Skip to content

3.1.0
Compare
Choose a tag to compare
@Naramsim Naramsim released this 04 Jul 08:26
· 1384 commits to master since this release
3.1.0
94dad0f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Features:

  • Dependency trail: The Maven plugin collects the entire trail of application dependencies, which is displayed in the dependency details view. The depth of the dependency trail is shown in the dependencies overview table.
  • The JarAnalyzer extracts information from embedded pom.xml files (where present). This information is used to detect vulnerable code even if the package of the respective Java classes have been changed during the rebundling (e.g., from com.google.common to avro.shaded.com.google.common). Note: Vulnerabilities in rebundled classes whose package did not change were already detected in the past.
  • A first version of a SlicingInstrumentor can be used to disable all non-reachable constructs (according to static and dyanamic analyses) of application dependencies, which has as goal to reduce the overall attack surface of Web applications.

Improvements:

  • The average age of dependencies is displayed in months.
  • The columns for static and dynamic analysis results in the vulnerabilities overview table are hidden by default.
Assets 3
Loading