Implemented

🔄 Legacy filters: We are currently adding legacy filters in the Vulnerabilities section to align with attributes from the Locations section. The filters already implemented correspond to vulnerability locations and techniques with which we detect them. So, for example, from the first section, if you select the DAST option in the Technique filter, you will see all types of vulnerabilities that have at least one case identified using DAST. Consequently, when you access one of these types, the Locations section will display only those vulnerabilities detected with DAST.

🚯 Prevent file deletion: We have implemented a restriction to prevent the deletion of application files linked to specific environments. This allows us to avoid these environments from running out of valid files and becoming unmanageable. In cases where you want to delete files, you must delete the entire environment.

⛓️ Supply chain section: This new section shows your application's affected and unaffected third-party components and dependencies. Because some may pose a risk to your company while others may not, we decided to separate these elements and security issues from the rest of the findings to make it easier to prioritize them for treatment. Currently, you can view them as a complete list or filter them by repository under evaluation.

Upcoming

🔬 Docker image scanning: Very soon, our automated tool will be able to scan your Docker images. It will not only list the dependencies within the images but also notify the existing security issues, all in our new Supply chain section.

🧩 Enhanced IntelliJ extension: We recently implemented our IntelliJ IDEA plugin and are improving some of its features. Now, we are establishing links so developers can go from the IDE to the platform to view certain findings or receive descriptions of and remediation suggestions for vulnerabilities in IntelliJ.

⏩ From CVSS 3.1 to CVSS 4.0: Mark your calendars! From April 4, 2025, we'll exclusively use CVSS v4.0 for all vulnerability reports in the platform. This change implies that the toggle switch for CVSS v3.1 will be removed, and all our platform's resources, including the CI Agent for breaking the build, will work only according to this new CVSS version. The final stage of this transition will wrap up on October 4, 2025, when the API is fully updated.