Skip to main content

Current Multi-Tenant Version | 3.28

Multi-Tenant release date: January 5, 2025

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

New features and enhancements

Jira Feedback Apps - SCA Exploitable Path Filter

We added a new option to apply an Exploitable Path filter to Jira Feedback Apps. When you apply this filter, Jira tickets are created for SCA vulnerabilities only if an Exploitable Path was identified.

SCA Updates

Malicious Packages in SCA Inventory and Risks

We now include results from Malicious Package Detection (for licensed accounts) on the SCA Inventory and Risks screen. The data is shown in the relevant tabs.

  • Packages tab - Malicious Packages and Suspected Malware are now shown in the table with the Vulnerabilities column showing the malicious icon Image_1487.png. You can filter and sort for Malicious Packages and/or Suspected Malware.

  • Risks tab - Risks associated with malicious packages are shown in the table with the Risk Type listed as "Suspected Malware". You can filter and sort for Suspected Malware.

When you export the data from the SCA Inventory and Risks, the malicious package data is included in the report.

SCA Resolver Version 2.12.7

(Jan 3, 2025)

  • For Bower,

    • Fixed resolution for packages for which the version is declared as a range

    • Ignore transitive dev dependencies

  • For Gradle, skip command execution for ignored modules.

Download the new version here.

Resolved issues

  • Container Engine didn’t show results if the user was "if in group".

  • It was not possible to add Azure Cloud as a self-hosted SCM if the URL contained user info.

  • It was not possible to import repositories from GitHub.

  • REST API /api/flags?filter={tenantID} allowed checking other tenant IDs.

  • The feedback app updated the status of the Jira tickets on every scan, even when they were already marked as Released.

  • Problems with filtering Container Security vulnerabilities and packages.

  • Attack vectors spanning multiple files had incorrect URL in Jira.

  • The view-results-if-in-group role didn’t work for "containers".

  • The results API was not working for the Container Security Engine.

  • Container scans wouldn’t finish in a test environment.

  • Inconsistency between CSV Applications report and the application UI overview.

  • Project's JSON report showed the package and technology names in the languagename field.

  • If Jenkins was running on a Linux machine, it wouldn’t collect the environment variable in lower case.

  • Users with the ast-admin role encountered a 403 Forbidden error page.

  • [Analytics] The application encountered a ReferenceError with the message: "stateColors is not defined".

  • Deleting a project failed with the error message: "Failed to fetch project".

  • It was requested to increase the gRPC max message size and decrease the pagination offset.

  • Scanning failed when a large number of secrets were inserted.

  • Inserting results failed.

  • Import queries were not working as expected.

  • Tenant name was not filled automatically when logging in to a single-tenant environment.

  • The Identity Provider Mapper of type SAML Attribute to Groups does not display subgroups.

  • SCS risks in the Application Risk Management UI could not be linked to the correct risk pages.

  • There was a discrepancy in results when processing two nearly identical ZIP files.

  • Irrelevant error message.

  • The GI search box was not filtering correctly.

  • The Package Usage feature encountered an OutOfMemory error.

  • The page redirected to a 404 error, and users were unable to retry by refreshing the page.

In this section: