Implemented

📡 Reachability analysis: To better understand the impact of vulnerabilities in your software supply chain, we've added a new reachability analysis feature to our automated tool. This module examines the direct dependencies listed in the Supply chain section to determine if any reported security issue is actually exploitable in your applications. This analysis will help you prioritize vulnerabilities that need immediate attention. For more details, read our post Prioritize vulnerability remediation with Reachability!

📈 Custom vulnerability prioritization: Within the platform's Policies section, you'll find the Priority feature. This allows you to select various factors for ranking vulnerabilities. These factors include how a vulnerability might be exploited, how easily it can be attacked, and the potential consequences for your systems in the event of a cyberattack. You can assign weights to each factor based on your organization's specific needs. These weights will then determine the values displayed in the Priority column for each identified vulnerability. This empowers your teams to swiftly tackle the most critical threats. For more information, read Manage fix prioritization policies.

🎯 More accurate and eye-catching event reports: The events reported were only associated with roots. We now make these reports more precise by indicating which specific environments are affected by those events. Additionally, we have improved the presentation tables of roots and environments with visual elements that contribute to prioritizing the resolution of open events. The most recent feature is that you can now see information about all your registered Docker images in the Environments table.

Upcoming

🧩 Overhauled Jira integration: We will improve the integration of our platform with the bug-tracking system Jira so that you can smoothly and efficiently manage our reports from there. In other words, we will give you greater compatibility with the tools within the Jira ecosystem so that you can keep your security posture management centralized.

👌🏼 Centralized report download: We have already implemented the "Downloads" button on the right side of the platform's top bar. This button will soon open a menu where you will see the download history of the last 24 hours. From this site, you will also be able to know the status of your downloads or redo them if necessary.

🔄 From Issues Identified to Vulnerable: Currently, within the inventory of dependencies that we offer you in the Supply chain section, those components at security risk have the label "Issues Identified." Soon, this will be changed to "Vulnerable," making it clearer that there are vulnerabilities there. However, remember that when we are certain that these are exploitable, we add the label "Reachable."

📊 EPSS percentage column: In the main table of the Supply chain section, we will implement a column with the EPSS (Exploit Prediction Scoring System) percentage. As its name suggests, this value gives you the probability of exploitation for the vulnerabilities present in your direct dependencies. The higher the percentage, the higher the probability. The EPSS is intended to contribute to vulnerability remediation prioritization.

💥 Reachability as a prioritization criterion: While the "Reachable" tag is already displayed in the Supply chain section for the vulnerabilities we have confirmed are exploitable, it is not currently a factor in their prioritization for remediation. Considering the relevance of reachability for this process, we will soon include it as a prioritization criterion to be chosen in the Priority section of your organization's policies in the platform.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link!