Tool specific news:
Company
Testwell CMT++/CMTJava
Testwell CTC++
CodeSonar
CodeSentry
Imagix
Codee
RECENT NEWS (all tools)
CodeSentry 6.1 with Significant Updates and Enhancements Available
(Bethesda/USA, Offenburg/Germany, 26 August 2024)
CodeSentry CodeSentry version 6.1 is now available. This version continues to improve workflows for managing discovered components and vulnerabilities, ensuring the creation of high-quality SBOMs and vulnerability reports.The new version includes the following key features and updates:
- Enhanced Bill of Materials Management: Components with identical values for name, version, and manufacturer are now grouped, reducing the number of lines sorted by file path. Users can also change the status (included or excluded) and add comments for multiple components simultaneously.
- Annotations for N-Day Findings: When license names contain quotation marks, CodeSentry now consistently uses single quotes.
- Support for WIM/SWM Archives: Single and multi-part WIM archives (Windows Imaging Format) (.wim, .swm) are now supported. See the note for details.
- Vulnerability Information Updates: CodeSentry 6.1 includes information on over 8,500 new vulnerabilities and 6,300 new products.
- API Enhancements: EPSS scores for vulnerabilities are now available in the "vulnerability_found_search" and "vulnerability_headers" queries.
- Kubernetes Update: SaaS Kubernetes clusters have been updated to version 1.29.5.
CodeSentry 6.0 with Major Features and Enhancements Available
(Bethesda/USA, Offenburg/Germany, 22 April 2024)
CodeSentry version 6.0 is available. This release continues to add new workflows to enable customers to manage their discovered components and vulnerabilities and generating the highest quality SBOMs and vulnerability reports.The new version provides among others the following new features and updates:
- The new Vulnerability Annotation workflow enables the modification of individual vulnerability CVSS scores, exclusion of vulnerabilities, and assigning states such as "Fixed" or "Not Affected".
- CodeSentry now supports the analysis of ISO artifacts up to an industry-leading 40GB in size, which enables the analysis of the complete software images for medical, industrial, and other devices
- The CodeSentry Instance Dashboard is now interactive! Clicking on any of the graphical chart or table sections will jump to the associated list of components or vulnerabilities
- CodeSentry 6.0 includes over 10,400 new vulnerabilities and 4,500 new products
- New Filters on the N-Day Findings and Components tab make it easier to find the most critical vulnerabilities and components.
CodeSentry 5.2 Available: new Checks for 3,500+ new Safety Vulnerabilities
(Bethesda/USA, 18 December 2023)
CodeSentry version 5.2 is available. The new version provides among others the following new features and updates:- CodeSentry 5.2 includes over 3,500 new vulnerabilities and 1,600 new products
- The new License Findings tab displays discovered components organized by their associated license type. This tab can be used to quickly identify components using non-compliant licenses.
- New License Annotation controls support a license approval workflow – licenses can be marked as ‘Approved’ or ‘Not Approved’ for individual components or all components via the Bulk Annotate feature.
- Component Match Detail information now displays data elements that were used to discover open source components contained in the target binary.
- The CSV export of vulnerabilities now includes the attack vector string as part of the data export
- Scoring of Zero-Day vulnerabilities has been updated to reflect the 2023 Top 25 Most Dangerous Software Weaknesses from MITRE.
CodeSentry 5.1 Available: new Checks for 8.400+ new Safety Vulnerabilities
(Bethesda/USA, 4 October 2023)
CodeSentry version 5.1 is available. The new version provides among others the following new features and updates:- Live N-Day Updates for SaaS and internet-connected on-premises instances make it easy to discover new vulnerabilities and exploits affecting your scanned applications, without the need to rescan.
- over 8,400 new vulnerabilities and 3,900 new products
- now compatible with FIPS-enabled systems for on-premises installations
GrammaTech’s Application Security Testing Software Business sold to Battery Ventures
(Bethesda/USA, 5 September 2023)
Our partner GrammaTech today announced that Battery Ventures has acquired its software products division, including the CodeSonar and CodeSentry product lines. The transaction establishes a new, independent entity that will operate under the CodeSecure, Inc. name and be headquartered in Bethesda, Maryland.GrammaTech will continue to offer cyber security research and development services and tools to the US defense and intelligence community.
