✨Make your voice heard in the AppSec world!✨

Share your thoughts on Fluid Attacks' solution on Gartner Peer Insights and get a $25 gift card! It will only take 10-15 minutes to help shape the future of the application security industry.

Implemented

🖥️ Testing your production environment: From now on, you can also add the production environment of your system under assessment to undergo our continuous security testing. Being more stable than the pre-production environment, evaluating your production environment can give us a broader understanding of your real risks. This way, our testing is carried out during all phases of your software development lifecycle. Please note that you can enjoy all of this at no additional cost.

🛠️ Injected and Inherited sections modified: The section where you can see all your third-party components or dependencies, including those highlighted as vulnerable, reachable, or affected by malware, which we called Inherited for a short time, is now called Packages and is part of the Surface section. Likewise, the Injected section got its previous name back, Vulnerabilities, where you will continue to find reports of all your security issues.

⚠️ Active policy announcements: Each day you access the DevSecOps and Members sections, you will find an announcement about the policies you have active. In the DevSecOps section, you will see information about your policies relating to the temporary acceptance of vulnerabilities and the severity ranges in which our CI Agent breaks the build after a certain grace period. In the Members section, you will see your current inactivity policy for member removal.

➕ Amazon ECR is now supported: We have extended the capability of our scanner to assess container images stored, shared, and deployed in the Amazon Elastic Container Registry (ECR).

⬇️ Export of filtered event lists: Each time you apply a filter in the Events section list and click on the Export button, you will see a drop-down menu where you can choose whether to download the filtered or all the data from the list.

🪚 Environment URL modification: When the URLs of the environments under assessment include at the end unnecessary query parameters that may affect the evaluations and reports, these are removed, leaving only the base URLs.

🔕 Fewer alerts in treatment windows: We removed unnecessary alerts you received while filling in the required fields to improve your experience when assigning treatments to your software vulnerabilities.

❌ Change in the Vulnerabilities column: In the Vulnerabilities column of the list of groups in your organization, we mistakenly mentioned the number of types of vulnerabilities we "found" in each. We have corrected the message since what we really show you is the number of vulnerability types you have open in each group.

Squashed bugs

✔️ Failed folder exclusion for SBOM: We had to readjust the exclusion logic for the SBOM definition, as it failed in the case of listed folders such as ".git/," commonly located in the root directory.

✔️ Endless SBOM generation: The creation of SBOMs for download sometimes became interminable, so we had to make several adjustments to ensure this was always achieved within reasonable time frames.

Upcoming

⏩ Improved vulnerability tables: We are implementing a new version of the vulnerability tables that handles a different query strategy. These tables will load information much faster, provide more visual feedback, and enhance your browsing experience. (Coming up on February 7.)

🏛️ Column management: Linked to the previous feature, you will have a new interface to manage the columns in the tables of vulnerability types and specific vulnerabilities. You will be able to choose which ones to enable and which ones to disable, organize them as you wish, and save the applied changes. (Coming up on February 7.)

🎫 Reporting issues in permissions for CSPM: When running CSPM tests, these can sometimes fail due to changes in credential permission settings by users. The idea is to be able to start reporting these problems as events within the platform. (Coming up on February 7.)

🦠 Reporting use of software with malware: We will begin reporting the use of third-party software components with code publicly known to be affected by malware as a type of vulnerability in your software products. (Coming up on February 7.)

👩‍⚖️ Improved Policies section: In the Policies section, you will be able to centrally manage both your organization's policies and those of each of your groups. Only members with the role of User Manager at the organizational level will be able to edit these policies. (Coming up on February 11.)