What happened

• From 7:38 AM to 2:17 PM most of the findings in the projects were not loading, when they were accesed the screen appeared blank.
• The above happened after enabling the functionality that allows users to add a BTS (Bug Tracking System) URL for any treatment (previously it was only possible for the treatment “In progress”).
• Previously, when a finding treatment was changed, a Null value was stored in the database in the BTS URL attribute. When the previous change was enabled, the frontend tried to convert to string a Null value, resulting in an error.

What we have done

• We implement a workaround to solve the error temporarily, parsing the Null value from the database to an empty string.
• We remove all Null values in the database and improve the source code in order to prevent the insertion of new Null values.

What is the impact

The majority of findings (approximately 80%) in the projects were inaccessible during the period initially described.

What we are doing to help

We are improving the data structure that is stored in the database and preparing the frontend to recover more easily to the errors generated by the data provided by the backend.

What happened

From 6:11AM to 8:05AM users could not log in to the platform due to authentication issues.
A quick fix was implemented, but we experienced issues when trying to deploy it. The issues were related to:

• The cluster losing one of its nodes and thus not having enough compute power to run the deployment pipeline.
• Integrates previous deployment being stuck due to hard limit policies.

What we have done

We have:

• Re-deployed Integrates in our cluster with the proper fix to the specific issue.
• Increased the number of nodes in our Kubernetes cluster to improve performance.
• Improved Integrates’s deploying rules to avoid future deployment errors

What is the impact

Failed login attempts to Integrates from 6:11AM to 8:05AM that resulted in users getting an error message saying that they did not have authorization to access the platform. 38 users were affected by this at the most.

What we are doing to help

We are improving our cluster’s capabilities of recovering from undesired states.

In the coming days, we will release a new feature that will allow analysts to report new findings directly on Integrates using the “New Draft” button:

When you button click on the button, a pop-up will emerge, requesting the title of the finding:

The title will be automatically filled out with the finding's name when you enter text in the field:

When you click on the “Proceed” button, a new draft will appear and some fields will be filled out, based on the standardization sheet of the finding.

The new draft can be found in the “Drafts” table:

At this point, all the finding’s tabs are ready to be filled out, and a new “Submit” button will be available:

When the finding is ready to be reviewed, you must click the “Submit” button. This will email the Project Manager and Reviewers, who will check the finding following the same process as before:

Some observations:

• You cannot submit a draft if it does not have evidence, severity, or vulnerabilities.
• Only the author of the draft can submit it and make changes to a non-submitted draft.

Hello everyone,

In the last days we’ve been considering the possibility of adding Sonar to the CI pipelines of our public repositories. Yesterday we managed to run the first set of analysis that can be seen here:

https://sonarcloud.io/organizations/fluidattacks/projects

Soon, we will start integrating this process to our CI’s in order to be able to:

1. Break the build with Sonar.
2. Get Sonar reports on both Gitlab and SonarCloud.
3. Guarantee that our code follows best practices.

Greetings!