New version of CQM (2.2.0) and Kiuwan Engine
A new version of CQM (2.2.0) has been released.
Major changes are:
- Support for Scala programming language
- Enhanced support for PL-SQL
- Support for SAML Single Sign-On (SSO)
- Vulnerabilities and License Management in Kiuwan Insights
- Insights support for Ruby
- Kiuwan for Developers plugin for VisualStudio Code
CQM is the default Model (i.e. a concrete set of active and pre-configured rules):
- If you are using CQM,
- new rules will automatically become active and will be applied to new analyses
- If you are using your own custom model, your model remains unchaged, but you can modify it and activate the new rules (in case you want to be applied to your code).
You can find new rules by comparing this release of CQM against previous version. A detailed description of the behavior of these new rules is available in rule’s description.
A new version of Kiuwan Engine has been released that incorporates bug fixes, performance and reliability improvements in rules and parsers.
Kiuwan Engine is the binary code executed when an analysis is run.
- If the engine is not blocked in your Kiuwan account, the engine will upgrade automatically to the last version of Kiuwan Engine once a new analysis is run
- If the engine is blocked, your kiuwan engine will not be modified.
Support for Scala programming language
Scala is a a general-purpose programming language providing support for functional programming and a strong static type system.
As Scala is becoming a widely adopted programming language, Kiuwan now incorporates support to analyze Scala source files, thus searching for code and desing conditions that are indicative of security vulnerabilities.
Kiuwan provides 61 Security Rules specifically suited to Scala programming language.
You can find these rules going to Models Management, select CQM and search for Rules applying to Scala language
Enhanced support for PL-SQL
Kiuwan has increased PL-SQL security analysis by incorporating 6 new security rules:
OPT.PLSQL.SEC.ForbiddenCall
OPT.PLSQL.SEC.InsecureRandomness
OPT.PLSQL.SEC.SleepInjection
OPT.PLSQL.SEC.SqlInjection
OPT.PLSQL.SEC.TooBroadGrant
OPT.PLSQL.SEC.SecondOrderSqlInjection
Support for SAML Single Sign-On (SSO)
Since April 2019 release, Kiuwan allows you to login in a Single Sign-One (SSO) environment.
By implementing SSO, a user is able to log in to different independent systems through the use of a single set of credentials, centrally managed in a repository.
SSO can be implemented through different protocols, being SAML the most widely used.
Kiuwan provides support for SAML SSO, thus allowing you to integrate Kiuwan with most corporate users’ credentials repositories (Active Directory FS, Azure AD, CA Single Sing-On ,etc).
Kiuwan provides support for SAML SSO, thus allowing you to integrate Kiuwan with most corporate users’ credentials repositories (Active Directory FS, Azure AD, CA Single Sing-On ,etc).
You can read more here (XXXXXXXX).
Vulnerabilities and Licenses Policy Management in Kiuwan Insights
When searching for Vulnerabilities on open source code used by your application, you can now define your custom policy. Thus, you can decide now if raising alerts on specific vulnerabilities and conditions.
Same way, when Kiuwan Insights searches for License risks, you can now fully customize your License policy and adapt Insights' finding to your organization,
You can find further info at Vulnerabitities Management and Licenses Policies Management
Insights support for Ruby
Kiuwan Insights now support discovering of Ruby open-source dependencies used by your app,as well as informing of Ruby vulnerabilities reported to NVD
Kiuwan for Developers plugin for VisualStudio Code