In the coming days, we will release a new feature that will allow analysts to report new findings directly on Integrates using the “New Draft” button:

When you button click on the button, a pop-up will emerge, requesting the title of the finding:

The title will be automatically filled out with the finding's name when you enter text in the field:

When you click on the “Proceed” button, a new draft will appear and some fields will be filled out, based on the standardization sheet of the finding.

The new draft can be found in the “Drafts” table:

At this point, all the finding’s tabs are ready to be filled out, and a new “Submit” button will be available:

When the finding is ready to be reviewed, you must click the “Submit” button. This will email the Project Manager and Reviewers, who will check the finding following the same process as before:

Some observations:

• You cannot submit a draft if it does not have evidence, severity, or vulnerabilities.
• Only the author of the draft can submit it and make changes to a non-submitted draft.

Hello everyone,

In the last days we’ve been considering the possibility of adding Sonar to the CI pipelines of our public repositories. Yesterday we managed to run the first set of analysis that can be seen here:

https://sonarcloud.io/organizations/fluidattacks/projects

Soon, we will start integrating this process to our CI’s in order to be able to:

1. Break the build with Sonar.
2. Get Sonar reports on both Gitlab and SonarCloud.
3. Guarantee that our code follows best practices.

Greetings!