Fluid Attacks News logo

News

Subscribe to Updates

Labels

  • All Posts
  • Fix
  • Announcement
  • Improvement
  • new

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • July 2019
Product Roadmap
In Review
VEX Support
new
In Progress
Azure integration
new
Container images analysis
new
PHP SAST Suppport
new
Platform redesign
new
CVSS 4.0 in our platform
new
Improvement
2 years ago

Agent Performance Improvement!

We implement a new way to query all the information through the API for the agent; using this improvement, we will get only the locations in a vulnerable state, omitting unnecessary information such as vulnerabilities that are in a safe state or with temporarily accepted, permanently accepted, or zero risk treatment. You will be able to get the same information that this field gives us by running the agent and getting faster reports. You will be able to see this from Monday, April 10th.

Avatar of authorMaria Fernanda Toro
Announcement
2 years ago

Do you know what the Report Technique is? Here we tell you about it!

With the Report Technique, you can see all reported vulnerabilities; what is the percentage distribution of these according to the types of security tests (SAST, DAST, and SCA).

This chart will be helpful to see which type of security test has the highest vulnerability detection sensitivity. Write to us at help@fluidattacks.com if you have questions about this chart or the Analytics section.

Avatar of authorMaria Fernanda Toro
Announcement
2 years ago

Download the lists of authors in your groups whenever you want

In the Authors section of your groups, you can see the lists of authors who have contributed to your repositories. If you need to download any of them at any time, you must select the list and click on the Export button at the top right. It will immediately download to your system as a CSV (comma-separated values) file with all its contents. 

How often do you download this data? Do you find it helpful? Remember that you can give us your opinion in the comments. We invite you not to miss these updates by subscribing to our News channel.

Avatar of authorMaria Fernanda Toro
Improvement
2 years ago

Look at the improvement in this ARM policy!

We are pleased to announce the enhancement of the agent when executing the policy: "DevSecOps: Minimum CVSS 3.1 score of vulnerable spots for the agent to break the build in Strict Mode" where passing the CLI value as an argument in --breaking will take into account the minimum severity value for breaking the build. 

Thanks to this improvement, you can be sure that any value you stipulate will not be higher than the policy; it will be equal to or lower than it, so the agent breaks the build according to the metrics specified in your organization or group, avoiding vulnerabilities with a higher CVSS score from passing the check.

Avatar of authorMaria Fernanda Toro
Improvement
2 years ago

Do you know the agent's help command?

When you run the agent in the container, there are times when you need to remember the parameters that you can use. We invite you to use the following two commands: docker run --rm -ti fluidattacks/forces:new forces --help or docker run --rm -ti fluidattacks/forces:new forces, where you can view the list of parameters that you can use when you run the agent. Thanks to this help, you can quickly see the information you need in one place without entering the documentation. Also note that you will also have the link to the documentation and the email help@fluidattacks.com, in case you need more information or write us if you have any questions or concerns.

Avatar of authorMaria Fernanda Toro
Improvement
2 years ago

Do you know the two new options for deleting a group in the ARM platform?

We are pleased to announce that we have implemented two new reasons when deleting a group in the ARM platform. These are PoC Over and Testing Request Cancelled, having more options when you want to delete a group being more explicit and clear.

You can enter here if you want to know more about it. Your opinion is important to us, so we invite you to comment on this post or write to us at help@fluidattacks.com, with your questions, comments, or suggestions.

Avatar of authorMaria Fernanda Toro
Improvement
2 years ago

Future changes in the parameter of verbosity in the agent.

We are pleased to announce a future improvement in the Forces verbosity parameter, which helps you have better control over the amount of information in the report when executing our agent. This parameter's allowed values will be reduced to -v and -vv. You will be able to use them to include in the report only vulnerabilities that break or could break the build (-v) or all open vulnerabilities (-vv). Such information is relevant and timely to learn which vulnerabilities would affect the release into production. Remember that the two values to be removed will be -vvv and -vvvv, whose function will be replaced by -vv.

Avatar of authorMaria Fernanda Toro
Announcement
2 years ago

Explore the Analytics section at the Organization level of our ARM.

As you know, on the ARM platform, your organization has an Analytics section, which, through charts and indicators, provides you with information related to all the groups belonging to it. 

Thanks to this data, you can be aware of the changes in your vulnerabilities and carry out comparisons that are useful for your decision-making. 

Avatar of authorMaria Fernanda Toro
Announcement
2 years ago

Learn more about the standard we’re applying: CWE

We are excited to announce the security standards we apply in Fluid Attacks. This standard is the Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts. 


You can find this and other standards we apply at Fluid Attacks in the Compliance section of our Documentation. The version used in this section is CWE List v4.10.

Avatar of authorMaria Fernanda Toro
new
2 years ago

Check out the new Update credentials owner notification.

Do you already know what the new Update credential owner notification is about? This notification will notify us when a credential has changed its owner because the one who created it is no longer an active user of the ARM platform since he left the platform for 90 days or no longer has access to the organization. 


Thanks to this reassignment, the existing credential will not be deleted or deactivated, and this will not interrupt tasks such as cloning repositories and accessing inputs that have them.

Avatar of authorMaria Fernanda Toro