The Code Dx team recently released Code Dx 1.7, which includes many new features. Some highlights include:

  • Detecting the use of vulnerable third-party components
  • Redesigned upload page
  • Python support
  • Checkmarx support
  • Hide/show columns in Findings Table
  • Update notifications

Detecting the use of vulnerable third-party components

Most of today’s software is developed primarily by leveraging third-party components and frameworks, and then stitching things together. In fact, Sonatype estimates that 90% of software written today is assembled from open-source components. For more information on the use of third-party components, check out our recent Government Security News (GSN) article.

With Code Dx 1.7 we’ve added support for checking for the use of known vulnerable components, such as using a vulnerable version of the Spring Framework or jQuery. Often times the fix is to simply download the latest version of the library. To perform this analysis, we’ve bundled two great open-source tools: OWASP Dependency-Check, which checks for vulnerable Java and .NET components, and Retire.js, which checks for vulnerable JavaScript libraries.

These new findings will appear with the rest of the tool results within Code Dx’s unified interface.

detecting-third-party-componentsAnd details on each finding are available on the Code Dx details page, along with CVE or other related links, if available, to help with remediation.

Redesigned upload page

We’ve redesigned the New Analysis tool/source upload page to be more transparent and flexible. After selecting your input files, Code Dx will now show you what content was detected and what tools will be run based on that content. It also allows you to disable a particular content type, which will prevent the associated tool(s) from running. Or you can simply disable a tool directly.

Python support

This new version of Code Dx now has support for checking Python code for flaws by leveraging the Pylint static analysis tools. Just give Code Dx a zip of your source code or point to a Git repository, then you can quickly check it against 218 Python rule checkers.

Checkmarx support

With Code Dx Enterprise, Checkmarx CxSAST XML output files can now be uploaded to Code Dx and integrated with your other static analysis tools for triage, collaboration, and remediation.

Hide/show columns in Weaknesses Table

The table that lists the findings now has configurable columns, so if you are only interested in a few attributes you can hide the rest, and provide room for the stuff you really care about.

Update notifications

Curious about whether there’s a new release of Code Dx available? Now update notifications will be shown in the header area to the left of the Code Dx logo. The color will change from yellow to red as you become more out-of-date. Hover over the update icon for a download link for our latest version.

Check it out!

The Code Dx team hopes you will find these new features useful. Don’t hesitate to contact us with your questions and comments. We appreciate all feedback and look forward to hearing from you.

If you haven’t used Code Dx yet, then download your free 30-day trial version today.