Release 4.0

Release date: March 10th, 2023

Key Benefits

This new version includes the ability to import results from external scanners that use SARIF format as their output and a simpler way to invite your team to Conviso Platform

Increased productivity for developers;
Less manual work;
Aggregate results and manage vulnerabilities from different tools like Trivy, Semgrep, Conviso Scan tools and other tools supporting SARIF format;
Bring your team to Conviso Platform and start embracing AppSec cultural change

With these enhancements, you can easily bring your team to the platform to manage and address vulnerabilities across different tools, saving time and effort while ensuring the security of your applications.

What's New

New Feature

SARIF Support now available!

Developers can now automate the entire vulnerability management process within Conviso Platform by integrating it with tools that use SARIF as the output format. That means you can now focus on fixing vulnerabilities instead of doing manual work - our automation handles it for you! Configuring this feature with your preferred CI/CD tool is easy. Simply use our CLI and follow a few easy steps.

This is an example that shows how to run a Trivy scan an send the results to Conviso Platform using Github Actions:

name: Trivy Security Scan + Conviso importation

on:
  push:
    branches:
      - main

jobs:
  scan:
    # In this example we are using Trivy, but you can change the Scanner to any who performs SARIF output
    name: Trivy Scan
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: results.sarif
          severity: 'CRITICAL'

  import:
    name: Importation SARIF results to Conviso Platform 
    needs: scan
    runs-on: ubuntu-20.04
    container:
      image: convisoappsec/flowcli:1.12.0-rc.2
      env:
        FLOW_API_KEY: ${{secrets.CONVISO_API_KEY}}
        FLOW_PROJECT_CODE: ${{secrets.CONVISO_PROJECT_CODE}}
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Download result from previous scan
        uses: actions/download-artifact@v3
        with:
          name: results.sarif

      - name: SARIF Importation
        run: |
          conviso findings import-sarif --input-file results.sarif

Check our documentation to learn more and start making use of it!

Enhancement

A new, simpler and redesigned User Invitation process

We believe effective application security requires the whole team to participate and engage. From Developers, Security Champions, Security Analysts, Engineering Managers, CISOs to CTOs, all need to have the proper tools and information to make that culture shift to bring security to the entire software development life-cycle. That's why you can and should invite team members to Conviso Platform without any extra cost.

In this release, we are delivering a simpler experience and redefined design for both, in-app and email design.

Bring the whole team to Conviso Platform and start changing the Culture of Application Security in your company.

Keep updated on upcoming deliveries!

To have a better understanding about what's coming next on our platform, have a look at our Roadmap.

Key Benefits

What's New​

New Feature​

SARIF Support now available!​

Enhancement​

A new, simpler and redesigned User Invitation process​

Bring the whole team to Conviso Platform and start changing the Culture of Application Security in your company.​

Keep updated on upcoming deliveries!​