Version 3.33 | March 9, 2025
New features and enhancements
Enhanced DAST Triage with Persistent Notes
GA: March 16
The Add Notes feature enables users to attach context to vulnerabilities in DAST results, such as mitigation strategies or rationale for severity changes. Notes persist across scans, supporting triage, auditing, and collaboration. This aligns with the existing note-adding functionality in SAST and IaC Security, ensuring platform consistency.
Identity & Access Management (IAM) – UI Refresh
A newly refreshed UI is coming your way! Starting the gradual rollout this week.
We’ve updated the IAM user interface to align with our evolving platform design. While all existing functionality remains unchanged, you’ll notice:
A redesigned landing page with a cleaner, more modern look
Minor UI adjustments for consistency across the platform
No action is required, and all IAM settings, permissions, and workflows continue to function as before.
SCA
AI Guided Package Remediation
When the SCA scanner identifies a vulnerable package in your project and there is no remediated version available, a button is now shown that enables you to get AI generated suggestions for non-vulnerable replacement packages.
SCA Global Inventory Improvements
We added the following functionality to the Vulnerabilities & Malware tab of the SCA Global Inventory.
Added the “Fix Available” column, indicating whether or not a remediated version of the package is available. You can sort and filter for this column.
The EPSS score is now shown in a separate column (not under Exploitability). You can now sort and filter for EPSS.
Resolved issues
Ticket number | Description |
|---|---|
AST-80321 | Epic Links for Jira feedback profiles stopped working. |
AST-80593 | An error occurred when generating a Projects Report. |
AST-80428 | A type conversion error occurred when attempting to convert an empty interface. |
AST-80773 | The access token was briefly exposed when opening the Overview page in a new tab. |
AST-81799 | Analytics: CSV report from KPI was ignoring a tag filter. |
AST-81136 | API Compare Scan Endpoint allowed comparison to a running scan. |
AST-82885 | The source code was missing in the SAST viewer when the file path contained an HTML entity such as #. |
AST-82682 | An attempt to delete a project failed with the "Failed to fetch project" error. |
AST-84312 | A SAST scan was skipped with the "no valid sources were found" message for repositories containing symlinks. |
AST-84583 | The system OAuth client was visible in AIM UI. |
AST-84801 | The Applications page was not loading with a “Failed to get all Projects” error. |
SCA-21893 | SPDX 2.2 SBOM Scan was not working. |
SCA-21983 | Failed to load results from old projects. |
AST-82217 | SCA Containers were still showing results. |
AST-64507 | Traditional Chinese characters are masked in project report. |
AST-78615 | The number of vulnerabilities in Scan History doesn't match the CSV Export grid. |
AST-80010 | The CSV from SAST results shows an incorrect detection date when the detection date is earlier than the scan date. |
AST-80016 | Failed to generate a report with the Containers engine. |
AST-80697 | Application report is showing 0 for all the rows for some users. |