Added separate project lists in the SCA, TQI and Secrets modules
Added support for the Conda ecosystem
Added editing of container image dependencies for SBoM export
Added multiple selection of projects and images in the creation of Policy Ignore
Added the ability to specify a policy stage when creating a CLI project
Added the ability to filter lists in the Vulnerabilities, Policy Alerts and Projects sections by multiple Severity, Policy and Technology values
Added saving and displaying SBoM editing in the audit log
Added displaying the name of CLI projects in the audit log
Added filter by image tag to Container Images section
Added dates of first and last SCA scan to projects list
Implemented ability to add projects to existing groups via API, interface and console agent options for users with active flag *Can create CLI projects via API *
The full display of the secret in the section has been moved to a separate Secrets window
Updated translation into Russian
Added validation of API token update
Changed the format of the recommendation field in the SBoM CycloneDX format export to correctly handle cases where a vulnerability affects several versions of the same library
Fixed an error creating a task in Jira when a policy is triggered
Fixed an error filtering by status in Policy Alerts section when resetting filters
URL input errors are now shown after input is complete
Added the ability to send webhooks for key events in the system
Added the ability for the admin user to specify values for the SBoM fields GOST:attack_surface, GOST:security_function and links to VCS, the values will be taken into account when unloading SBoM in the CycloneDX 1.6 Ext format
Updated display of matched criteria in alerts
Added the ability to display the Source files column in the Vulnerabilities section table and in the Affected dependencies table on the vulnerability page
Added hints for the user in the policy creation and editing form
Added links from the project scan results page to the project settings page and back
Improved link typification in the externalReferences section when unloading SBoM in CycloneDX
Accelerated loading of the license distribution graph
Changed the technology distribution graph on the main page of the system and on the SCA tab for VCS projects, the calculation is based on the project dependency technologies based on the results of compositional analysis
Fixed the logic of policies when combining several conditions for the environment (env) of a dependency
Fixed import of SBoM files in CycloneDX format containing information in the components[i].evidence.identity fields
Fixed translations into Russian for numerals and some dictionaries of the system
In emails with alert notifications, the vulnerability identifier is now a hyperlink
Added beta version of interface localization into Russian, language switching is available on the user profile page
Added support for CycloneDX 1.6 specification for SBoM import and export
Added export into CycloneDX 1.6 Ext format with the addition of the fields GOST:source_lang, GOST:attack_surface and GOST:security_function to comply with FSTEC of Russia requirements. The fields are filled with the default value
For new SCA analysis results, the ability to select the CycloneDX version when downloading SBoM has been added
Improved SBoM export into all CycloneDX versions: added information about the scanned application to metadata->component, added information about the installation version to metadata->tools, updated the outdated format for indicating the authorship of components for CycloneDX versions 1.5 and 1.6, fixed the format of the component license. Changes are available for new SCA analysis results
Added “Dangerous package” classification and corresponding policy for OSA module. Packages with known Malware and certain types of CWE in vulnerabilities are marked as dangerous
Added additional dates to the package view page in the OSA module: dates of the first and last request to the package, date of the last policy calculation, and date of updating information on the package
Added the Source files value to the vulnerability dump in the Vulnerabilities section
Added policy conditions for case-sensitive search of a string in the package name contains (case sensitive), and changed the names of case-insensitive conditions from icontains to contains (case insensitive)
Added the Has vulnerabilities filter and a column with the number of vulnerabilities when viewing the list in the Components and Container images sections of the OSA module
Added the ability to run mass analysis of secrets in Workmode
Added processing of the new manifest type application/vnd.docker.distribution.manifest.list.v2+json when analyzing container images
Added a table with projects that use the component to the component view page in the OSA module
Added a new template %USER_DN% for the filter by groups when configuring LDAP
Added the ability to start a package analysis from its page in the Components section
Added a notification about the expiration of the activation key
Fixed key columns in tables during horizontal scrolling
Implemented a periodic restart of background tasks to optimize memory consumption
Stabilized the launch time of scheduled analyzes
Optimized updating of information on the secrets list page when marking up results
Fixed errors in the behavior of some lists with multiple selection
Fixed the display of user group records in the LDAP integration diagnostics section
Fixed loading a list of container images from registries if metadata on some images could not be obtained
Fixed errors in the operation of filters in the Secrets section table
Fixed an error when trying to filter dependencies by License Category = N/A
Fixed display of paginators on the SCA and TQI tabs on the project page
Changed the configuration of connection pools to PostgreSQL. To optimize the memory consumption of the installation, a division of connections to Postgres into connections through connection pools operating in session and transaction mode has been implemented. If the system is installed via docker compose, it is necessary to update the docker-compose.yml file. When using custom connection pool configurations, please consult with the support service on the update process.
Running CodeScoring no longer requires superuser rights inside the container. Instructions for migrating from root containers to rootless are available from the vendor
Added project dependency graphs (link is on the project page)
Added option to disable hash collection during SCA on installation
Added Index API response cache for OSA (by default from 1 hour to 1.5 hours, configured through environment variables)
Added information about restrictions on using OSSIndex
Launch of mass SCA is now logged in Audit log
Swagger no longer requires internet
Changed the path to the statics from the backend (you need to fix docker-compose.yaml)
Fixed a bug due to which in packages of the same name (with different versions) located in different manifests, information about the file in which the package was found was incorrectly displayed