What's new with Fluid Attacks 🌟
Implemented
↔️ One image for each technique: To optimize the speed of our scans, both locally and in CI/CD pipelines, we decided to separate our tools, that is, to create a Docker image for each of our techniques. Each new image now displays CVSS 4.0 scores, and the SCA image provides details about the packages being evaluated, including the EPSS, the type of dependency, and the package version. On November 1, we will deprecate the current Docker image; therefore, we recommend that you initiate the transition soon.
⚠️ Improvements to the table of vulnerabilities: Above the table of vulnerabilities, you can now see a summary for each of your groups, including the number of weaknesses and vulnerabilities we have identified, how many of them you have already remediated, how many you can fix with the help of our GenAI, and how much risk exposure that group poses to your organization, among other things. Additionally, after right-clicking on each weakness in the table, you can open a new tab that will show all the vulnerabilities associated with it.
👩🏽🔧 Fixing support for all prioritized languages: Our GenAI features, Autofix and Custom Fix, now can work for all our prioritized supported languages.
🔧 Enhancements to Custom Fix from the platform: We have optimized the way we offer and present these AI-based vulnerability remediation guides to make your experience easier and more enjoyable.
🌳 Renewed IDE extension: Fluid Attacks' plugin for IntelliJ now supports the new version of this IDE.
❌ Zero risk notification: We introduced a new webhook event that notifies you when a vulnerability in your reports is marked as a true false positive (aka “true zero risk”).
Squashed bugs
✔️ Custom Fix broken: The Get Custom Fix button in our Visual Studio Code extension for generating vulnerability remediation guides was not working correctly.
✔️ Faulty root filter: The search bar in the Git Roots table did not filter when URL elements were entered into it.
✔️ Blank screen: In some cases, the platform ended up loading a blank screen instead of the expected content.
Promised but not implemented yet / Upcoming
🌿 Enhancements to our IntelliJ integration: Pending improvements for this IDE plugin include integrating it with our Autofix and Custom Fix remediation support, and allowing users to view descriptions of their vulnerabilities and be directed to our platform from there.
💯 New priority score: Several errors were identified that need to be corrected in the current mathematical model for this score. The new version of the priority model will be based on CVSS, but will incorporate additional criteria such as CVSSF, fixing cost, dependency usage (in build or runtime), transitivity, EPSS, KEV, and reachability. We will remove criteria related to the importance of the repository, detection technique, attack vector, and location impact.
Autofix for SCA results: We will begin enabling this automatic remediation option for vulnerabilities found through SCA. Specifically, for those flaws that, in line with Semantic Versioning (SemVer), represent only "minor" changes or updates.
🤖 Autofix filter: In the table of vulnerabilities, you will be able to easily filter security issues that have the automated remediation option provided by GenAI available.
✨Have 10-15 minutes to spare?✨
Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Now, you can also do it in Spanish: