Skip to main content

Version 3.6

Multi-Tenant release date: February 4, 2024

New features and enhancements

Contributor count by email

The contributor count procedure based on the contributor-count CLI command, has been modified to use email addresses instead of usernames, aiming to enhance accuracy in the counting process.

Overall risk score displayed more prominently

In the Risk Management feature, the overall risk score, previously positioned at the table's bottom, has now been prominently showcased and made readily accessible to users.

Sub-module scan disablement

We have introduced a new configuration allowing you to toggle sub-module skipping at the tenant and project level. This configuration is accessible through a new drop-down field and is disabled by default.

AI-guided remediation for SAST results

Previously available for IaC Security vulnerabilities, our AI-Guided Remediation feature has now been expanded to include SAST results. This enhancement ensures that developers can benefit from personalized guidance when addressing both IaC Security and SAST findings directly within VS Code.

Queued scans limit

We have set restrictions on the number of queued scans per license to manage system load effectively. The limitations are as follows: minimum 1, default 1000, and maximum 2000 queued scans. If the queue reaches its limit, a failure message will be displayed.

Resolved issues

  • Encountering issues when refreshing repository permission for projects with spaces or special characters in their names.

  • Unable to parse data from rows, encountering a SQL scan error related to column index 12 and the created_at field.

  • The dev/test toggle does not affect the Vulnerable Package Path in the Risk view.

  • Ignored rows in the risks table occasionally appear without proper strikethrough formatting.

  • The new Module of Record (MoR) sends an incorrect value for the packageManager field.

  • Issues observed when using the package name filter, particularly when pasting values.

  • Discrepancy identified between the specified endpoint in the code and the documentation.

  • SCA scans are failing to report any dependencies after Yarn upgrades.

  • The API endpoint GET /aggregate with filters, grouped by Severity, exhibits improper functionality when choosing various severities.

  • Encountering a UI issue when starting a scan via the REST API with disabled engines.

  • Worker failure to download source files, resulting in a 500 error and a failed to unmarshall event message.

  • SCA results show Medium severity, while the scan report displays High severity.

  • Experiencing extremely slow retrieval of results in SQL.

  • Encountering an Error 500 - Internal Server Error when attempting to open a Feature Request.

  • The By Tag feature in the Open Vulnerabilities Report only lists the key and exhibits unexpected behavior.

  • Permissions for Insights are not accessible, although the icon is visible in the sidebar.

  • Official documentation links for Account Settings Views are broken.

  • The CxOne CLI plugin is ignoring the --sca-exploitable-path parameter.

  • The health check to keep the WebAudit session alive is timing out.