Release date: 4th June 2020
- We're drastically shortening the quality scan duration.
Starting with the new release, all new instances of our new customers (including trial users) and partners will be using the change-log based scanning which improves the scan performance and shortens its duration by 5 to 10 times.
You'll be able to get your scan results in real time.
- Our open source libraries analysis just got more accurate.
If you're worried about forgetting once imported open source libraries and loosing visibility on risks they may pose, we've got you covered. Our analysis now detects the actual name and version of each open source library used in your code, even though these might have gotten renamed.
You can find the Detected Open Source Libraries on our Profiling dashboard.
With that information we can highlight any reported library vulnerability.
For now, we are including only a limited set of vulnerabilities - added in the form of two new Security rules for both ServiceNow and Salesforce, and these are the following:
Area of impact
|Full scan||Update set scan||Live Check|
|jQuery - XSS vulnerability under 3.5.0, when using htmlPrefilter||Warning||Security|
|XSS vulnerability in Ext JS Action Column getTip||Warning||Security|
The new rules will be reported with severity Warning. We suggest you change the severity to High - see Managing rulesets.
In the next release, we expect to release a full set of relevant vulnerabilities.
- We're further improving our Ruleset section
You can now use the new filter for configuration element, and sort the selected columns of the ruleset table, making the batch updates to rules easier.
Quality Clouds for ServiceNow
- You've asked for it, and now we capture it - who uses Live Check
We've started registering the users who run Live Check. We'll be showing the info on a new dashboard after the next release.
- We've refined the algorithm for detecting out of the box changes
Previously, the detection of Out of the Box (OOTB) changes was omitting to flag some elements where the "created by" user was "admin". This has now been modified using additional attributes of the configuration elements.
As a result, you may see an increase in the number of OOTB modifications reported in the Upgradeability dashboard, and of warnings of type "Out of the Box element modified" in all the dashboards which show issues.