Further information is available on the CodeSecure website
GrammaTech CodeSentry v5.0 Available: 9,700 New Vulnerabilities and 3,700 New Components
(Ithaca/USA, Offenburg/Germany, 3 July 2023)
GrammaTech is pleased to announce the availability of CodeSentry 5.0.Highlights of the new release include:
- The new Component Annotation feature can be used to exclude components from an SBOM, with an associated audit trail, to deliver the most accurate SBOMs and vulnerability reports
- The CodeSentry UI now includes an Instance Wide Vulnerability Search to enable users to quickly and easily determine which analyzed files are vulnerable to specific CVEs
- CodeSentry binary analysis can now report on Shared Library Dependencies referenced by target binaries – these results are accessible via the CodeSentry API
- CycloneDX SBOM exports now include Open Source License Information
- Over 9,700 new vulnerabilities and 3,700 new components are available in CodeSentry 5.0
GrammaTech CodeSentry v4.2 checks for over 2,300 new Vulnerabilities and 3,800 new Components
(Ithaca/USA, Offenburg/Germany, 20 February 2023)
GrammaTech is pleased to announce the availability of CodeSentry 4.2.Highlights of the new release include:
- CodeSentry 4.2 makes it easy to search your software inventory for vulnerable open source packages with the new Component Search feature
- The new CodeSentry Dashboard provides a 'single pane of glass' overview of artifact scanning and results across the CodeSentry instance
- SBOM Edition is now available to deliver SBOM generation, component license, inventory and search capabilities
- Security Edition adds N-Day vulnerability detection and security attribute reporting
- Advanced Security edition expands vulnerability detection with 0-Day capabilities
- Over 2,300 new vulnerabilities and 3,800 new components are available in CodeSentry 4.2
- Vulnerabilities can now be exported from CodeSentry in the industry standard VEX (Vulnerability Exploitability Exchange) format
GrammaTech CodeSentry v4.1.2 checks for over 1,700 new Vulnerabilities
(Ithaca/USA, Offenburg/Germany, 30 December 2022)
GrammaTech is pleased to announce the availability of CodeSentry 4.1.2. GrammaTech moves to increase the frequency of vulnerability updates in the product in order to provide the most up-to-date vulnerability information to CodeSentry users.Highlights of the new release include over 1,700 new vulnerabilities and 500 new components as well as updates to internal components.
GrammaTech CodeSentry v4.1 Available
(Ithaca/USA, Offenburg/Germany, 15 November 2022)
Version v4.1 of the Binary Software Composition Analysis tool CodeSentry is now available.Some highlights of the new release include:
- Over 4,700 new vulnerabilities can be reported by CodeSentry
- Enhanced support for Javascript package detection when a 'package-lock.json' or 'yarn.lock' file is included
- Improved component detection for PE and COFF binaries
- The accuracy of version detection of open source components found in DLLs has been improved
- CodeSentry deployments now can run in AWS GovCloud
- Several third-party open source components were updated
GrammaTech CodeSentry v4.0 Available
(Ithaca/USA, Offenburg/Germany, 13 September 2022)
Version v4.0 of the Binary Software Composition Analysis tool CodeSentry is now available.CodeSentry v4.0 includes the following new features and enhancements:
New and Expanded Analysis Capabilities
- Support for open-source component detection in Mobile, Firmware, and Embedded software (a wide range of binaries are supported, including Android, iOS, VxWorks, QNX, Cisco and other popular embedded and firmware image formats)
- New support for binaries originating from C#, Go, and Java source code
- Detection of JavaScript and Python components and packages
- Expanded version detection to provide more accurate reporting of older and more vulnerable open-source components
- 11,000 new vulnerabilities have been added to the CodeSentry vulnerability database
- File system image formats such as ext2, ext3, VMDK and others can now be scanned
- The CodeSentry User Interface now has a Dark Mode option for easier viewing
- A summary of N-Day Findings is now available in the Detailed Vulnerability Report (PDF) to review the high-level security of detected components
- When uploading an artifact, the upload progress is now displayed in the UI
- The CodeSentry on-premise installer is now delivered via Replicated – this technology makes it even easier to deploy CodeSentry in an on-premise Kubernetes cluster or air-gapped network.
The complete release notes are available from GrammaTech's website.
GrammaTech CodeSentry v3.1 Available
(Ithaca/USA, Offenburg/Germany, 2 May 2022)
Version v3.1 of the Binary Software Composition Analysis tool CodeSentry is now available.CodeSentry v3.1 includes the following new features and enhancements:
- Software Bill of Materials can now be exported in SPDX format,
- CycloneDX SBOM format exports now include License and Supplier (Vendor) information where available,
- Security Attributes Service scans and results are now available via the UI,
- Reports on binary security features such as ASLR, Stack Execution and more
- Enhanced Reports include new Scan Dashboard and Security Attributes Reporting
- Over 20,000 new and updated vulnerabilities including detection of the Log4Shell vulnerability
- Support for additional archive file formats
- ISO, ext4, SquashFS
GrammaTech CodeSentry v3.0 Available
(Ithaca/USA, Offenburg/Germany, 25 January 2022)
Version v3.0 of the Binary Software Composition Analysis tool CodeSentry is now available.CodeSentry v3.0 includes the following enhancements:
- Enriched vulnerability information
- 8 new fields including links to patches, component upgrades, and remediation information
- Open Source Component Licenses (GPL, BSD, etc) are now reported with the associated license risk
- New Zero-Day Shallow Scan with faster scanning times
- New Security Attributes Service
- Reports on binary security features such as ASLR, Stack Execution and more
- Enhanced CodeSentry Portal featuring new Application Dashboard and Custom Report Generation
- Expanded Component Database with improved component version detection
- Audit Logging of system activity is now available
- Support for additional archive file formats
- MacOS DMG (Extended), .pax archives, symlinks in archives
News about other tools :
Company
Testwell CMT++/CMTJava
Testwell CTC++
CodeSonar
CodeSentry
Imagix
Codee