change log

Code Dx 4.1.2

Code Dx 4.1.2 6/20/2019

Fixes

  • Fixed a bug where session age limits were being improperly applied to API key authentication
  • Fixed a bug causing users to be erroneously redirected to the projects page when other projects are deleted
  • Fixed a Git integration bug related to the branch override option
  • Fixed a bug causing a potential error when displaying license hardware ID
  • Fixed a bug causing deleted users to show on the admin page with "null" for a principal
  • Enterprise+NetSec Fixed a bug causing spurious recorrelation prompts during host normalization

Changes

  • Enterprise Added some issue tracker template helpers

Tools

  • Enterprise Fixed a bug with AppSpider HTML description rendering
  • Enterprise Added request limiting to Black Duck tool connector
  • Enterprise Fixed a display issue for version-less Black Duck component reports
  • Enterprise Added support for groups to NowSecure tool connector
  • Enterprise+NetSec Added Qualys EC2 and agent host tracking methods

Code Dx 4.1.0

Code Dx 4.1.0 6/11/2019

Additions

  • Added option to allow gone findings to be re-opened
  • Added option to allow resolved findings to be re-opened
  • Added logic to maintain the finding filter collapse and menu states across page loads
  • Added setting to disable collection of code metrics
  • Added Japanese font support for PDF report
  • Enterprise Added time skew support for SAML

Fixes

  • Fixed two bugs causing the path normalizer to make confusing changes in certain circumstances
  • Disabled re-correlate button for users without appropriate permissions
  • Enabled filtering by 0-tool overlap on the findings page
  • Improved caching and reduced the number of API requests on page load for the findings table
  • Made a fix to the clean up process for old analysis file metadata
  • Enterprise Fixed a bug causing manually entered results to potentially lose their general CWE/severity when re-correlating
  • Enterprise Fixed a bug with Jira auto-create summary template causing summaries to be wrapped with quotes
  • Enterprise Fixed a bug allowing the version and component Jira fields to be shown with no allowed values
  • Enterprise Disallowed saving Jira configuration when grouping configuration is incomplete

Changes

  • Improved re-correlation flagging logic to be smarter about which projects need re-correlation
  • Improved data ingestion process
  • Made changes to allow for fuzzy element type matching when correlating
  • Improved correlation graph building to optimize memory consumption and performance
  • Updated CWE to version 3.2
  • Renamed ‘Codebase Location’ column on findings table to ‘Location’
  • Tweaked time filter to auto-scroll to the right on load
  • Improved performance of the first seen and last modified filters
  • Enterprise+NetSec Made host normalization more customizable

Tools

  • Fixed a failure case where Cppcheck was being run against inputs containing only header files
  • Tweaked ESLint wrapper to ignore node_modules folder
  • Enterprise Added tool connector support for Coverity
  • Enterprise Fixed bug causing CAT.NET integration to not accept zero results
  • Enterprise Tweaked Parasoft reader to not require ‘locFile’ attributes
  • Enterprise Updated Clang reader to detect file encoding
  • Enterprise Added tool reader support for ErrCheck
  • Enterprise Added tool reader support for GoCyclo
  • Enterprise Added tool reader support for GoLint
  • Enterprise Added tool reader support for GoSec
  • Enterprise Added tool reader support for Go Vet
  • Enterprise Added tool reader support for IneffAssign
  • Enterprise Added tool connector and reader support for Qualys VM
  • Enterprise Added tool reader support for SafeSQL
  • Enterprise Added tool reader support for Staticcheck
  • Enterprise Added mapping for critical severity for NowSecure

Code Dx 4.0.0

Code Dx 4.0.0 4/18/2019

Additions

  • Added a visual audit and error log page
  • Enterprise Added support for auto creation of Jira tickets
  • Enterprise Added the ability to disable Git source analysis for a new analysis
  • Enterprise+NetSec Added infrastructure and network security support (additional license required)

Fixes

  • Fixed a bug causing the PDF report to not show details for findings without a location
  • Fixed a performance issue with cleaning up old result data during ingestion

Changes

  • Renamed "rule" column/filter to "type" and expanded the level of detail shown
  • Updated PDF report with new severity colors
  • Improved performance of Jira sync

Tools

  • Enterprise Added comment, detailed data, filter set, and trace options to Fortify SSC tool connector
  • Enterprise Updated Checkmarx tool connector; added OSA support
  • Enterprise+NetSec Added support for Nessus
  • Enterprise+NetSec Added support for Nmap

Plugins

  • Added a plugin for Atlassian Bamboo

Code Dx 3.7.0

Code Dx 3.7.0 3/19/2019

Fixes

  • Fixed a problem where LDAP connections weren’t re-bound with system credentials after use
  • Fixed a rare failure case for finding location tracking with certain permutations of inputs

Changes

  • Tweaked result cleanup process to improve consistency of analysis times
  • Made some changes to suppress browser auto-complete on various form inputs

Tools

  • Enterprise Added support for AdaCore CodePeer
  • Enterprise Updated the Black Duck tool connector
  • Enterprise Updated the Protecode CSV reader

Code Dx 3.6.0

Code Dx 3.6.0 1/30/2019

Additions

  • Added support for enforcing user session timeouts
  • Added support for multiple configuration files
  • Enterprise Added support for tracking findings as source code changes
  • Enterprise Added support for two-way synchronization with Jira
  • Enterprise Added support for Jira status transitions that require field inputs
  • Enterprise Added ability to view archived results

Changes

  • Updated default rule set and standards

Fixes

  • Fixed sorting on rule set edit page

Code Dx 3.5.5

Code Dx 3.5.5 1/4/2019

Changes

  • Enterprise Made some UI tweaks related to Jira integration

Fixes

  • Fixed a concurrency issue presenting when two concurrent analyses observe the same tool data at the same time
  • Fixed a bug causing potential database deadlocks during analyses
  • Enterprise Fixed some read logic issues with NowSecure
  • Enterprise Fixed a misconfiguration causing analysis file for XML files with long attributes
  • Enterprise, SWAMP Tweaked SCARF reader to ensure results without a primary location are maintained
  • SWAMP Added permission to purge disabled tool results for SWAMP users

Tools

  • Updated Dependency-Check to version 4.0.1
  • Updated Retire.js vulnerability repository

Code Dx 3.5.4

Code Dx 3.5.4 12/13/2018

Fixes

  • Enterprise Fixed an issue causing some Jira issue creation failures to not be displayed

Changes

  • Overhauled LDAP support to provide better functionality

Code Dx 3.5.3

Code Dx 3.5.3 12/7/2018

Fixes

  • Fixed an issue causing errors on the activity stream for actions made by deleted users
  • Enterprise Fixed some dashboard display issues when using Safari

Tools

  • Enterprise Updated Protecode integration to treat CVSS2 data as optional

Code Dx 3.5.2

Code Dx 3.5.2 11/28/2018

Fixes

  • Enterprise Fixed an issue causing analyses to fail for git repositories containing symbolic links
  • Enterprise Fixed a bug causing "advanced field values" to not be used when changing issue type while creating a Jira issue

Tools

  • Enterprise Fixed an issue causing CWEs to not be recorded for SonarQube results