✨Make your voice heard in the AppSec world!✨

Share your thoughts on Fluid Attacks' solution on Gartner Peer Insights and get a $25 gift card! It will only take 10-15 minutes to help shape the future of the application security industry.

Implemented

📡 Reachability analysis: We've added a new feature to our automated tool to better understand the impact of vulnerabilities in your software supply chain. The reachability module analyzes the dependencies listed in the Supply chain section and determines if any reported security issue is actually a vulnerability that could be exploited in your apps. This analysis will help you prioritize which issues need immediate attention. For more information, see our previous announcement.

🔬 Docker image scanning and SBOM: No matter where you store your Docker images, our tool can scan them for security risks. As long as your registry supports standard authentication (username and password), you can easily import your images. Simply provide the registry URL and credentials, and our platform will report a detailed software bill of materials (SBOM) for each image in the Supply chain section, highlighting any known security issues.

🧾 Vulnerability closing reasons: There are different reasons why vulnerabilities we report to our clients are considered resolved or "closed." Sometimes, we say a vulnerability was closed because our hackers or tool reevaluated it and determined its remediation was successful. In other cases, it may be due to moves, deactivation, or removal of environments or roots where they were detected. For these or other reasons, from now on, you can be aware of them in the Details and Tracking of each vulnerability location. In addition, in the Analytics section of your groups, you have a chart that shows the percentage distribution for these reasons.

🎯 More accurate and eye-catching event reports: The events reported were only associated with roots. We now make these reports more precise by indicating which specific environments are affected by those events. Additionally, we have improved the presentation tables of roots and environments with visual elements that contribute to prioritizing the resolution of open events. The most recent implementation is a pop-up window that allows you to view and manage your environments' secrets when clicking on the corresponding link in the Secrets column.

📃 Improved SBOMs: As part of a continuous improvement of our SBOMs to be reported in the Supply chain section, we recently introduced to our tool the ability to discover dependencies on Go, specifically go.mod.

✅ Expanded permissions for Events tab: We have granted User Managers and Vulnerability Managers access to the Events tab on our platform's To-do list. This will give them a holistic view, allowing them to manage and respond to events effectively, especially when supervising multiple groups.

🫱🏻‍🫲🏼 From MPT to PTaaS: Everything corresponding to the MPT (manual pentesting) evaluation technique is now labeled PTaaS (pentesting as a service) on the platform.