Release 4.4
Release date: March 7th, 2024
Key Benefits
- BusinessMap Integration;
- Conviso AST new capabilities;
- Risk Score calculation enhancement;
- Security Experts UX
What's New
New Feature
BusinessMap Integration
We are glad to announce that a native integration with Businessmap has been released.
Integrating Businessmap in Conviso Platform will let developers gain productivity while we do all the hard work by automating the whole vulnerability management triage process.
Receive in real time new vulnerabilities identified in Conviso Platfom, directly in Businessmap lanes. With our two-way integration capability, every status update from both solutions are automatically updated in order to reduce the toil and increase developers productivity.
Check out the documentation here.
New Feature
Conviso AST in Github Actions Marketplace
For a quicker setup, you can now use our official Github Action in order to integrate Conviso AST within your workflow.
Check it out here.
New Feature
Vulnerability Auto-closing
This is a new capability that automatically closes previously identified vulnerabilities in Conviso Platform when using Conviso AST.
This a huge gain in developer productivity as we continue focusing on automation and reducing manual work of developers and security professionals.
You can start using this new capability adding the parameter --vulnerability-auto-close :
conviso ast run --vulnerability-auto-close
More details in our documentation.
New Feature
Defining a custom Asset name
Now you can define a custom name when setting up Conviso AST within the CI/CD.
There are two ways to do this:
- Passing the value as a parameter using the CLI:
conviso ast run --asset-name 'your custom asset name'
- Passing the value as an Environment variable within the CI/CD:
CONVISO_ASSET_NAME='your custom asset name'
More details in our documentation.
Enhancement
Risk Score Calculation Enhancement
We've made significant updates to how we calculate the risk score of assets. Here's what's changed:
- Partial Risk Score Calculation:
Previously, certain fields such as "Business Impact," "Attack Surface," and "Data Classification" were mandatory for calculating the risk score. Now, we've introduced partial calculation, allowing the risk score to be computed even if these fields are not present or if the asset has no vulnerabilities.
- Data Classification Impact:
We've fine-tuned how Data Classification influences the risk score, ensuring a more accurate assessment of asset risk.
UX Improvement
Security Expert Chat Improvements:
In response to user feedback, we've enhanced the user experience of the Security Expert chat feature:
- Improved Text Input Handling:
Previously, hitting Enter would send the message. Now, pressing Enter will simply break the line, allowing users to continue typing within the chat interface seamlessly.
Also text format is preserved to have a more clear readability of messages.
Keep updated on upcoming deliveries!
To have a better understanding about what's coming next on our platform, have a look at our Roadmap.