What's new with Fluid Attacks 🤩
Implemented
Improved AI SAST scanner: We have expanded the scope of our AI SAST to cover more types of vulnerabilities (weaknesses) for which automation was not previously possible without introducing false positives:
- Privilege escalation
- Improper authorization control for web services
- NoSQL injection
This improvement allows us to further reduce the time it takes to detect vulnerabilities.
🔎 Secret scanning: We have implemented and are optimizing a new secret scanner. On the platform, you can view vulnerabilities reported using this technique by applying the "SS" filter (see our database as well).
✌🏼 Enhanced IDE plugins: First, we've enabled SCA Autofix. Support is available for JavaScript and Python, and their following package managers: npm, Yarn, Bun, pip, Poetry, Pipenv, and uv.
Second, we've standardized the features across VS Code and IntelliJ, so you can now perform the same actions in both IDEs.
🎯 Accuracy SLAs in ASPM: We have enabled the display of accuracy SLAs on the platform. Specifically, in your organization's view, you can track our progress toward meeting these SLAs.
⚙️ New sub-processor: As part of our commitment to transparency in customer data management, we would like to inform you that we have engaged Refiner as a sub-processor. For a full picture, visit our Trust Center.
Upcoming
🔡 Support for new languages: Elixir and Rust.
🚁 Peer Reviewer Assistant on GitHub.
🌳 SCA: We are working on supporting language runtimes for vulnerability detection.
⚠️Fluid Attacks call notice⚠️
Our education specialists may call your team members to provide onboarding and adoption support for new platform features. This is a reliable procedure in which we will never seek to discuss your software's vulnerabilities. However, if you have any questions, please contact us at help@fluidattacks.com.
✨Have 10-15 minutes to spare?✨
Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Remember, your review can also be in Spanish.