SWAMP Update 1.34.5

The following SWAMP updates are now available for mir-swamp.org and SWAMP-in-a-Box. The latest SWAMP-in-a-Box version 1.34.5 files can be obtained from the download server or GitHub.

Noteworthy changes include:New

  • A new version of the ESLint tool for assessing Web Scripting packages that contain JavaScript is available: version 6.4.0.
  • A new version of the PMD tool for assessing Java packages is available: version 6.14.0.
  • New versions of the Parasoft C/C++test and Jtest tools for assessing C/C++ and Java packages are available: version 10.4.2.
  • We have deprecated the RevealDroid tool for assessing Android .apk packages.
  • We have deprecated the ruby-lint tool for assessing Ruby packages.
  • We have deprecated the FindBugs tool for assessing Java packages. It is superseded by SpotBugs.
  • We have deprecated older versions of most tools.
  • The CentOS 7.4 and Scientific Linux 7.4 platforms now include updated dependencies and cmake3. The Ubuntu Linux 16.04 platform includes updated dependencies.
  • SWAMP’s Native results viewer now displays weaknesses on the List tab grouped by File. Weaknesses displayed on the List tab include links to open a new page displaying the code for a specific File at a specific Line number, with weaknesses flagged.
  • General enhancements and bug fixes.

Changes specific to SWAMP-in-a-Box include:

  • Support for SWAMP-in-a-Box on CentOS 6 will end with the 1.34.x release series. SWAMP-in-a-Box version 1.35 and later will not support CentOS 6.
  • The ‘make_swamp_tool’ and ‘install_tool’ utilities now support version 10.4.2 of both Parasoft C/C++test and Parasoft Jtest.
  • The deprecated RevealDroid, ruby-lint, and FindBugs tools will be automatically removed when upgrading to SWAMP-in-a-Box version 1.34.5.
  • We have deprecated older versions of all tools except error-prone (version 1.1.1 is still available for assessment of older Java packages). Most tools will now only have the latest version available. Older versions of tools installed with previous versions of SWAMP-in-a-Box will be removed as part of the upgrade to SWAMP-in-a-Box version 1.34.5. However, any custom add-on tools or tool versions added to a SWAMP-in-a-Box installation will not be changed by the upgrade.
  • An updated version of the Ubuntu Linux 16.04 platform is available and will be automatically installed with SWAMP-in-a-Box 1.34.5.
  • Updated versions of the CentOS 7.4 and Scientific 7.4 platforms are available. They can be downloaded and installed as an add-on to SWAMP-in-a-Box. Download from: https://platform.swampinabox.org/platform-images/1.34_and_later/. Refer to the SWAMP-in-a-Box Administrator Manual for instructions on adding a Platform.
  • SWAMP-in-a-Box can now be configured to store user session data in the SWAMP database. When thus configured, SWAMP provides administrators with a means of filtering the Review Accounts page to show only users who are currently signed in. For new SWAMP-in-a-Box 1.34.5 installations this is the default configuration. Existing SWAMP-in-a-Box installations that are upgraded to 1.34.5 will still be configured to store session data either in cookies or in the web server file system. To change this configuration, set the ‘SESSION_DRIVER’ parameter equal to ‘database’ in ‘/var/www/swamp-web-server/.env’. Additional information is available in section 1.6 of the SWAMP-in-a-Box Reference Manual.
  • We upgraded the version of the Marionette framework used by the SWAMP web front end to Marionette version 4.1.2.

Let us know if you have any questions at support@continuousassurance.org.

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.