change log

Code Dx 5.2.3

Code Dx 5.2.3 10/6/2020

Additions

  • Enterprise Added {{ifeq}} issue tracker template helper for general equality checks

Fixes

  • Fixed a bug related to trailing spaces for values in props file
  • Fixed a bug causing analysis and re-correlation failures with component analysis findings with a purely numeric version number

Tools

  • Enterprise Added option to AppScan Enterprise connector to filter results by severity
  • Enterprise Fixed an issue causing the AppScan Enterprise tool connector to only display 1000 projects

Code Dx 5.2.2

Code Dx 5.2.2 9/30/2020

Changes

  • Enterprise Added option to hide scripted Jira fields

Fixes

  • Fixed a bug causing breadcrumbs to not clear when their corresponding filter is collapsed
  • Enterprise Added missing close button on LDAP configuration dialog
  • Enterprise Fixed a potential bug related to duplicate detection method names
  • Enterprise Fixed a bug causing hybrid correlation to fail if data flows with no source mappings exist

Code Dx 5.2.0

Code Dx 5.2.0 9/18/2020

Additions

  • Added bulk comment, triage, and severity override functionality
  • Enterprise Added ability to run tool connectors during analyses

Changes

  • Overhauled finding table UI
  • Added a slight update delay on the findings table to allow making multiple filter changes at once
  • Promoted some Code Dx API endpoints from ‘experimental’ to ‘stable’
  • Improved correlation and de-duplication for SCA findings and results

Tools

  • Improved data ingestion for results from SCA tools
  • Updated bundled Dependency-Check to v5.3.2
  • Enterprise Updated ASoC tool connector support
  • Enterprise Added tool reader and connector support for ThunderScan
  • Enterprise Added support for Tenable.sc compliance reports
  • Enterprise Added tool connector support for Netsparker Enterprise
  • Enterprise Made SonarQube branch selection optional
  • Enterprise Added tool connector support for DataTheorem Mobile
  • Enterprise Added tool reader and connector support for Seeker
  • Enterprise Added API Token authentication for Black Duck tool connector
  • Enterprise Improved BlackDuck tool data ingestion
  • Enterprise Added ability to filter by scan name for Tenable.sc tool connector
  • Enterprise Added tool connector support for AppScan Enterprise

Code Dx 5.1.4

Code Dx 5.1.4 9/16/2020

Fixes

  • Fixed a bug causing Qualys results to fail to ingest when offline

Tools

  • Enterprise Added API token authentication option to Fortify SSC tool connector

Code Dx 5.1.2

Code Dx 5.1.2 8/24/2020

Fixes

  • Enterprise Fixed a display issue causing the Trace Execution view to not use all available horizontal space
  • Enterprise+Orchestration Fixed a potential stack overflow and crash when waiting for tool service during analysis

Tools

  • Corrected an issue causing SpotBugs to miss results on some inputs from newer versions of Java

Code Dx 5.1.1

Code Dx 5.1.1 8/7/2020

Fixes

  • Reduced log noise related to Tool Orchestration, even if not enabled
  • Fixed a bug causing code metrics update during analysis to fail under certain circumstances
  • Enterprise Fixed a potential bug that would cause LDAP users to be automatically removed from Code Dx user groups
  • Enterprise Updated a usage of a deprecated Jira user search parameter
  • Enterprise Fixed a bug causing the "% Coverage" column on the instrumentation page to show 0
  • Enterprise Fixed a bug causing duplicate work item fields when configuring Azure DevOps issue tracker integration

Tools

  • Updated bundled PHPMD to version 2.8.2
  • Updated bundled Checkstyle to version 8.32
  • Added data flow ingestion to Cppcheck
  • Updated bundled SpotBugs to version 4.0.3 and bundled FindSecBugs plugin to version 1.10.1
  • Enabled HTML checks for bundled JSHint
  • Updated bundled ESLint to version 7.4.0
  • Enterprise Added DTP Engine recognition for Parasoft SATE integration

Code Dx 5.1.0

Code Dx 5.1.0 7/16/2020

Additions

  • Added tracking for last user login on admin page
  • Added navigation tabs to findings pages to toggle between project-centric pages
  • Enterprise Added support for selecting date range on dashboard
  • Enterprise Added support for ServiceNow issue tracker
  • Enterprise+ML Added machine learning functionality to assist with prioritizing and triaging findings

Changes

  • Enterprise Updated DISA STIG 4 standard to 4.10
  • Enterprise Improved error reporting display for LDAP groups

Fixes

  • Fixed a bug causing the project header to jitter on page load

Tools

  • Changed PHP_CodeSniffer wrapper to ignore JS and CSS by default
  • Enterprise Add tool connector support for Checkmarx IAST

Code Dx 5.0.8

Code Dx 5.0.8 6/29/2020

Fixes

  • Enterprise+Orchestration Fixed bug causing different finding counts when running Cppcheck on cluster

Changes

  • Enterprise Updated custom XML input to support finding element

Tools

  • Enterprise sqlmap fork created to export results in Code Dx XML format