Lucent Sky AVM version 2309 release notes

2023/11/9 |

Lucent Sky AVM version 2309 releases

Lucent Sky AVM version 2309 MR

New features in 2309 MR

Technology stack

  • Support for Dart in .NET, Android, ASP, Go, iOS, Java, PHP, Python, Ruby, and static web applications
  • Support for Java SE 21
  • Support for explicitly set C/C++ environments on Windows and BSD

Build

  • Automatic analysis target detection

    If an analysis target has not been explicitly selected, the build engine will attempt to identify potential analysis targets and use a data model to automatically select one as the analysis target.

  • Improved package and dependency management for .NET projects

Binary analysis

  • Binary analysis engines have been updated to use the forth-generation analysis architecture

  • Binary analysis for C and C++ are now available on on-premise instances

  • Binary analysis now allows for explicitly setting multiple analysis targets

  • Opportunistic binary analysis

    Opportunistic binary analysis is an extension of opportunistic analysis. When the build stage failed for a scan, instead of falling back to source code analysis only, opportunistic binary analysis will intelligently identify potential binary analysis targets and switch the scan to direct binary analysis when applicable.

Source code analysis

  • Source code analysis engines have been updated to use the forth-generation analysis architecture
  • General improvements on the Android, C/C++, COBOL, ECMAScript, Go, iOS, PHP, and SQL analysis engines

Hybrid analysis

  • ML-augmented hybrid analysis

    ML-augmented hybrid analysis helps automatic suppression work better for each organization by learning how results are triaged and how security and weakness policies are applied.

Remediation

  • Remediation engine has been updated to use the forth-generation analysis architecture, improving the accuracy and contextual information for Instant Fixes and remediation suggestions

  • ML-augmented vulnerability remediation

    ML-augmented vulnerability remediation enables vulnerability remediation algorithms to automatically adept to how developers at each organization write and secure code.

Weakness policies

  • Support for 2023 CWE Top 25

Interface

  • Multi-factor authentication is now available on on-premise instances
  • Lucent Sky AVM for Visual Studio Code is now generally available and support Visual Studio Code 1.74 and later on Windows, macOS, and Ubuntu
  • Lucent Sky AVM for Visual Studio (previously known as Visual Studio extension) has been updated with support for remediation suggestions and dependency update guidance
  • Lucent Sky AVM for Eclipse IDE (previously known as Eclipse plug-in) has been updated with support for remediation suggestions and dependency update guidance, and support for Eclipse IDE 2023-09

Administration

  • The time when the scan is pending due to no available core is no longer included in the scan time

Issues fixed in 2309 MR

  • We fixed an issue where Ruby files not properly marked as scanned by source code analysis
  • We fixed an issue where 2022 CWE Top 25 labels are not displayed in HTML and PDF reports
  • We fixed an issue where an unexpected error occurs when expanding certain 7-Zip archives
  • We fixed an issue where Instant Fix or remediation suggestion might not be available to certain CWE-676 results in Go applications
  • We fixed an issue where specifying the WebAppPath scan argument has no effect on Java applications with certain structures

Breaking changes in 2309 MR

  • Scans created by version 4.7 and earlier are incompatible

    Breaking change. Scans created by Lucent Sky AVM version 4.7 and earlier are incompatible with version 2309. These scans need to be deleted before an instance can be upgraded to version 2309.

  • Result hashes generated by version 2009 and earlier are incompatible

    Breaking change. Result hashs and suppression signatures generated by Lucent Sky AVM version 2009 and earlier are no longer recognized by Lucent Sky AVM version 2309.

  • Heuristic rules created with schema version 1 are incompatible

    Breaking change. Heuristic rule schema has been updated to version 2. Rule packages containing heuristic rules created with version 1 schema need to be updated before they can be used on Lucent Sky AVM version 2309 and later.

  • Latest Java runtime changed from Java SE 17 to Java SE 21

    Potential breaking change. The latest Java runtime will be migrated from Java SE 17 to Java SE 21. As a result, custom runtimes and applications set to use the latest Java runtime will be using Java 21. If these applications are incompatible with Java 21, explicity change their runtime from latest to Java SE 17.

  • Analysis target as a comma-separated list

    Potential breaking change. In verrsion 2309, multiple analysis targets can be specified through a comma-separated list. Therefore, if the path of the analysis target contains commas, the path needs to be enclosed in double-quotes. For example, if the analysis target is Contoso\Contoso,Web.csproj, it needs to be changed to "Contoso\Contoso,Web.csproj".

  • Scan argument changes

    • BuildOutputPath - Potential breaking change. In version 2306 and prior, build output path (specified through the scan argument BuildOutputPath) is relative to the root of the source code archive. In version 2309, it is relative to the parent directory of the analysis target (explicitly specified or automatically found). For example, if the analysis target is Contoso\Contoso.csproj and the build output path is Contoso\Debug\Contoso.dll, the BuildOutputPath scan argument needs to be changed from Contoso\Debug\Contoso.dll to Debug\Contoso.dll.
    • JavaSourcePath - Potential breaking change. In version 2306 and prior, Java source path (specified through the scan argument JavaSourcePath) is relative to the root of the source code archive. In version 2309, it is relative to the parent directory of the analysis target (explicitly specified or automatically found). For example, if the analysis target is Contoso\pom.xml and the Java source path is Contoso\source, the JavaSourcePath scan argument needs to be changed from Contoso\source to source.
    • WebAppPath - Potential breaking change. In version 2306 and prior, the root of web app within the project (specified through the scan argument WebAppPath) is relative to the root of the source code archive. In version 2309, it is relative to the parent directory of the analysis target (explicitly specified or automatically found). For example, if the analysis target is Contoso\pom.xml and the root of web app is Contoso\webapp, the WebAppPath scan argument needs to be changed from Contoso\webapp to webapp.