Implemented

🔧 Smarter package update recommendations: We used to show you a single fix per package. Now you get three options so you can pick the right trade-off for your situation:

• Minimal fix: Patches the reported vulnerable part but may introduce new vulnerabilities.
• Safe update: Patches the vulnerable part without introducing new ones.
• Complete fix: Is the closest version that is entirely free of known vulnerabilities.

This works for both direct and transitive dependencies. For the latter, we show you which direct package pulls in the vulnerable dependency, along with the three remediation versions regarding the transitive dependency, so all you need to do is verify parent compatibility or bump it to the minimum supported version.

Need help understanding this and other features we're bringing? Meet with our Education Specialists for guidance.

✨ Already enjoying AI SAST? Our AI-powered scanner is already finding critical vulnerabilities in groups subscribed to the Advanced plan, with over 90% precision. It does multi-file analysis and works for all our supported languages. Now is the time to update to this plan and start getting those reports!

🤖 Remember to use our Peer Reviewer Assistant: Get it now to comment on GitLab or Azure DevOps merge/pull requests, right on the lines that need attention. This way your team can quickly understand how secure your contribution is. Also, if your team requires all comments to be resolved before merging, it becomes a security gate. 

📦 New package managers supported: We added support for CocoaPods (Podfile parser), Bun, and RubyGems (.gemspec).

🧭 CI Gate setup moved to DevSecOps: The CI Gate token management and installation guide have been relocated from Scope to DevSecOps.

📱 MAST technique in the platform: Findings in mobile apps that were previously marked as 'DAST' are now reported as 'MAST'.

🎨 Severity icons in IntelliJ sidebar (IDE plugin): The IntelliJ plugin sidebar now shows severity icons next to the name of reported weaknesses, so you can compare them more easily.

🔐 More login options for docs and DB: You can now sign in to these websites with Google, Microsoft, LinkedIn, and Bitbucket.

Upcoming

🛠️ New package update options in your IDE: The three fix options we just shipped on the platform will soon be available directly from your IDE.

📚 Embedded library excluded: Our SCA scans depend on libraries being versioned through package managers. If a library's source code is embedded directly in your codebase (i.e., copy-pasted rather than installed as a dependency), it falls outside SCA's detection scope. We'll be reaching out to affected clients to coordinate the necessary adjustments.

Upcoming deprecations

🐳 Docker image scanning: Read the rationale here.

Key info:

• Final deprecation date: March 31
• No action required.

☁️ CSPM (AWS, Azure, GCP): Read the rationale here.

Key info:

• Final deprecation date: March 31
• No action required.

📱 Move now from APK to MAST image: Read the rationale here.

Key info:

• Final deprecation date: April 30
• Use MAST image instead of APK image.

⚠️Fluid Attacks call notice⚠️

Our sales team may be calling your team members to offer them onboarding and adoption of new features on our platform. This is a reliable procedure in which we will never seek to discuss your software's vulnerabilities. However, if you have any questions, please contact us at help@fluidattacks.com.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Remember your review can also be in Spanish.