Lucent Sky AVM version 2409 releases
- Lucent Sky AVM version 2409 MR (build 11.0.6218)
Lucent Sky AVM version 2409 MR
New features in 2409 MR
Technology stack
- Support for Lua applications
- Support for Rust applications
Weakness policies
- Support for CWE 4.15
Pre-analysis and Build
- Improvements on the Go parser
- Compatibility improvements on multi-module Maven projects
Binary analysis
- Support for C and C++ binaries in ELF and Mach-O formats
- Accuracy improvements on the .NET binary analysis engine
- Improved compatibility for analyzing binary files without source code mapping
- Improvements on opportunistic binary analysis algorithms
- General improvements on binary analysis engines
Source code analysis
-
Infrastructure-as-code analysis generally available
Source code analysis for infrastructure-as-code (IaC) can detect insecure access control, exposure of sensitive data, and other misconfigurations in IaC files using Bicep and Terraform.
- Improvements on intelligent analysis algorithms
- Accuracy improvements on the .NET and Java source code analysis engines
- General improvements on the C/C++, ECMAScript, Go, PHP, and Python source code analysis engines
Dependency analysis
- Improved dependency identification algorithms
- General improvements on dependency analysis engines
Hybrid analysis
- General improvements on ML-augmented hybrid analysis
Remediation
-
Explanations for vulnerabilities and remediation
Explanations provide additional context to identified vulnerabilities and their remediation, such as how a vulnerability might be exploited and why the remediation can prevent the vulnerabilities from being exploited.
- General improvements on remediation engine
- General improvements on ML-augmented vulnerability remediation
Reporting
-
Remediation confidence revision
Remediation categories and confidence levels have been revised to provide a unified experience:
- Instant Fix remains the name of remediation that is production-ready and can be applied directly to code. The remediation confidence can be
highorlow. - Guided Fix is the new name for contextual suggestion, remediation generated from the vulnerable source code, but requires developer review before it can be applied to code. The remediation confidence is always
guided. - Guided Update is the new name for update guidance, remediation enabling developers to update vulnerable dependencies to a secure version in a single step. The remediation confidence is always
guided. - Suggestion is reserved for generic recommendations that are based on the application's technology stack. The remediation confidence is always
none.
- Instant Fix remains the name of remediation that is production-ready and can be applied directly to code. The remediation confidence can be
-
XML schema revision
Interfaces
-
Cross-platform CLI generally available
Also referred to as CLI Core, the new cross-platform CLI is built with .NET 8 and works natively on Windows, Linux, and macOS. It has feature parity and shares the same syntax with the CLI built with .NET Framework, and can be used as a direct replacement. To learn more about the cross-platform CLI, view the following article in the Lucent Sky Knowledge Base:
Get started with Lucent Sky AVM CLI -
Lucent Sky AVM for IntelliJ IDEA generally available
Lucent Sky AVM for IntelliJ IDEA is the latest IDE extensions and plugins of Lucent Sky AVM, enabling Java and Kotlin developers to scan and secure their applications as they write their code in a familiar environment. To learn more about Lucent Sky AVM for IntelliJ IDEA, view the following article in the Lucent Sky Knowledge Base:
Get started with Lucent Sky AVM for IntelliJ IDEA - Cross-platform support for Lucent Sky AVM for Eclipse
- General improvements on the Web UI
- General improvements on the CLI
- General improvements on the API
Administration
- General improvements of the CLEAR Engine installer
Issues fixed in 2409 MR
- We fixed an issue where certain exceptions in .NET and Java applications misclassified
- We fixed an issue where some result details might be missing when process concurrency is enabled
- We fixed an issue where broadcast messages might be obfuscated on the Web UI
- We fixed an issue where certain CWE-209 results are missed by Java source code analysis
- We fixed an issue where certain autopilot failures might cause previous autopilot scans of the same application to be deleted
- We fixed an issue where certain results might be missing when using intelligence analysis on instances with very large number of vCPUs
- We fixed an issue where Lucent Sky AVM for VS Code fails to load scans with no identified result.
Breaking changes in 2409 MR
-
XML report schema
Breaking change. The XML report schema for item collections has changed. The following table illustrates the changes:
2409 and later 2406 and earlier report/scan/results/resultreport/scan/resultreport/scan/results/result/transformations/transformationreport/scan/result/transformationreport/scan/results/result/explanations/explanationN/A report/scan/files/filereport/scan/filereport/scan/files/file/dependencies/dependencyreport/scan/file/dependency -
CLI internal methods
Potentially breaking change. The output of method
Scan.GetStageshas changed. The methodTools.DetectFrameworkrequires authentication. -
IDE extensions and plugins requirements
Breaking change. Lucent Sky AVM for Eclipse, IntelliJ IDEA, and VS Code, and Visual Studio now requires the cross-platform CLI. This change enables compatibility with Linux and macOS. The directories IDE extensions and plugins will look for the CLI remain unchanged.