Implemented and upcoming improvements on our platform! 🎉
Implemented improvements
📈 Custom vulnerability prioritization: In the Policies section of the platform, you have the Priority option to choose different criteria for prioritizing vulnerabilities. These criteria range from attack vectors and vulnerability exploitability to the various impacts that your systems could receive in an attack. Each criterion can be rated according to its importance for your company, and this will be reflected in the values shown for each vulnerability reported in the new "Priority" column. This will allow your teams to promptly address the most significant risks.
⛓️ Supply chain security section: In the Supply chain section, you can see all those security issues associated with third-party software components and dependencies in your apps. These problems were separated from the other vulnerabilities because they often generated noise in the reports and made it difficult to prioritize them. Currently, you have two ways to view these component listings: (a) the complete list and (b) the list where you can separate packages by root or repository under assessment.
🔄 Transition from CVSS 3.1 to CVSS 4.0: We remind you that the toggle to switch from viewing your vulnerability data according to CVSS 3.1 to CVSS 4.0 is available for each of your groups within the platform (the latter is the default option). Remember that you can still run our CI Agent in both versions, but the data in the Analytics sections only appears in CVSS 4.0. We hope you become increasingly familiar with this transition, which we will try to finish soon.
Upcoming improvements
🧩 IntelliJ IDEA plugin: Very soon, you will have enabled our extension for IntelliJ IDEA, which will be available to all developers who use this IDE to manage vulnerabilities (including our GenAI support) reported by our tool and hacking team.