Implemented

💯 New priority score: We have defined a new version of our vulnerability prioritization model. It is still based on CVSS and CVSSF scores, but now you can easily customize which of the following criteria have greater weight than others: fixing cost, dependency usage (in build or run), transitivity, EPSS, and KEV.

The Priority column in the weaknesses and vulnerabilities tables shows values in percentiles: the higher the percentile, the higher the remediation priority. For more details, check out these articles on prioritization policy management and vulnerability reporting in our Knowledge Base.

🪾 Safe dependency version: Now, in addition to reporting every vulnerable third-party software component you are using in your application, we show you which of its closest versions is free of known vulnerabilities. Soon, you will also be able to use Autofix from compatible IDEs to apply patches and minor fixes to your dependencies.

🌿 Enhancements to our IntelliJ plugin: We have already enabled Custom Fix—one of our GenAI-based vulnerability remediation support channels—for those who use our extension in IntelliJ IDEA. Soon, we will facilitate Autofix and reattacks features for the same IDE.

⛓️ Identify your vulnerable packages more easily: We continue to improve the user experience in the Inventory section of our platform so that you can make a more intuitive connection between the packages used in your application and their vulnerabilities. Remember that you can also get to know the dependency trees and map component licenses right there.

🏛️ Criteria has been moved: We now have the Fluid Attacks Database site, where you can access all our technical documentation (formerly known as “Criteria” in our Knowledge Base) related to security vulnerabilities, requirements, standards, and fixes. There, you can also stay up to date with all the advisories we collect and disclose.

Upcoming

🔝 Top 20 vulnerabilities: Coming soon, from the Vulnerabilities section on our platform, you will be able to quickly filter the top 20 vulnerabilities to be remediated according to their priority in the group.

⚠️Fluid Attacks call notice⚠️

A few months ago, our sales team may have been calling your team members to offer them onboarding and adoption of new features on our platform. This is a reliable procedure in which we will never seek to discuss your software's vulnerabilities. However, if you have any questions, please contact us at help@fluidattacks.com.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link! Now, you can also do it in Spanish: