Implemented

⚠️ Date limit on calendar for vulnerability acceptance: Whenever you enter a date earlier than the current day or that exceeds the number of days allowed by your organization's temporary vulnerability acceptance policy, you will see a message reminding you of the permitted range.

📃 Improved downloadable SBOMs: The SBOMs you can export from our platform in CycloneDX and SPDX formats now have new information. Beyond the default fields, you can now see, for each third-party component: its location, the latest version, and the time since that release. In case of associated security issues, you can see: the affected version, CVEs, their severity, and EPSS.

✅ New webhooks: We have added a couple of webhooks that will notify you when an event or a vulnerability has been closed within one of your groups.

🎯 More accurate and eye-catching event reports: The events reported were only associated with roots. We now make these reports more precise by indicating which specific environments are affected by those events. Additionally, we have improved the presentation tables of roots and environments with visual elements that contribute to prioritizing the resolution of open events.

Upcoming

📡 Reachability analysis: We'll add a new feature to our automated tool to better understand the impact of vulnerabilities in your software supply chain. The reachability module will analyze the components and dependencies listed in the Supply chain section and determine if any reported vulnerabilities actually pose a risk to your application. Since vulnerabilities often only become a threat when specific functionalities are used in your code, this analysis will help you prioritize which issues need immediate attention.

⏩ From CVSS 3.1 to CVSS 4.0: Mark your calendars! From April 4, 2025, we'll only use CVSS v4.0 for all vulnerability reports. This change implies that the toggle switch for CVSS v3.1 will be removed, and all our platform's resources, including the CI Agent for breaking the build, will work merely according to the new CVSS version. The final step of this transition will be completed on October 4, 2025, when the API is fully updated.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link!