✨Make your voice heard in the AppSec world!✨

Share your thoughts on Fluid Attacks' solution on Gartner Peer Insights and get a $25 gift card! It will only take 10-15 minutes to help shape the future of the application security industry.

Implemented

👌🏼 Centralized report download: Say goodbye to download dilemmas! We've created a special section on our platform for all downloadable content. Simply click the new "Downloads" button in the top right corner to view everything you've downloaded in the past 12 hours. This handy menu lets you monitor download progress and quickly redownload any required files, such as vulnerability and compliance reports, SBOMs, analytics, and more.

💥 Reachability as a prioritization criterion: As you have noticed, the "Reachable" tag is visible in the Supply chain section for vulnerabilities in your direct dependencies that can be exploited. Now, recognizing the importance of this information for your vulnerability remediation prioritization, we've introduced reachability as a prioritization criterion you can select, among others, within the Priority section of your organization's Policies on the platform.

📊 EPSS percentage column: We've added a column to the main table in the Supply chain section that shows the EPSS percentage (Exploit Prediction Scoring System). This value estimates the probability of a vulnerability in your direct dependencies being exploited. A higher percentage signifies a greater risk of exploitation. The EPSS score is intended to aid your teams in prioritizing vulnerability remediation.

Upcoming

By December 10 at the latest

⛳ Prioritized vulnerabilities table: Enhance your vulnerability management with our forthcoming prioritization feature! Each group will soon have a dedicated section showcasing the top 50 vulnerabilities ranked by priority score. This section will include details such as location, assigned team members, treatment status, and reporting date. This streamlined overview will empower your team to rapidly identify and address the most critical issues, ensuring their remediation efforts align with your organization's policies.

🦠 Malware in dependencies: In the next few days, we will report in the Supply chain section which of your software's dependencies are malicious packages published in open-source package repositories.

🔢 Vulnerabilities per dependency: Soon, you will be able to see in the table of the Supply chain section the number of vulnerabilities that we have recognized in each of your security-affected dependencies.

🧩 Overhauled Jira integration: We will improve the integration of our platform with the bug-tracking system Jira so that you can smoothly and efficiently manage our reports from there. In other words, we will give you greater compatibility with the tools within the Jira ecosystem so that you can keep your security posture management centralized.

Squashed bugs

✔️ Inconsistencies in root registration: First, a repository in a group could have several active branches when, in fact, it should only have one. Second, an active branch associated with a repository could appear in several groups of an organization when, in fact, this association should only appear in one group.

✔️ Issues with free trial accounts and groups: First, some user accounts and groups associated with the free trial were not deleted at the end of the trial when this should happen automatically unless an extension is requested. Second, if the account used remained active on our platform indefinitely, no other user of the same domain could start the free trial. Third, users who had already completed the free trial could re-access the auto-enrollment but not complete it when they really should not have access to it again.

✔️ Wrong status for reported findings: For a specific group on our platform, some identified vulnerabilities appeared in the reporting table of the Vulnerabilities section with the status “Draft” when, in fact, they should have been shown as “Vulnerable.”