Fluid Attacks News logo

News

Subscribe to Updates

Labels

  • All Posts
  • Fix
  • Announcement
  • Improvement
  • new

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • July 2019
Improvementnew
6 months ago

See what's new at Fluid Attacks! 🥁

​​​​

✨Make your voice heard in the AppSec world!✨

Share your thoughts on Fluid Attacks' solution on Gartner Peer Insights and get a $25 gift card! It will only take 10-15 minutes to help shape the future of the application security industry.

Implemented

📈 Custom vulnerability prioritization: In the Policies section of the platform, you have the Priority option to choose different criteria for prioritizing vulnerabilities. These criteria range from attack vectors and vulnerability exploitability to the various impacts that your systems could receive in a cyberattack. Each criterion can be rated according to its importance for your company, and this will be reflected in the values shown for each vulnerability reported in the new "Priority" column. This will allow your teams to promptly address the most significant risks.

⛓️ Supply chain section: This section shows your application's affected and unaffected third-party components and dependencies. Because some may pose a risk to your company while others may not, we decided to separate these elements and security issues from the rest of the findings to make it easier to prioritize them for treatment. Currently, you can view them as a complete list or filter them by repository under evaluation.

🔬 Docker image scanning and SBOM: No matter where you store your Docker images, our tool can scan them for security risks. As long as your registry supports standard authentication (username and password), you can easily import your images. Simply provide the registry URL and credentials, and our platform will report a detailed software bill of materials (SBOM) for each image in the Supply chain section, highlighting any known security issues.

☁️ CSPM environment role status: We recently implemented alerts for those cases where users revoke or delete access roles in the cloud (e.g., STS in AWS), roles that allow us to request tokens to scan their infrastructure resources with CSPM. Not having these alerts could mean mostly incomplete or delayed vulnerability scans. Now, for each CSPM environment within the Scope section that presents this problem, you will see the message “Role status: Error”.

Upcoming

📡 Reachability analysis: We'll soon implement a reachability module in our automated tool. It will analyze the components and dependencies we currently report to you in the Supply chain section to confirm whether their vulnerabilities are putting your application at risk. This is because many times vulnerabilities only pose risks when specific functions of such components or dependencies are used in your code. Therefore, this feature will significantly contribute to your prioritization of vulnerability remediation in third-party software.

⏩ From CVSS 3.1 to CVSS 4.0: Mark your calendars! From April 4, 2025, we'll exclusively use CVSS v4.0 for all vulnerability reports in the platform. This change implies that the toggle switch for CVSS v3.1 will be removed, and all our platform's resources, including the CI Agent for breaking the build, will work only according to this new CVSS version. The final stage of this transition will wrap up on October 4, 2025, when the API is fully updated.

Avatar of authordevelopment