SWAMP-in-a-Box Update 1.32

SWAMP-in-a-Box version 1.32 is now available for download! The latest files can be found on GitHub or obtained from the SWAMP-in-a-Box download server.

Noteworthy changes include:New

  • Parasoft C/C++test and Jtest version 10.3 (tools for assessing C/C++ and Java Source packages, respectively) can now be added to a SWAMP-in-a-Box installation. You must license Parasoft C/C++test and/or Jtest and obtain either the 32-bit or 64-bit tool archive files separately from Parasoft.
  • OWASP Dependency Check version 2.1.1, a tool for assessing Java Source and Java Bytecode packages, can now be added to a SWAMP-in-a-Box installation. The tool can be configured to get National Vulnerability Database information from a server that you set up to retrieve updates on a periodic basis, or, in cases where SWAMP-in-a-Box runs without internet access, a version of the tool with static National Vulnerability Database information can be created and installed. Versions of OWASP Dependency Check bundled with previous installations of SWAMP-in-a-Box will be removed when you upgrade.
  • Spotbugs version 3.1.0 is now available for assessing Java Source Code and Java Bytecode packages. This tool is a fork of Findbugs. When you choose to run assessments for a Java package using “All” tools, a Spotbugs assessment will be generated but a Findbugs assessment will not. You can still specifically select Findbugs to generate a Findbugs assessment.
  • SWAMP now provides support for C/C++ packages that build using autotools to generate their configure files. “Autotools+Configure+Make” is now available as a Build System for C/C++ packages.
  • Assessment Completion Notification emails can now be sent from SWAMP-in-a-Box installations configured to enable outgoing SWAMP emails.
  • We’ve made improvements to the Native result viewer. Specifically, results are now spread across multiple pages. Controls are available to set the number of weaknesses shown on a page and navigate from page to page.
  • CentOS and Scientific Linux 6.9 (32-bit and 64-bit) assessment platforms are now available. If a CentOS or Scientific Linux 6.7 platform was previously installed as an add on, we recommend you download and install these new versions.
  • SWAMP administrators can now stop Condor jobs from the Review Status page. Assessment and Metric runs are not completed and assigned a status of Terminated. Viewer runs are stopped without saving the viewer database, so any changes made in the current viewer session are lost.
  • General enhancements and bug fixes.

Let us know if you have any questions at sib@continuousassurance.org.

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s