Release highlights
This release contains are new advanced security issue triaging functionality!
Advanced security issue management
We’ve been hard at work implementing a lot of new features in our security issue management area. What started as a few nice new features turned into an entire re-working of how users can view and manage the security issues our platform detects.
The new features includes functionality that users have come to expect from using other security issue management services;
- Custom statuses (fixed, false positive, ignore)
- User comments
- User assignment
- Custom tagging
- File content viewing with lines related to the issue highlighted
- Viewing other occurrences of the same or similar issues in other files
- Filters for all of the above
But we’ve also been able to add some exciting new features not found elsewhere, which we are uniquely positioned to do due to the data and analysis we’re already doing for user’s codebases;
AI explanations and suggested fixes
When viewing a single issue, Ada will explain what the issue is, suggest a potential fix (both explaining the fix and with a code suggestion) and suggest how to avoid issues like this in the future
Combined history analysis for every issue
We show a combined timeline of an issue’s history, combining all of the data that we are already analysing on the related code.
The timeline includes any related GIT changes and by which developers (so you can get an idea of who’s ben working on that particular area of code), which code vault replication it was first detected in our platform, and whether the issue was fixed or still found at each code replication.
The timeline also includes any custom tags, comments and so on from any user.
Automated updating of security issues after code replications.
This is a very useful and powerful feature – when your scheduled (or manual) code replications are completed, we check to see for the following;
- If any security issues are no longer found, then we automatically mark them as fixed and add a comment.
- If any security issues have been marked as fixed by a user, but are still there in the new code replication, we automatically re-open them and add a comment
So – for example – your team of developers could be marking issues as fixed all month, and when the code replication occurs, you can see how many of those issues have actually been fixed in the latest code or not.
Integration with 40+ ticketing systems with our partnership with Merge.dev
We’ve partnered with Merge.dev and implemented their unified API service so that our users can integrate their ticketing system of choice into our platform.
So whether you use Jira, Clickup, Asana or many more, you can push security issues into those systems as tickets to be worked on.
Once an issue is synced with a ticketing system, any actions on our platform are mirrored into that system too. I.E. comments, marking a ticket as fixed etc.
And it’s a two way integration, which means once per day any updates from your ticketing system are also mirrored in The Code Registry. Meaning that your developers can complete the issues in their normal workflow, and you’ll see the updates in The Code Registry automatically.
You can find this integration in the revamped “Integrations” tab on the “Team Settings” page.
And because of our combined project level view of all codebases in a project, all of the above data, filters and issue management can be done across an entire project (whether that’s a single code vault or 20).
Bug fixes
- Fixed a bug where very long component or component vendor names caused layout issues in PDF reports
- Fixed a bug where searching for partial GIT repo branch names returned valid results (i.e. searching for feature-name matched feature/feature-name)