Updates on mir-swamp.org

The following updates are now available in the SWAMP at mir-swamp.org! New

  • The SWAMP now supports the upload and assessment of .NET packages that can be built using msbuild on Linux. SWAMP automatically reviews Solution and .NET project files and determines which can be built using a framework that does not require Windows. Users can then select which of those .NET projects to assess.
  • We added three tools for the assessment of .NET packages on a Linux platform: Code Cracker v1.1.0, devskim 0.1.10, and Security Code Scan 2.7.1.
  • GitHub Webhooks can now be configured to update SWAMP packages. When the GitHub Webhook is triggered, a new package version will be added to an existing SWAMP package. Package parameters are copied from the previous package version and used with a new archive of package code cloned from GitHub. Users can edit package information to get the Payload URL and set the Secret Token needed to configure a GitHub Webhook to the SWAMP.
  • A new schedule is now available for use in all projects. This schedule, “On Push,” runs assessments whenever a new push to a GitHub repository triggers a GitHub Webhook to generate a new Package Version in the SWAMP. This schedule works with an assessment for the “latest” version of a package that is configured to update based on a GitHub Webhook trigger.
  • SWAMP packages can now be generated via an External URL that points to a downloadable archive.
  • When a new SWAMP user account is created, a default project called “MyProject” is created automatically. “MyProject” is now viewable in the SWAMP user interface. Users are not able to edit or invite additional members to their “MyProject” projects. All packages users upload to the SWAMP are automatically shared with their “MyProject” project.
  • For users who are owners or members of multiple projects, the associated project is now displayed for records on the Package, Assessments, Assessment Results, and Scheduled Assessment Runs pages. Additionally, users can specifically set the project to use when adding new assessments.
  • The Build Script for a package version is now displayed on a separate pop-up, accessed by clicking the Show Build Script button. This applies to the Build page for adding new packages, adding a new package version to existing packages, and viewing and editing an existing package version.
  • When adding a package or package version for C/C++ or Java Source Code without a build system, users can now specify a “build path” (relative to the package path) that specifies the (non-recursive) directory containing the compilable files to assess. SWAMP now does a better job of informing users about the files that are selected to compile and assess.
  • SWAMP now does a better job of informing users about the files that are selected to assess for Ruby, Python, and Web Scripting packages with a build system of “none.”
  • The SWAMP Native Results Viewer now correctly displays the primary bug location instead of the first bug located for weaknesses reported by tools that include multiple bug locations.
  • The SWAMP discontinued support for the Ubuntu 10.04 assessment platform.
  • SWAMP-in-a-Box v1.34 is available.
  • General enhancements and bug fixes.

Let us know if you have any questions at support@continuousassurance.org.

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.