change log

Code Dx 5.0.7

Code Dx 5.0.7 6/17/2020

Tools

  • Enterprise Updated Protecode reader to properly parse latest component version

Code Dx 5.0.5

Code Dx 5.0.5 6/9/2020

Fixes

  • Enterprise Fixed a bug causing incorrect finding density on the dashboard

Code Dx 5.0.4

Code Dx 5.0.4 6/1/2020

Tools

  • Updated Dependency-Check integration to handle dependencies nested in archives

Plugins

  • Updated Jenkins plugin with pipeline build support

Code Dx 5.0.3

Code Dx 5.0.3 5/7/2020

Additions

  • Added logic to show a message on the analysis page when user uploads a source or binary file directly

Fixes

  • Enterprise Fixed a dashboard error causing non-triage events to erroneously affect the Created/Resolved counts
  • Enterprise Fixed an issue with LDAP preventing display names from being resolved when the assigned attribute has multiple values

Changes

  • Updated CWE to version 4.0
  • Updated standards list based on CWE update:

    • Added CISQ Quality Measures (2016)
    • Added CWE Architectural Concepts view
    • Added CWE Hardware Design view
    • Updated CERT C Secure Coding Standards
    • Updated CERT Java Secure Coding Standards
    • Updated CWE Top 25 Most Dangerous Software Errors (2019)

Code Dx 5.0.2

Code Dx 5.0.2 4/23/2020

Additions

  • Enterprise+InfraSec Added support for filtering assets by ID in Tenable.sc tool connector

Fixes

  • Fixed an issue causing the analysis page to report analysis failure when network connection is lost
  • Fixed a bug causing upgrade failures when updating hashes for partially deleted projects

Tools

  • Fixed a regression causing bundled Checkstyle to fail on UTF-8 inputs

Code Dx 5.0.1

Code Dx 5.0.1 4/13/2020

Additions

  • Added ability to specify additional metadata fields for inclusion in finding search

Fixes

  • Fixed an issue causing temporary uploaded files not to be closed after use
  • Fixed an issue causing the projects page to temporarily display a no projects message when loading
  • Enterprise Fixed issues related to hybrid analysis

Tools

  • Updated bundled version of Python and Pylint
  • Reconfigured bundled PHP_CodeSniffer to ignore JS and CSS by default
  • Enterprise Updated ZAP tool reader to read request data from standard ZAP report files

Code Dx 5.0.0

Code Dx 5.0.0 4/2/2020

Release Notes

As of Code Dx version 5.0, MariaDB version 10.3 or later is required. If you have manually installed your database server, please ensure it is updated to at least version 10.3.

Additions

  • Added analysis failure logs to visual log page
  • Improved support for proxies
  • Improved configurability of concurrent analyses limit
  • Enterprise Added CVE search
  • Enterprise+Orchestration Added Kubernetes-based tool orchestration

Changes

  • Overhauled and improved the tool configuration page

Fixes

  • Fixed a bug causing inconsistent handling of backslashes in props file
  • Fixed a bug causing project deletion to cause errors in log
  • Fixed a bug causing incorrect project list count
  • Enterprise Fixed an issue with Jira user fields based on Jira API changes
  • Enterprise Fixed a bug causing Java parsing failures when using agent-based tracing

Tools

  • Enterprise Added support for NowSecure Workstation
  • Enterprise Added support for Microsoft Code Analysis (including Code Cracker and Security Code Scan)
  • Enterprise Added concurrent connection limit to SonarQube tool connector
  • Enterprise Updated several tool readers’ handling of CVE fields
  • Enterprise+InfraSec Added tool connector support for Tenable.sc

Code Dx 4.4.6

Code Dx 4.4.6 3/10/2020

Additions

  • Enterprise Added CVE support to issue tracker templates

Fixes

  • Enterprise Fixed an occasional issue causing dashboard updating to not happen

Tools

  • Enterprise Renamed "Netsparker Cloud" to "Netsparker Enterprise" and added support for Enterprise XML files
  • Enterprise Fixed an issue with the Arachni reader not handling null HTTP request headers properly