Fluid Attacks News logo

News

Subscribe to Updates

Labels

  • All Posts
  • Fix
  • Announcement
  • Improvement
  • new

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • July 2019
Product Roadmap
In Review
VEX Support
new
In Progress
Azure integration
new
Container images analysis
new
PHP SAST Suppport
new
Platform redesign
new
CVSS 4.0 in our platform
new
Improvement
8 months ago

Retain findings in mobile environment updates 🧲

You can now update mobile environments (e.g., .aab, .ipa, and .apk files) without losing the record of reported vulnerabilities. When updating a mobile environment, you will be notified that dynamic findings from the old file will be retained in the newly added one, provided they successfully pass our consistency validations.

Keep in mind that to use this feature (only available for Users and User Managers), you do not have to delete the file you currently have on the platform's Scope section but replace it by selecting the "Add file" option:


Avatar of authordevelopment
Improvementnew
9 months ago

Unwrap new features and enhancements on our platform this August! 🎁

🛠️ Custom fix inside the platform: Currently, Custom fix, our AI-based feature for the generation of guides for vulnerability remediation, is available only in our VS Code extension. However, you will soon have it available from within the Fluid Attacks platform regardless of the code editor or IDE your development team uses.

🔄 Branch or URL update management: When you tried to update a branch or URL corresponding to a repository already under our evaluation, this could mean the alteration and loss of findings reported so far since it was more of a target replacement. Fortunately, you will soon have the option to make updates without deactivating the previous repository and, consequently, without altering the reports obtained, as long as the new root retains the same code base as the previous one.

⚠️ Enhanced vulnerability prioritization: You will soon have the opportunity to define concrete values in the Policies section of the platform for a list of vulnerability prioritization criteria. From this, you will get final values in the "Priority" column for each (type of) vulnerability, which, more tailored to your company's needs and principles than a mere CVSS score, will allow you to determine which security issues should be fixed before others.

🧩 New IDE extension: In the near future, we will add one more IDE plugin to our list of integrations with our platform We are talking about an extension for IntelliJ IDEA, from which you will enjoy the same vulnerability management benefits that we offer for VS Code.

📤 Continuous improvement of EaC: We are currently working on overcoming limitations and making it easier for you to configure and use our .fluidattacks file. This file allows you to exclude reports from our tool's SAST, SCA, and DAST scans with what's commonly known as exceptions as code (EaC).

Avatar of authordevelopment
new
9 months ago

🎉 Exciting news: Fluid Attacks is SOC 2 compliant! 🎉

We are beyond excited to announce that Fluid Attacks' information security practices have been recognized by independent external auditors as meeting the rigorous SOC 2 security trust principle.

SOC 2 is a widely regarded standard developed by the American Institute of Certified Public Accountants (AICPA). It ensures that service providers securely manage data to protect the privacy and interests of their clients.

This significant milestone reflects our ongoing dedication to maintaining the highest standards of security as well as your trust. We understand the critical importance of safeguarding your data and are proud to have our efforts validated by this rigorous standard.

Visit our Trust Center to learn more about our commitment to security.


Avatar of authordevelopment
new
10 months ago

🎊 It's official: The new interface you love is here to stay! 🎊

We've been thrilled with the overwhelmingly positive response to our new platform interface.

That's why, starting today, the toggle switch Feature preview in your user menu will no longer be available to return to the old interface.

By the way, are you ready to master our platform?

Our role-based certifications are waiting for you!

Avatar of authordevelopment
new
10 months ago

Master Fluid Attacks' platform with our free online certifications! 🏅

We're pleased to announce that we've launched three free role-based certifications on how to use our platform efficiently.

Whether you're a Vulnerability Manager, User Manager, or User (usually a software developer), you'll gain sufficient knowledge and skills to leverage Fluid Attacks' platform's full potential for effective vulnerability management and strengthen your cybersecurity posture. We recommend you certify only in the track corresponding to your role within your organization.

Learn to

  • navigate the whole platform,
  • manage your Git repositories,
  • review and prioritize detected vulnerabilities,
  • employ resources to remediate them,
  • define stringent policies,
  • and secure your CI pipelines to deliver safe apps to your customers.

You just need to watch some videos and pass short quizzes in about an hour to earn a Credly badge certifying your proficiency on Fluid Attacks' platform.

Start learning today!

Avatar of authordevelopment
Improvementnew
10 months ago

Fluid Attacks unveils new platform interface 🚀

Get ready to experience Fluid Attacks in a whole new light!

Starting Tuesday, July 2nd, you'll have the option to preview our redesigned platform interface. You'll just have to toggle "Feature preview" on in the dropdown menu at the top right corner:

In this new, minimalist, and more intuitive interface, you'll find the following:

  • A collapsible sidebar as the primary navigation component
  • An Integrations section to manage our platform's connection with plugins and other systems
  • A new "Severity overview" column to see how many vulnerabilities of each CVSS severity range are within each vulnerability type identified in your apps
  • The CVSS score v.4.0. for all your security issues

We invite you to explore the enhanced features and familiarize yourself with the new look —it will soon become our sole interface.

P.S. Soon, a short course will be available to help you become certified in the use of our platform.

Avatar of authordevelopment
Improvementnew
11 months ago

✨Our platform is getting a fresh new look!✨

In this phase of upgrading our platform, we are mainly focused on renewing its appearance. Soon, you will be able to enjoy the following features:

  • A completely new, modern, and minimalist interface with greater visual coherence with our brand that seeks to optimize your experience as a user.
  • A collapsible sidebar for the organization that functions as the primary navigation component, replacing the topbar.

Near the end of the sidebar, you will see the Integrations section, where you can manage our platform's connection with various IDE plugins and bug-tracking systems used by your team.

  • A new column for vulnerability type lists called "Severity overview," which tells you how many vulnerabilities of each CVSS severity range are within each vulnerability type detected.

  • The CVSS score available will be version 4.0.

To learn more about our platform, we invite you to visit our Knowledge Base's Use the platform section.

If you have any questions, please do not hesitate to contact us.

Avatar of authordevelopment
new
11 months ago

🖇️Integration with GitLab

We're excited to announce that Fluid Attacks' platform can now integrate with GitLab! This integration is intended to help ease developers' tasks by allowing them to automatically generate issues for identified vulnerabilities and manage them without leaving GitLab.

To set up and enjoy this integration, please follow the steps you can see in the video below or our Knowledge Base:


Avatar of authordevelopment
new
11 months ago

🖇️Integration with Azure DevOps

We're excited to announce that Fluid Attacks' platform can now integrate with Azure DevOps! This integration is intended to help ease developers' tasks by allowing them to automatically generate issues for detected vulnerabilities and manage them without leaving Azure DevOps.

To set up and enjoy this integration, please follow the steps you can see in the video below or our Knowledge Base:


Avatar of authordevelopment
new
11 months ago

⚙️ Setting Up Fluid Attacks with Jira Cloud 🧑‍💻

Set up the Fluid Attacks app for Jira Cloud to fully take advantage of our powerful integration. Ensure you have the Administer Jira permission. After installing the app, open your Jira project and select Fluid Attacks under the Apps section in the left-hand menu. Follow the setup instructions by entering the Fluid Attacks API token and choosing the appropriate group. Save your settings, then click Back to project to access the Fluid Attacks section. 

Now, you can view and manage reported vulnerabilities directly within Jira. 

Avatar of authorJuliana Mora