Code Dx 3.1.0 7/30/2018
Additions
- Added support for capturing and displaying data flow information from tools
- Enterprise Added hybrid SAST-to-DAST correlation capability using static analysis
Fixes
- Fixed a bug potentially causing correlation to over-match when comparing tool provided IDs
- Fixed a bug causing potential analysis failure if a project is renamed during correlation
- Fixed a bug causing results to be lost during correlation in certain scenarios
- Fixed a bug causing recorrelation to fail in certain scenarios
- Fixed a bug causing recorrelation to not maintain inactive results on a finding
- Enterprise Fixed a bug related to authentication in the BlackDuck tool connector
- Enterprise Fixed some issues with the JIRA assignee selection when creating issues
Changes
- Promoted a collection of API endpoints to the stable API
- Updated to CWE 3.1, added OWASP Top Ten 2017 standard
- Made updates to default ruleset
- Improved correlation for results with tool provided IDs
Tools
- Added data flow support to CAT.NET
- Upgraded bundled Cppcheck to version 1.8.4, updated Cppcheck rule information
- Upgraded bundled FindBugs to SpotBugs v3.1.3; upgraded Find Security Bugs Plugin to version 1.7.1, updated SpotBugs and Find Security Bugs rule information
- Enterprise Added data flow support to AppScan Source, Checkmarx, Fortify, and Veracode
- Enterprise Added native tool ID to Checkmarx, Coverity, and Fortify
- Enterprise Updated Coverity rule information
