New version of Kiuwan 

 

new version of Kiuwan has been released.

Major changes are:

  • Support for Scala programming language
  • Support for SAML Single Sign-On (SSO)
  • Vulnerabilities and License Management in Kiuwan Insights
  • Insights support for Ruby
  • Kiuwan for Developers plugin for VisualStudio Code


CQM is the default Model (i.e. a concrete set of active and pre-configured rules): 

  • If you are using CQM,
    • new rules will automatically become active and will be applied to new analyses
  • If you are using your own custom model, your model remains unchaged, but you can modify it and activate the new rules (in case you want to be applied to your code).

You can find new rules by comparing this release of CQM against previous version.  A detailed description of the behavior of these new rules is available in rule’s description.

new version of Kiuwan Engine has been released that incorporates bug fixes, performance and reliability improvements in rules and parsers.

Kiuwan Engine is the binary code executed when an analysis is run.

  • If the engine is not blocked in your Kiuwan account, the engine will upgrade automatically to the last version of Kiuwan Engine once a new analysis is run
  • If the engine is blocked, your kiuwan engine will not be modified.

 

Support for Scala programming language

Scala is a a general-purpose programming language providing support for functional programming and a strong static type system.

As Scala is becoming a widely adopted programming language, Kiuwan now incorporates support to analyze Scala source files, thus searching for code and desing conditions that are indicative of security vulnerabilities.

 

Kiuwan provides 61 Security Rules specifically suited to Scala programming language.

 

You can find these rules going to Models Management, select CQM and search for Rules applying to Scala language

 

 

Support for SAML Single Sign-On (SSO)

Since April 2019 release, Kiuwan allows you to login in a Single Sign-One (SSO) environment.

By implementing SSO, a user is able to log in to different independent systems through the use of a single set of credentials, centrally managed in a repository.

SSO can be implemented through different protocols, being SAML the most widely used.

Kiuwan provides support for SAML SSO, thus allowing you to integrate Kiuwan with most corporate users’ credentials repositories (Active Directory FSAzure ADCA Single Sing-On ,etc).

Kiuwan provides support for SAML SSO, thus allowing you to integrate Kiuwan with most corporate users’ credentials repositories (Active Directory FSAzure ADCA Single Sing-On ,etc).

You can read more at How to integrate Kiuwan with SAML SSO

 

Vulnerabilities and Licenses Policy Management in Kiuwan Insights

When searching for Vulnerabilities on open source code used by your application, you can now define your custom policy. Thus, you can decide now if raising alerts on specific vulnerabilities and conditions.

Same way, when Kiuwan Insights searches for License risks, you can now fully customize your License policy and adapt Insights' finding to your organization,

You can find further info at Vulnerabilities Management and Licenses Policies Management

 

Insights support for Ruby

Kiuwan Insights now support discovering of Ruby open-source dependencies used by your app,as well as informing of Ruby vulnerabilities reported to NVD

Kiuwan for Developers plugin for VisualStudio Code

Kiuwan for Developers (K4D) for Microsoft Visual Studio Code has just been released.

VS Code plugin will facilitate and automate compliance with security normative, quality standards and best practices for several languages.

You can find further info at Kiuwan for Developers for Microsoft Visual Studio Code