You can now update mobile environments (e.g., .aab, .ipa, and .apk files) without losing the record of reported vulnerabilities. When updating a mobile environment, you will be notified that dynamic findings from the old file will be retained in the newly added one, provided they successfully pass our consistency validations.

Keep in mind that to use this feature (only available for Users and User Managers), you do not have to delete the file you currently have on the platform's Scope section but replace it by selecting the "Add file" option:

🛠️ Custom fix inside the platform: Currently, Custom fix, our AI-based feature for the generation of guides for vulnerability remediation, is available only in our VS Code extension. However, you will soon have it available from within the Fluid Attacks platform regardless of the code editor or IDE your development team uses.

🔄 Branch or URL update management: When you tried to update a branch or URL corresponding to a repository already under our evaluation, this could mean the alteration and loss of findings reported so far since it was more of a target replacement. Fortunately, you will soon have the option to make updates without deactivating the previous repository and, consequently, without altering the reports obtained, as long as the new root retains the same code base as the previous one.

⚠️ Enhanced vulnerability prioritization: You will soon have the opportunity to define concrete values in the Policies section of the platform for a list of vulnerability prioritization criteria. From this, you will get final values in the "Priority" column for each (type of) vulnerability, which, more tailored to your company's needs and principles than a mere CVSS score, will allow you to determine which security issues should be fixed before others.

🧩 New IDE extension: In the near future, we will add one more IDE plugin to our list of integrations with our platform We are talking about an extension for IntelliJ IDEA, from which you will enjoy the same vulnerability management benefits that we offer for VS Code.

📤 Continuous improvement of EaC: We are currently working on overcoming limitations and making it easier for you to configure and use our .fluidattacks file. This file allows you to exclude reports from our tool's SAST, SCA, and DAST scans with what's commonly known as exceptions as code (EaC).

We are beyond excited to announce that Fluid Attacks' information security practices have been recognized by independent external auditors as meeting the rigorous SOC 2 security trust principle.

SOC 2 is a widely regarded standard developed by the American Institute of Certified Public Accountants (AICPA). It ensures that service providers securely manage data to protect the privacy and interests of their clients.

This significant milestone reflects our ongoing dedication to maintaining the highest standards of security as well as your trust. We understand the critical importance of safeguarding your data and are proud to have our efforts validated by this rigorous standard.

Visit our Trust Center to learn more about our commitment to security.

We've been thrilled with the overwhelmingly positive response to our new platform interface.

That's why, starting today, the toggle switch Feature preview in your user menu will no longer be available to return to the old interface.

By the way, are you ready to master our platform?

Our role-based certifications are waiting for you!

We're pleased to announce that we've launched three free role-based certifications on how to use our platform efficiently.

Whether you're a Vulnerability Manager, User Manager, or User (usually a software developer), you'll gain sufficient knowledge and skills to leverage Fluid Attacks' platform's full potential for effective vulnerability management and strengthen your cybersecurity posture. We recommend you certify only in the track corresponding to your role within your organization.

Learn to

• navigate the whole platform,
• manage your Git repositories,
• review and prioritize detected vulnerabilities,
• employ resources to remediate them,
• define stringent policies,
• and secure your CI pipelines to deliver safe apps to your customers.

You just need to watch some videos and pass short quizzes in about an hour to earn a Credly badge certifying your proficiency on Fluid Attacks' platform.

Start learning today!

Get ready to experience Fluid Attacks in a whole new light!

Starting Tuesday, July 2nd, you'll have the option to preview our redesigned platform interface. You'll just have to toggle "Feature preview" on in the dropdown menu at the top right corner:

In this new, minimalist, and more intuitive interface, you'll find the following:

• A collapsible sidebar as the primary navigation component
• An Integrations section to manage our platform's connection with plugins and other systems
• A new "Severity overview" column to see how many vulnerabilities of each CVSS severity range are within each vulnerability type identified in your apps
• The CVSS score v.4.0. for all your security issues

We invite you to explore the enhanced features and familiarize yourself with the new look —it will soon become our sole interface.

P.S. Soon, a short course will be available to help you become certified in the use of our platform.

In this phase of upgrading our platform, we are mainly focused on renewing its appearance. Soon, you will be able to enjoy the following features:

• A completely new, modern, and minimalist interface with greater visual coherence with our brand that seeks to optimize your experience as a user.
• A collapsible sidebar for the organization that functions as the primary navigation component, replacing the topbar.

Near the end of the sidebar, you will see the Integrations section, where you can manage our platform's connection with various IDE plugins and bug-tracking systems used by your team.

• A new column for vulnerability type lists called "Severity overview," which tells you how many vulnerabilities of each CVSS severity range are within each vulnerability type detected.

• The CVSS score available will be version 4.0.

To learn more about our platform, we invite you to visit our Knowledge Base's Use the platform section.

If you have any questions, please do not hesitate to contact us.

We're excited to announce that Fluid Attacks' platform can now integrate with GitLab! This integration is intended to help ease developers' tasks by allowing them to automatically generate issues for identified vulnerabilities and manage them without leaving GitLab.

To set up and enjoy this integration, please follow the steps you can see in the video below or our Knowledge Base:

We're excited to announce that Fluid Attacks' platform can now integrate with Azure DevOps! This integration is intended to help ease developers' tasks by allowing them to automatically generate issues for detected vulnerabilities and manage them without leaving Azure DevOps.

To set up and enjoy this integration, please follow the steps you can see in the video below or our Knowledge Base:

Set up the Fluid Attacks app for Jira Cloud to fully take advantage of our powerful integration. Ensure you have the Administer Jira permission. After installing the app, open your Jira project and select Fluid Attacks under the Apps section in the left-hand menu. Follow the setup instructions by entering the Fluid Attacks API token and choosing the appropriate group. Save your settings, then click Back to project to access the Fluid Attacks section. 

Now, you can view and manage reported vulnerabilities directly within Jira.