change log

Code Dx 4.3.3

Code Dx 4.3.3 11/13/2019

Fixes

  • Enterprise Fixed a bug causing trace execution page display problems
  • SWAMP Fixed a permission causing SWAMP users to not be allowed to re-correlate
  • SWAMP Removed unsupported configuration options from analysis config dialog

Tools

  • Enterprise Improved logic for mapping severity for non-English Checkmarx inputs
  • Enterprise Improved logic for mapping severity for Coverity results
  • Enterprise Improved logic for mapping severity for Protecode results

Code Dx 4.3.2

Code Dx 4.3.2 10/30/2019

Changes

  • Made changes to support more SSL cipher suites for tool connectors
  • Fixed a bug causing path normalization to fail with certain path inputs
  • Enterprise Fixed a failure case when reading tool results with an unspecified CVSS vector

Code Dx 4.3.1

Code Dx 4.3.1 10/22/2019

Changes

  • Made a slight performance tweak for project creation when many projects exist

Tools

  • Enterprise Fixed an issue causing errors for Fortify SSC results not specifying milliseconds in their timestamps

Code Dx 4.3.0

Code Dx 4.3.0 10/8/2019

Additions

  • Enterprise Added Azure DevOps issue tracker
  • Added analysis support for Java 11 binaries

Changes

  • Updated OpenAPI specification to version OAS3
  • Updated ‘rule’ to ‘type’ in API report generation documentation

Tools

  • Enterprise Added tool connector for Qualys WAS
  • Enterprise Added ASoC SAST and DAST tool reader support
  • Enterprise Added Fortify filter set support
  • Updated bundled ESLint to v6.1.0
  • Updated bundled SpotBugs to v3.1.12
  • Updated bundled Find Security Bugs SpotBugs plugin to v1.9.0
  • Updated bundled ScalaStyle to v2.12-1.0.0

Code Dx 4.2.4

Code Dx 4.2.4 9/24/2019

Fixes

  • Enterprise Custom XML CWE now propagates to finding instead of only result

Tools

  • Enterprise Switched to using POST request for Qualys knowledge base

Code Dx 4.2.3

Code Dx 4.2.3 9/22/2019

Fixes

  • Enterprise DISA STIG title set to version 4.9 to match content

Changes

  • Updates to API documentation to reflect change from rule to type

Tools

  • Enterprise Using Checkmarx pathID to track findings across scans

Code Dx 4.2.2

Code Dx 4.2.2 8/29/2019

Additions

  • Added LDAP DN template configuration option

Fixes

  • Enterprise Fixed a bug related to native ID correlation when an ID is present in multiple locations

Changes

  • Enterprise Made improvements to tool output format detection logic

Tools

  • Updated bundled Depenency-Check to v5.2.1
  • Enterprise Fixed an issue with the Protecode JSON reader causing failures when CWE or CVSS Vector is missing

Code Dx 4.2.1

Code Dx 4.2.1 8/8/2019

Additions

  • Enterprise Added tool attribute for custom XML input files to improve auto-archive behavior

Fixes

  • Improved performance of concurrently running tool readers
  • Fixed a bug causing analyses to fail after deleting a project under certain circumstances
  • Made changes to ensure all tool readers will accept empty output files from tools
  • Enterprise Fixed some display issues with numbers on dashboard
  • Enterprise Fixed rounding issue on dashboard severity breakdown

Changes

  • Made performance improvements to correlation

Code Dx 4.2.0

Code Dx 4.2.0 7/31/2019

Additions

  • Added analysis configuration options for marking first and third party content and excluding certain files from analysis
  • Enterprise Added API-based finding metadata support

Fixes

  • Fixed a bug causing files from failed analyses to not be removed from disk
  • Fixed a bug causing source code inspection failures to not properly fail the analysis
  • Fixed a bug causing observed tool codes in disabled groups to still be ingested in certain scenarios

Changes

  • Made some general UI improvements
  • Made improvements to activity stream display
  • Made improvements to error handling on new analysis page
  • Enterprise Changed issue tracker API URLs to be more consistent
  • Enterprise Updated DISA/STIG standard

Tools

  • Added NowSecure Intel support to NowSecure tool connector
  • Updated bundled Brakeman to v4.3.1
  • Updated bundled Checkstyle to v8.22
  • Updated bundled Cppcheck to v1.88
  • Updated bundled Dependency-Check to v5.2.0
  • Updated bundled JSHint to v2.10.2
  • Updated bundled PHP-CodeSniffer to v3.4.2
  • Updated bundled PHP-CodeSniffer security-audit plugin to v2
  • Updated bundled PHPMD to v2.6.1
  • Updated bundled PMD to v6.15.0
  • Updated bundled Pylint to v1.9.4
  • Replaced bundled Retire.js with new Dependency-Check Retire.js integration
  • Fixed an issue with the bundled version PHP-CodeSniffer causing all inputs to be ignored if Code Dx is installed in folders with certain names
  • Fixed an issue with the bundled version of Dependency-Check causing inputs with no file extension to be treated improperly
  • Enterprise+NetSec Improved Qualys VM tool connector integration and error handling