Application Updates

Code Dx 3.3.1

Code Dx 3.3.1 9/17/2018

Fixes

  • Fixed a bug causing projects with "Don’t use any Rules" selected to not appear

Code Dx 3.3.0

Code Dx 3.3.0 9/11/2018

Additions

  • Added a setting for excluding specific tool outputs from auto-archive
  • Enterprise Added support for SAML authentication
  • Enterprise Added resolution tracking for Jira issues

Changes

  • Enterprise Raised the limit for finding count on Jira issue creation to 2500
  • Enterprise Prevent saving invalid Jira template configurations

Fixes

  • Fixed a problem causing slowness and odd UI behavior during bulk triage

Tools

  • Updated Dependency-Check integration to support NSP scanning
  • Enterprise Added SonarQube tool connector filter options
  • Enterprise Added high severity and triage status mapping for Netsparker Cloud

Plugins

  • A native TeamCity plugin was added

Code Dx 3.2.2

Code Dx 3.2.2 8/24/2018

Tools

  • Enterprise Updated Protecode reader to report results by component name rather than path

Code Dx 3.2.1

Code Dx 3.2.1 8/21/2018

Fixes

  • Enterprise Fixed a problem causing issue fields to reset when issue type is changed
  • SWAMP Fixed an issue causing Pylint tool codes to not be translated properly

Tools

  • Enterprise Fixed missing auto update field for Fortify SSC tool connector
  • Enterprise Updated BlackDuck tool connector
  • Enterprise Fixed an issue causing SonarQube component field to be treated as mandatory
  • Enterprise Made changes to the Veracode tool connector to address a potential failure condition in large reports

Code Dx 3.2.0

Code Dx 3.2.0 8/9/2018

Additions

  • Added pagination to project listing page, project list on admin page
  • Enterprise Added MISRA C and C++ standards mappings

Fixes

  • Fixed a bug causing case sensitivity when correlating based on finding element
  • Fixed some bugs related to recorrelation
  • Fixed a bug causing tool results to be rejected when the URL is "/"
  • Fixed a bug causing manually entered results/findings to become gone upon editing

Changes

  • Added line number to location sorting on findings page
  • Changed search functionality on findings page to further restrict rather than combine with filters
  • Reduced the number of notifications appearing on the Admin page

Tools

  • Enterprise Added tool reader support for Protecode
  • Enterprise Added tool connector support for SonarQube
  • Enterprise Added tool connector support for Fortify SSC
  • Enterprise Added support for API key authentication to Veracode connector
  • Enterprise Added CVSS metadata to Veracode component analysis results
  • Enterprise Fixed an issue causing duplicate entries for WebInspect rules

Code Dx 3.1.0

Code Dx 3.1.0 7/30/2018

Additions

  • Added support for capturing and displaying data flow information from tools
  • Enterprise Added hybrid SAST-to-DAST correlation capability using static analysis

Fixes

  • Fixed a bug potentially causing correlation to over-match when comparing tool provided IDs
  • Fixed a bug causing potential analysis failure if a project is renamed during correlation
  • Fixed a bug causing results to be lost during correlation in certain scenarios
  • Fixed a bug causing recorrelation to fail in certain scenarios
  • Fixed a bug causing recorrelation to not maintain inactive results on a finding
  • Enterprise Fixed a bug related to authentication in the BlackDuck tool connector
  • Enterprise Fixed some issues with the JIRA assignee selection when creating issues

Changes

  • Promoted a collection of API endpoints to the stable API
  • Updated to CWE 3.1, added OWASP Top Ten 2017 standard
  • Made updates to default ruleset
  • Improved correlation for results with tool provided IDs

Tools

  • Added data flow support to CAT.NET
  • Upgraded bundled Cppcheck to version 1.8.4, updated Cppcheck rule information
  • Upgraded bundled FindBugs to SpotBugs v3.1.3; upgraded Find Security Bugs Plugin to version 1.7.1, updated SpotBugs and Find Security Bugs rule information
  • Enterprise Added data flow support to AppScan Source, Checkmarx, Fortify, and Veracode
  • Enterprise Added native tool ID to Checkmarx, Coverity, and Fortify
  • Enterprise Updated Coverity rule information

Code Dx 3.0.8

Code Dx 3.0.8 7/3/2018

Fixes

  • Fixed a display issue in the analysis configuration dialog
  • Fixed a bug that may cause findings to erroneously be marked as gone in certain circumstances
  • Enterprise Fixed a bug causing analysis failure when processing certain DAST HTTP response variants

Code Dx 3.0.7

Code Dx 3.0.7 6/27/2018

Tools

  • Enterprise Fixed WhiteHat cleanup migration to properly mark spurious findings as gone

Code Dx 3.0.6

Code Dx 3.0.6 6/25/2018

Tools

  • Enterprise Updated WhiteHat tool connector to no longer use non-unique vulnerability ID as an identifier

Code Dx 3.0.5

Code Dx 3.0.5 6/15/2018

Tools

  • Enterprise Updated WhiteHat tool connector to only process open attack vectors