was improved.
2023-05-11¶
Zero Touch Provisioning for Various Platforms
- Experience Zero Touch Provisioning on multiple platforms, including Github, Bitbucket, and both SaaS and On-Prem versions of GitLab.
2023-05-03¶
- Improve your Ansible security with the new Checkov scanner module, now available to fortify your projects.
2023-04-21¶
Microsoft Teams Outbound Notifications
- Seamlessly integrate BoostSecurity with Microsoft Teams for outbound notifications, ensuring you easily stay in the loop.
2023-04-20¶
- Boost your productivity by connecting your workflow to the Azure SCM integration.
2023-04-12¶
- Gain greater control over your Software Bill of Materials (SBOM) with the new licenses filter, providing enhanced insights into your projects.
- Take charge of your Findings management with the new support for snoozing findings. Customize snooze duration and provide justifications for more efficient workflow.
2023-04-06¶
- Security Events are findings that may indicate a potential breach. These events require manual review to ensure no malicious activity has occurred.
2023-03-31¶
Single-Commit Pull Requests in CircleCI
- Simplify your development cycle by integrating single-commit pull requests into your CircleCI workflow.
2023-03-30¶
- Elevate your workflow with our GitLab integration. Seamlessly connect BoostSecurity to GitLab for enhanced protection measures, collaboration, and streamlined workflows.
2023-03-24¶
Findings View Enhancements
- Boost your Findings management with bulk suppression capabilities and comprehensive information, including CVE IDs and advisory links.
- Visualize resources in the
Policies > Resources
view with easy-to-identify SCM icons.
2023-03-22¶
Findings View Filters Improvement
- Enjoy a smooth interface with improved findings view filters that collapse inactive filters by default, ensuring a seamless experience.
- Experience better resource management with the introduction of the attributes filter and attribute display in the
Policies > Resources
section. - Additional attributes include repository visibility, language, and origin for customized policies.
2023-03-20¶
- Simplify your access with the GitLab sign-in feature, allowing you to use your GitLab credentials seamlessly.
2023-03-15¶
- Sign in effortlessly using your Bitbucket credentials, streamlining your access to BoostSecurity.
2023-03-14¶
JIRA Auto-Close Feature
- Enhance your JIRA integration with the new auto-close feature, enabling seamless closure of JIRA tickets upon resolution or suppression in code/UI.
2023-03-10¶
- Dive into the world of Azure DevOps with our new extension.
2023-03-09¶
- Empower the analysis of your findings with new EPSS and CVSS score filters, ensuring you focus on what truly matters.
Insight Graph for Violations/Findings
- The insights page provides an all-new graph describing violations and findings per scanner.
2023-02-28¶
- Improve your vulnerability analysis with added visibility into CVE information within your SBOM.
2023-02-23¶
- The improved landing page summarizes important trends in the state of your software's security.
2023-02-22¶
- Integrate BoostSecurity with Bitbucket, unlocking new features, including support for Main and PR flow, PR comments, check failures, and more.
2022-11-10¶
New SCA Scanner Module for Golang
- Introducing a cutting-edge SCA scanner module for Golang, powered by the Nancy scanner.
2022-11-08¶
New SCA Scanner Module for Python
- Improve your Python project security with our new SCA scanner module powered by the safety scanner.
2022-11-04¶
Insight Violations and Findings Statistics
- Insight violations and findings statistics now exclude suppressed findings and violations.
2022-11-03¶
- Improve your package security with support for the npm-audit scanner.
2022-11-02¶
Source Scanning with Checkov Scanner
- Discover enhanced source scanning capabilities with our new Checkov scanner module.
Source Scanning with CodeQL Scanner
- Empower your source code analysis with our new CodeQL scanner module.
2022-11-01¶
New SCA Scanner Module for Ruby
- Improve your Ruby projects with our new SCA scanner module powered by bundler-audit.
2022-10-31¶
- Experience seamless container image analysis with our new scanner module, generating component inventories for container images based on Trivy.
2022-10-28¶
Container Image Scanning with Trivy
- Streamline your container image security with our new scanner module, providing enhanced container image scanning capabilities.
2022-10-21¶
New Source Code Scanner Modules
- Improve your source code analysis with new modules based on Brakeman for Ruby and Gitleaks, ensuring comprehensive security coverage.
2022-10-20¶
- Unlock the potential of Go code security with our new source code scanner powered by Gosec.
2022-10-07¶
Software Build of Materials (SBOM) Service
- Introducing our SBOM service and scanner module to provide comprehensive inventory and vulnerability reporting for repositories.