Implemented

🪃 Easier report generation: Currently, every time you go to download a certificate report, if you have not entered all the required information in the Information subsection of the Scope section, you will be prompted to complete this step and be able to download the report. Also, when you click the Generate report button, you can now see the download options within a drop-down menu.

🌿 A more flexible acceptance policy: The maximum number of days your team could temporarily accept a vulnerability was 90 days. After reviewing a customer request, you can now adjust this policy to a maximum of 999 days.

Squashed bugs

✔️ Issues with event registration: Sometimes, when an analyst wanted to add several events (circumstances preventing the regular application assessment) to the platform, only one of them was registered, so the duplication prevention mechanism had to be readjusted.

✔️ Duplicate vulnerabilities: Some types of vulnerabilities sometimes had duplicate specific cases among their corresponding lists, so several solutions were implemented to prevent them from appearing.

✔️ Unavailable Git root upload via CSV: When trying to add a Git root to the platform through a CSV file, an error message was generated as if the repository was already present when, in fact, it was not.

Implemented unexpectedly

🛠️ Injected and Inherited sections modified: We did well months ago in creating a section where you can see all your third-party components or dependencies, including those highlighted as vulnerable, reachable, or affected by malware. However, we realized we should change its name and location within the platform. Therefore, this section, which we used to call Inherited, is now called Packages and is part of the Surface section. Likewise, the Injected section got its previous name back, Vulnerabilities, where you will continue to find reports of all your security issues.

Promised but not implemented

❌ Prioritized vulnerabilities table: In the end, we decided that this table would not appear. While it was going to be useful when we had the Inherited and Injected sections (both with vulnerability reports), now that there is only one list of types of vulnerabilities detected, this table becomes unnecessary.

✨Have 10-15 minutes to spare?✨

Share your opinions on our AppSec solution on Gartner Peer Insights and earn a $25 gift card! Your feedback helps others make informed decisions and shapes the future of application security. Just follow this link!