Rules to look for databases, messaging systems, caches

This release contains a lot more enhancements to scan for services used by the application(s)

• Databases
• Messaging Systems
• Cache

Support currently added only for .NET and Java applications. There are some rules for python too

New features

FEATURES:

• Added recalculate command to update the scores in the same run. Thanks to Brian for this!!
• Added new rules to look for middleware and dependent databases (more to come on this)

Enjoy the features 🚀

Adding linux arm executable

• Adding linux arm executable
• Security fixes

Bug Fixes

package bug fixes and generating the arm64 binary for darwin

Bug Fixes and lots of rules tweaks

• Fixed the bug
• Modified the rules folder, and removed duplicate rules
• Added proper categories for the various rules that get fired

Enjoy the new release!! 🚀

Bug Fixes

• Resolved a lot of security bugs
• Updated the rules for cloud foundry
• Minor tweaks on the tagging - changed "java version" to "java-version", and "spring boot" to "spring-boot"
• Updated logic to calculate scores for apps that have no rules that got fired
• Merged PR's - One Shot Rules and ruby code rules

Enjoy this new Release 🚀

4.1.11

CSA 4.1.11

New Features:

• New rules attributes:
  container/cloud: Integer attributes representing percentage to adjust effort. See documentation
• New rule attributes:
  rule type: standard/one-shot: one shot rules fire only once. See documentation
• Plus minor bug fixes

4.1.9

CSA 4.1.9

New Features:

• New command line parameter --efd, exclude finding details. This will cause CSA to not collect the source code patterns that caused the rule to trigger.
• New Ruby rules
• Plus minor bug fix
• Retore rule tests

4.0.0

CSA 4.0

New Features:

• Exclude Patterns - Helps with excluding false positives.
• Profiles - Profiles can be selected at runtime to choose what set of rules will be used during the scan.
• Rule Testing Framework - Helps with testing and maintaining a solid set of CSA rules. Custom set of rules can be tested independently of CSA (See: Test.zip).
• Generate HTML and CSV Finding Reports - Generates HTML and CSV findings reports that can be leveraged into a CI pipeline

Rules updates:

• Rules have been updated to address false positives. 150 rules have now automated tests associated.
• Improved regex patterns, tagging

Updated Build Process:

• Build scripts have been consolidated into one main scripts to generate cross platform artifacts
• Rule tests are now executed during the build process

Security Fixes:

• Various vulnerabilities have been addressed

Updated Rules!!

New Features:

• Improved Rules
• Reduced false positives
• More Azure Spring App rules