Code Dx 2.5.0

Code Dx 2.5.0 6/7/2017

What’s different since v2.4.6

Additions

  • All Added ability to customize filenames for generated reports
  • All Added filtering option to the project list page
  • Enterprise Added project metadata functionality
  • Enterprise Added extended customizability to PDF report
  • Enterprise Added ability to specify custom detection methods
  • Enterprise Added header-based authentication options

Changes

  • All Overhauled finding correlation / de-duplication process
  • All Changed tool result ingestion process to keep all results
  • All Updated and cleaned up front-end JavaScript and dependencies
  • All Improved the switch widget used on the tool config page, admin page, and settings menu on the findings page
  • All Reduced memory usage during analyses
  • All Made general improvements to the analysis data pipeline
  • All Made improvements to the process of enabling/disabling correlation
  • All Updated Apache Shiro dependency to version 1.3.2
  • Enterprise Added correlation for manually entered results
  • Enterprise Added ability to specify a tool when manually entering results
  • Enterprise Changed the process of applying tool-reported triage status to be more consistent

Fixes

  • All Fixed an issue allowing conflicting analysis-like operations to run in parallel
  • All Fixed a problem causing search-on-page not to work with source code on the finding details page
  • Enterprise Moved path auto-complete for manual entry server-side to alleviate browser performance and storage concerns
  • Enterprise Fixed a problem causing values in the issue tracker result modal to be “undefined”

Tools

  • Enterprise Added limited ability to correlate based on Veracode flaw ID
  • Enterprise Corrected CWE mapping for WhiteHat unpatched library/software version results

API

  • All Changed type / findingType fields to detectionMethod throughout
  • All Renamed toolResult / toolResults to result / results throughout