SWAMP-in-a-Box Update 1.30
Noteworthy changes include:
- SWAMP-in-a-Box can now be configured to use an LDAP or LDAP-compatible Active Directory server for managing user accounts.
- SWAMP-in-a-Box can now be configured to allow GitHub, Google, and CILogon accounts to be linked to SWAMP user accounts, allowing users to sign into the SWAMP using their third-party credentials.
- The GrammaTech CodeSonar tool for assessing C/C++ packages can now be added to a SWAMP-in-a-Box installation. You must license CodeSonar and obtain either the 32-bit or 64-bit installers for CodeSonar separately from GrammaTech, Inc.
- SWAMP users can now add Application Passwords to their SWAMP accounts. These passwords can be used with the SWAMP plugins for Eclipse and Jenkins to allow them to connect to the SWAMP without using the users’ main passwords.
- Java 8 is now the default Java version when creating new Java source and Java bytecode packages.
- The SWAMP now uses the “recursive” option to include linked sub-modules when pulling code from GitHub to create a new package or when adding a new package version.
- The Native viewer for assessment results now includes information about the package, tool, and platform used, along with start and completion times, for the assessment.
- SWAMP users can now change their SWAMP username when editing their profile page.
- Added new versions and/or updates for the following assessment tools: Brakeman, Dawn, Reek, RuboCop, and ruby-lint.
- The SWAMP-in-a-Box install and upgrade scripts now configure the web server (Apache) to disallow HTTP connections. The SWAMP must be accessed using HTTPS.
- The SWAMP-in-a-Box install and upgrade scripts no longer attempt to configure firewall settings on the host. Required configuration is now documented in the `README-BUILD-SERVER.md` file that is included with the SWAMP-in-a-Box installer.
- General enhancements and bug fixes.
Let us know if you have any questions at firstname.lastname@example.org.