Previous Versions

Code Dx 5.5.0

Code Dx 5.5.0 9/29/2021

Release Notes

If you use LDAP or SAML, please see related upgrade notes at


  • Added compliance PDF reports
  • Added tagging support for findings
  • Added predicted status fields for CSV and XML reports
  • Added support for searching based on multiple hosts


  • Deprecated support for ingesting Code Dx XML reports
  • Made performance and functionality improvements for Tool Overlap filter


  • Fixed some issues causing minor incompatibility with MySQL
  • Fixed a bug causing an erroneous "There are currently no input files to display" message in Show Inputs list
  • Fixed a bug causing a double-refresh when toggling ‘Hide Gone Findings’ on the Findings Page view menu
  • Fixed a bug causing the header on the Finding Details Page to disappear for locationless findings
  • Made various minor UI fixes and tweaks


  • Added CVE and Seeker link for Seeker results
  • Improved ingested locations for Coverity issues
  • Fixed broken Coverity link for Coverity results
  • Fixed password encoding for Coverity Connect tool connector, causing login to fail if password contained certain characters


  • Upgraded pac4j library, which includes a fix for a SAML authentication vulnerability – ReplayCache was not in place (introduced v3.6.0)
  • Fixed a bug in LDAP authentication where hostname verification was always disabled (introduced v3.5.3)

Code Dx 5.4.15

Code Dx 5.4.15 9/7/2021


  • Enterprise Fixed detection for zipped NowSecure Workstation v6.5 files
  • Enterprise Made Twistlock reader less strict
  • Enterprise Made fixes to Qualys WAS tool connector
  • Enterprise Made fixes for compliance parsing with QualysVM tool reader

Code Dx 5.4.14

Code Dx 5.4.14 8/27/2021


  • Enterprise Added ingestion support for NowSecure Workstation format version 6.5

Code Dx 5.4.13

Code Dx 5.4.13 8/19/2021


  • Removed references to


  • Fixed URL normalization bug causing failure when handling certain URLs


  • Enterprise Updated NowSecure ingestion to properly handle nulls for various fields

Code Dx 5.4.12

Code Dx 5.4.12 8/16/2021


  • Enterprise Updated AppScan finding element ingestion logic to improve DAST correlation

Code Dx 5.4.11

Code Dx 5.4.11 8/10/2021


  • Fixed a bug causing improper URL display and correlation issues for DAST result URLs containing curly braces

Code Dx 5.4.10

Code Dx 5.4.10 8/9/2021


  • Enterprise Made a fix to allow ASoC outputs without advisory-group info to be ingested

Code Dx 5.4.9

Code Dx 5.4.9 8/3/2021


  • Enterprise Added SARIF support


  • Changed result location display to show raw path, with Code Dx temporary folder removed for bundled tool results


  • Enterprise Fixed missing recorrelation prompt after disabling hybrid correlation
  • Enterprise Fixed some miscellaneous bugs with the issue tracker configuration modal
  • Fixed an issue causing recorrelation to attempt to update triage predictions when disabled
  • Fixed a bug causing PDF report generation to fail when including comments with invalid URLs


  • Enterprise Added support for Qualys Container Security CSV
  • Enterprise Added tool connector support for Tinfoil API and Web
  • Enterprise Improved data ingestion and correlation for Seeker IAST results
  • Enterprise Improved consistency of SD Elements tool connector configuration UI
  • Enterprise Added tool connector support for Polaris

Code Dx 5.4.8

Code Dx 5.4.8 7/19/2021


  • Enterprise Made some fixes for JFrog JSON validation
  • Enterprise Added ingestion for impact path metadata for JFrog