✨Make your voice heard in the AppSec world!✨

Share your thoughts on Fluid Attacks' solution on Gartner Peer Insights and get a $25 gift card! It will only take 10-15 minutes to help shape the future of the application security industry.

Implemented

We keep improving our information about your supply chain and the corresponding inherited vulnerabilities. When you open the details of one of your vulnerable third-party components, you can see the following:

🧭 Direct or transitive dependency: In the Type column, you can find out whether the listed vulnerable files of your software are directly or indirectly related to the third-party component in question. In other words, we show you for every affected element if it has a direct ("D") or a transitive dependency ("T," i.e., with at least an intermediate package) on the detailed third-party component. In cases where it is impossible to determine the type of dependency, you see an interrogation sign ("?").

🚉 Development or production dependency: In the Environment column, we show you "Build" when your software’s vulnerable files depend on the third-party component only in the software development stage and "Run" when it is in the live production environment.

Squashed bugs

✔️ Reports of removed environments: In projects where users removed URLs from environments under assessment, vulnerability reports associated with those environments were sometimes still being delivered when they should not have been.

✔️ Failure to load/retrieve information in the VSC plugin: Some users were experiencing difficulties when using our VS Code extension for the first time. The extension failed to load or retrieve any information, displaying no relevant errors.

Promised but not implemented yet / Upcoming

⛳️ Prioritized vulnerabilities table: The platform's section showing the top 50 vulnerabilities ranked by Priority score for each of your groups will appear on January 30, two weeks after the scheduled deadline. We apologize for the delay.