Implemented

🤖 Added "Fix with AI" filter: Now you can prioritize the assignment and remediation of vulnerabilities based on the availability of AI-generated fixes. Within the Vulnerabilities table for each of your groups, in the filter menu, we have included the option “Fix with AI.” This allows you to list the vulnerabilities for which we can help you reduce remediation efforts with our GenAI-powered solutions.

🏗️ Redesigning the Surface section: We have started restructuring the Surface section, now renamed "Inventory" (a concept more aligned with our industry terminology). This section is now divided into two tabs:

• Packages: It shows open-source software components or third-party dependencies and Docker images in use within your repositories, as well as licenses and vulnerabilities associated with them. Here you can also generate SBOMs in a couple of clicks.
• Surface: It provides a technical overview of the target, including languages, lines, inputs, and ports.

Upcoming

🪸 Autofix for SCA results: We will start allowing this automatic remediation option for vulnerabilities found through SCA. Specifically, for those security issues that, in line with Semantic Versioning (SemVer), represent only "minor" changes.

📐 New priority score: We identified some errors to fix in the current mathematical model of our priority score. The new version of the priority model will be based on CVSS, but will incorporate additional criteria such as CVSSF, fixing cost, dependency usage (in build or runtime), transitivity, EPSS, KEV, and reachability. We will remove criteria related to the importance of the repository, detection technique, attack vector, and location impact.

🔩 Enhancements to our IntelliJ integration: Pending modifications for this IDE plugin include integrating it with our Autofix and Custom Fix remediation support, and allowing users to view descriptions of their vulnerabilities and be directed to our platform from there.

Deprecations

📈 "Severity" tab at the weakness level: For years, we have calculated severity for vulnerabilities (weaknesses in specific locations) and not just for general weaknesses (ignoring their location in the software under evaluation). The latter calculation is now obsolete and inaccurate, so we have decided to remove the Severity section from the weakness level and keep it only for the vulnerability level. This will take effect on October 1.

Additional information

💬 On our subprocessors: For Fluid Attacks, transparency is a fundamental principle of security. That is why, in the area of customer data management, we would like to inform you that we have now subscribed to the cloud monitoring subprocessor DataDog and are no longer using Coralogix and Mixpanel. For more information about our subprocessors, please visit our Trust Center.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Now, you can also do it in Spanish: