all code dx

Code Dx 5.5.2

Code Dx 5.5.2 10/11/2021

Fixes

  • Fixed a bug causing agentless hybrid correlation to not function
  • Fixed an analysis failure with hybrid correlation enabled when DAST data without trace information was present
  • Fixed an error present during upgrades and analyses on Windows related to component analysis results with file paths containing a colon
  • Fixed an upgrade failure when using MySQL

Tools

  • Fixed a failure caused by the Netsparker ingestion logic when multiple CWEs are present for a result

Code Dx 5.5.0

Code Dx 5.5.0 9/29/2021

Release Notes

If you use LDAP or SAML, please see related upgrade notes at https://community.synopsys.com/s/article/Code-Dx-Code-Dx-5-5-0-Upgrade-Notes

Additions

  • Added compliance PDF reports
  • Added tagging support for findings
  • Added predicted status fields for CSV and XML reports
  • Added support for searching based on multiple hosts

Changes

  • Deprecated support for ingesting Code Dx XML reports
  • Made performance and functionality improvements for Tool Overlap filter

Fixes

  • Fixed some issues causing minor incompatibility with MySQL
  • Fixed a bug causing an erroneous "There are currently no input files to display" message in Show Inputs list
  • Fixed a bug causing a double-refresh when toggling ‘Hide Gone Findings’ on the Findings Page view menu
  • Fixed a bug causing the header on the Finding Details Page to disappear for locationless findings
  • Made various minor UI fixes and tweaks

Tools

  • Added CVE and Seeker link for Seeker results
  • Improved ingested locations for Coverity issues
  • Fixed broken Coverity link for Coverity results
  • Fixed password encoding for Coverity Connect tool connector, causing login to fail if password contained certain characters

Security

  • Upgraded pac4j library, which includes a fix for a SAML authentication vulnerability – ReplayCache was not in place (introduced v3.6.0)
  • Fixed a bug in LDAP authentication where hostname verification was always disabled (introduced v3.5.3)

Code Dx 5.4.15

Code Dx 5.4.15 9/7/2021

Tools

  • Enterprise Fixed detection for zipped NowSecure Workstation v6.5 files
  • Enterprise Made Twistlock reader less strict
  • Enterprise Made fixes to Qualys WAS tool connector
  • Enterprise Made fixes for compliance parsing with QualysVM tool reader

Code Dx 5.4.14

Code Dx 5.4.14 8/27/2021

Tools

  • Enterprise Added ingestion support for NowSecure Workstation format version 6.5

Code Dx 5.4.13

Code Dx 5.4.13 8/19/2021

Changes

  • Removed references to CWEVis.org

Fixes

  • Fixed URL normalization bug causing failure when handling certain URLs

Tools

  • Enterprise Updated NowSecure ingestion to properly handle nulls for various fields

Code Dx 5.4.12

Code Dx 5.4.12 8/16/2021

Tools

  • Enterprise Updated AppScan finding element ingestion logic to improve DAST correlation

Code Dx 5.4.11

Code Dx 5.4.11 8/10/2021

Fixes

  • Fixed a bug causing improper URL display and correlation issues for DAST result URLs containing curly braces

Code Dx 5.4.10

Code Dx 5.4.10 8/9/2021

Tools

  • Enterprise Made a fix to allow ASoC outputs without advisory-group info to be ingested

Code Dx 5.4.9

Code Dx 5.4.9 8/3/2021

Additions

  • Enterprise Added SARIF support

Changes

  • Changed result location display to show raw path, with Code Dx temporary folder removed for bundled tool results

Fixes

  • Enterprise Fixed missing recorrelation prompt after disabling hybrid correlation
  • Enterprise Fixed some miscellaneous bugs with the issue tracker configuration modal
  • Fixed an issue causing recorrelation to attempt to update triage predictions when disabled
  • Fixed a bug causing PDF report generation to fail when including comments with invalid URLs

Tools

  • Enterprise Added support for Qualys Container Security CSV
  • Enterprise Added tool connector support for Tinfoil API and Web
  • Enterprise Improved data ingestion and correlation for Seeker IAST results
  • Enterprise Improved consistency of SD Elements tool connector configuration UI
  • Enterprise Added tool connector support for Polaris