Code Dx 3.1.0

Code Dx 3.1.0 7/30/2018

Additions

  • Added support for capturing and displaying data flow information from tools
  • Enterprise Added hybrid SAST-to-DAST correlation capability using static analysis

Fixes

  • Fixed a bug potentially causing correlation to over-match when comparing tool provided IDs
  • Fixed a bug causing potential analysis failure if a project is renamed during correlation
  • Fixed a bug causing results to be lost during correlation in certain scenarios
  • Fixed a bug causing recorrelation to fail in certain scenarios
  • Fixed a bug causing recorrelation to not maintain inactive results on a finding
  • Enterprise Fixed a bug related to authentication in the BlackDuck tool connector
  • Enterprise Fixed some issues with the JIRA assignee selection when creating issues

Changes

  • Promoted a collection of API endpoints to the stable API
  • Updated to CWE 3.1, added OWASP Top Ten 2017 standard
  • Made updates to default ruleset
  • Improved correlation for results with tool provided IDs

Tools

  • Added data flow support to CAT.NET
  • Upgraded bundled Cppcheck to version 1.8.4, updated Cppcheck rule information
  • Upgraded bundled FindBugs to SpotBugs v3.1.3; upgraded Find Security Bugs Plugin to version 1.7.1, updated SpotBugs and Find Security Bugs rule information
  • Enterprise Added data flow support to AppScan Source, Checkmarx, Fortify, and Veracode
  • Enterprise Added native tool ID to Checkmarx, Coverity, and Fortify
  • Enterprise Updated Coverity rule information