change log

Code Dx 5.2.13

Code Dx 5.2.13 1/28/2021

Fixes

  • Fixed a bug that may cause project finding recorrelation to fail
  • Fixed a bug causing analysis inputs to not show in ‘Show Inputs’ if they are missing on disk

Tools

  • Enterprise Added tool connector support for Dependency-Track

Code Dx 5.2.12

Code Dx 5.2.12 1/18/2021

Release Notes

The Dependency-Check update contained in this release requires installation of .NET Core 3.1 if used to scan .NET components.

Tools

  • Enterprise Added tool connector support for JFrog
  • Enterprise Added custom field support for Black Duck
  • Enterprise Added tool connector support for Burp Enterprise
  • Updated bundled ESLint to version 7.15.0
  • Updated bundled Dependency-Check to version 6.0.3

Code Dx 5.2.11

Code Dx 5.2.11 1/13/2021

Additions

  • Enterprise Added aggregation helpers for use with issue tracker expressions

Changes

  • Enterprise Made a tweak to allow for decimals in issue tracker number fields

Fixes

  • Fixed a bug causing occasional duplicate key errors in the Code Dx log after a failed analysis
  • Enterprise Reconciled some differences in issue tracker expression handling between manual and automatic creation/sync
  • Enterprise Fixed a bug causing timestamps for comments from tools to not display on activity stream

Tools

  • Enterprise Fixed a timezone issue with comment timestamps from ASoC
  • Enterprise Fixed an issue causing AppScan Enterprise tool connector to fail when some optional variant data wasn’t present

Code Dx 5.2.10

Code Dx 5.2.10 12/15/2020

Additions

  • Added wildcard functionality to CVE search

Tools

  • Enterprise Fixed issue causing concurrent AppScan Enterprise tool connector runs to fail
  • Updated bundled PHP runtime to address issues with PHP tools failing to run on certain Linux distributions

Code Dx 5.2.9

Code Dx 5.2.9 12/1/2020

Fixes

  • Enterprise Fixed a bug causing all findings on a project to be incorrectly associated with an issue tracker issue when attempting to associate one finding on its details page

Code Dx 5.2.8

Code Dx 5.2.8 11/20/2020

Tools

  • Enterprise Updated Contrast tool connector to improve location ingestion logic, add data flow ingestion, improve status ingestion, and filter out unlicensed projects from configuration dialog
  • Enterprise Fixed bug causing Qualys WAS connector to fail

Code Dx 5.2.7

Code Dx 5.2.7 11/12/2020

Additions

  • Added support for ASVS standard
  • Enterprise Added project metadata display on projects listing and findings page
  • Enterprise Made general improvements to URL validation for tool connectors
  • Enterprise Added a delay/throttling to issue tracker requests

Fixes

  • Enterprise Fixed a bug causing multiple page refreshes after issue tracker sync/auto-create
  • Enterprise Fixed issue tracker bulk operations not obeying the finding selections on the findings page
  • Enterprise+ML Fixed a bug causing predictions to not be updated after recorrelation

Tools

  • Enterprise Added sandbox support to Veracode tool connector
  • Enterprise Added support for ASoC app reports
  • Enterprise Made improvements to ingestion and correlation of Contrast component analysis results
  • Enterprise Added status mapping for Contrast tool results
  • Enterprise Made improvements to Protecode tool reader to support semicolon-delimited input files

Code Dx 5.2.6

Code Dx 5.2.6 10/19/2020

Fixes

  • Fixed an issue that may cause errors in components dealing with URLs lacking a trailing slash

Tools

  • Enterprise Made further fixes for restricting the length of remarks in ASoC data flows

Code Dx 5.2.5

Code Dx 5.2.5 10/16/2020

Fixes

  • Enterprise Fixed an issue causing HTTP redirects to not be followed for some issue tracker and tool connector configurations

Tools

  • Enterprise Updated AppScan Enterprise integration to treat advisory data as optional

Code Dx 5.2.4

Code Dx 5.2.4 10/14/2020

Changes

  • Made improvements to the data flow interface, added source code display
  • Enterprise Changed default "include child projects" setting on dashboard to true

Fixes

  • Fixed a bug that potentially causes phantom findings to appear when re-correlating projects that have had failed analyses

Tools

  • Enterprise Improved severity ingestion logic for AppScan Enterprise
  • Enterprise Fixed a bug causing the NowSecure tool connector to fail on certain API requests
  • Enterprise Fixed a bug causing ASoC data flows containing large source snippets to fail to ingest