Versions Compared

Old Version 2

changes.mady.by.user Giulia di Pietro

Saved on

compared with

New Version 3

changes.mady.by.user Giulia di Pietro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contents

Table of Contents

Section
bordertrue

New version of CQM: 2.5.0 

Main features: 

  • Support for GO
  • New RPG-IV rules

 

Info

CQM is the default Model (i.e. a concrete set of active and pre-configured rules): 

  • If you are using CQM, the new rules will automatically become active and will be applied to new analyses.
  • If you are using your own custom model, your model remains unchanged, but you can modify it and activate the new rules if needed.

Support for GO

We have added 56 new rules to support SAST analysis with the GO programming language.

Go is a statically typedcompiled programming language designed by Google. It is syntactically similar to C, but with memory safetygarbage collectionstructural typing, and CSP-style concurrency. It has risen in popularity in the last couple of years and is highly demanded in many companies worldwide.


To view the new rules, open the drop-down menu on the upper right corner and select Models Management. 

Select the default CQM model on the left. Click on the drop-down menu next to the Rules heading and select Compare.

Here you can compare the latest version of CQM with the previous one. Use the language filter to filter by Go. 

Image Modified

New RPG-IV rules

We have added 15 new rules for RPG-IV.

 

To view the new rules, open the drop-down menu on the upper right corner and select Models Management.

Select the default CQM model on the left. Click on the drop-down menu next to the Rules heading and select Compare.

Here you can compare the latest version of CQM with the previous one. Use the language filter to filter by RPG-IV.

Image Modified

 

Section

Support for Insights in Life Cycle

The Life Cycle module now supports also running a delivery analysis with Insights.

Two new checkpoints have been added to configure in your audits.:

  • Threshold for maximum Insights components by severity risk: checks if the number of components that meet the defined severity risk filter is above the defined threshold.
  • Insights filter components by group, name, and version: checks if any of the discovered components meet the defined group, name, version and comparator filter.

To learn more about it, read our updated Life Cycle documentation:

Audits Management#Insightscomponentscheckpoints

Audits Management#CreateaCheckpoint