This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 5.1, as well as known issues of this release.
For more information about this release, visit the blog post Lucent Sky AVM 5.1 released.
Updates in Lucent Sky AVM 5.1
-
Search (first phase) - In the first phase of supporting search functionalities, a tag field was added to applications and scans. Similar to a blog post or a tweet, tags allow you to quickly categorize an application (such as the tech stacks used) or a scan (such as the release number). Additionally, application filtering was added to the API, allowing applications to be filter by the status of their latest scan.
-
Priority calculation algorithm update - The priority calculation algorithm has been updated, allowing more factors to be used when calculating the priority score for each result. The most noticeable change is the addition of Priority 4, which indicates a result poses very little risk by itself but might the related code might not conform to security best-practices.
-
Custom remediation rules - Prior to this release, customers who use custom security libraries need to submit the libraries to Lucent Sky before they can be recognized by Lucent Sky AVM. By adding remediation rules in a custom rule package, customer can write their own rules to enable Lucent Sky AVM to recognize the security libraries they use.
-
Scanned file list in HTML and PDF reports - In addition to listing files that were skipped by one or more analysis engines, HTML, and PDF reports now list all files, color-coded to indicate their analysis status. XML reports already contain this information.
-
Bug fixes - Several issues were addressed in v5.1, such as an issue causing Java concurrent scans to fail on some systems with non-English locale.
List of fixes included in Lucent Sky AVM 5.1
Priority filtering in HTML reports does not work
When clicking a priority level in the priority pie chart, or selecting a priority level in the priority dropdown list, does not filter results according to the selected priority. Instead, all results are shown. This is due to an incorrect HTML report template being used. This issue only affects HTML reports. It does not affect priority filtering in the Web UI.
This issue has ben resolved in Lucent Sky AVM 5.1.
Concurrent scans of Java applications fail on some systems with non-English locales
When multiple Java applications are being scanned, some of these scans will be stuck at the compilation stage. This issue is caused by a mismatch between Windows and JDK's locale settings, causing compilation to fail without emitting error messages.
This issue has ben resolved in Lucent Sky AVM 5.1.
Known issues of Lucent Sky AVM 5.1
Unable to filter applications that have scans in progress using the API
When using the API to retrieve applications with its last scan in a certain status, it is not possible to retrieve applications with its last scan in progress. This issue is due to an incorrect filter being used by the API.
This issue is expected to be resolved in Lucent Sky AVM 5.2.
The specified project file of a .NET application is ignored
The specified project file of a .NET application is ignored and not being considered when the compiler is choosing the entry project. This issue is due to a bug in the API and first appeared in v5.0.
A hotfix is available for this issue and will be included in Lucent Sky AVM 5.2.
When binary scan failed, an incorrect scan result code is shown
When binary scan failed, an incorrect scan result code is shown (such as -99
).
This issue is due to a bug in the analysis management interface and first appeared in v5.0.1.
A hotfix is available for this issue and will be included in Lucent Sky AVM 5.2.