Join SWAMP for FREE at Developer Week Austin!

DeveloperWeek Austin logoThe SWAMP team will be exhibiting at Developer Week Austin on Wednesday, November 6th and Thursday, November 7th at the Palmer Events Center in Austin, Texas! If you will be in the area or would like to make the trip, please join us in the Expo Hall (Booth #307) and attend the conference. We have free OPEN passes available ($150 value)! Register for Developer Week Austin using our custom link to receive your discount.

SWAMP Update 1.34.5

The following SWAMP updates are now available for mir-swamp.org and SWAMP-in-a-Box. The latest SWAMP-in-a-Box version 1.34.5 files can be obtained from the download server or GitHub.

Noteworthy changes include:New

  • A new version of the ESLint tool for assessing Web Scripting packages that contain JavaScript is available: version 6.4.0.
  • A new version of the PMD tool for assessing Java packages is available: version 6.14.0.
  • New versions of the Parasoft C/C++test and Jtest tools for assessing C/C++ and Java packages are available: version 10.4.2.
  • We have deprecated the RevealDroid tool for assessing Android .apk packages.
  • We have deprecated the ruby-lint tool for assessing Ruby packages.
  • We have deprecated the FindBugs tool for assessing Java packages. It is superseded by SpotBugs.
  • We have deprecated older versions of most tools.
  • The CentOS 7.4 and Scientific Linux 7.4 platforms now include updated dependencies and cmake3. The Ubuntu Linux 16.04 platform includes updated dependencies.
  • SWAMP’s Native results viewer now displays weaknesses on the List tab grouped by File. Weaknesses displayed on the List tab include links to open a new page displaying the code for a specific File at a specific Line number, with weaknesses flagged.
  • General enhancements and bug fixes.

Changes specific to SWAMP-in-a-Box include:

  • Support for SWAMP-in-a-Box on CentOS 6 will end with the 1.34.x release series. SWAMP-in-a-Box version 1.35 and later will not support CentOS 6.
  • The ‘make_swamp_tool’ and ‘install_tool’ utilities now support version 10.4.2 of both Parasoft C/C++test and Parasoft Jtest.
  • The deprecated RevealDroid, ruby-lint, and FindBugs tools will be automatically removed when upgrading to SWAMP-in-a-Box version 1.34.5.
  • We have deprecated older versions of all tools except error-prone (version 1.1.1 is still available for assessment of older Java packages). Most tools will now only have the latest version available. Older versions of tools installed with previous versions of SWAMP-in-a-Box will be removed as part of the upgrade to SWAMP-in-a-Box version 1.34.5. However, any custom add-on tools or tool versions added to a SWAMP-in-a-Box installation will not be changed by the upgrade.
  • An updated version of the Ubuntu Linux 16.04 platform is available and will be automatically installed with SWAMP-in-a-Box 1.34.5.
  • Updated versions of the CentOS 7.4 and Scientific 7.4 platforms are available. They can be downloaded and installed as an add-on to SWAMP-in-a-Box. Download from: https://platform.swampinabox.org/platform-images/1.34_and_later/. Refer to the SWAMP-in-a-Box Administrator Manual for instructions on adding a Platform.
  • SWAMP-in-a-Box can now be configured to store user session data in the SWAMP database. When thus configured, SWAMP provides administrators with a means of filtering the Review Accounts page to show only users who are currently signed in. For new SWAMP-in-a-Box 1.34.5 installations this is the default configuration. Existing SWAMP-in-a-Box installations that are upgraded to 1.34.5 will still be configured to store session data either in cookies or in the web server file system. To change this configuration, set the ‘SESSION_DRIVER’ parameter equal to ‘database’ in ‘/var/www/swamp-web-server/.env’. Additional information is available in section 1.6 of the SWAMP-in-a-Box Reference Manual.
  • We upgraded the version of the Marionette framework used by the SWAMP web front end to Marionette version 4.1.2.

Let us know if you have any questions at support@continuousassurance.org.

Upcoming SWAMP Events

The next few months are going to be busy for the SWAMP team. Check out what we’re going to be up to, and meet up with us if you can!

More information about these and other events will be shared on the SWAMP’s home page and social media, so check back often!

Updates to BugInjector Test Cases in SWAMP

Updates to the BugInjector test cases are now available in the SWAMP! Visit mir-swamp.org, click on the Resources tab, and click on the Packages link for a list of publicly available packages for testing. There are 11 BugInjector packages for C/C++, each containing hundreds of different versions with injected CWEs, or known weaknesses. After selecting a package version containing a CWE of interest, run an assessment of the chosen “bug injected” software using one or more software assurance tools in the SWAMP.

For more information about BugInjector, view the press release.

 

SWAMP Maintenance: Tuesday, June 11, 2019 10am-2pm Central

SWAMP Maintenance Notification:

Tomorrow, Tues. June 11th, between 10:00 AM and 2:00 PM Central Time, the SWAMP website (mir-swamp.org) will experience a brief outage for routine maintenance. During this outage, updates to the SWAMP will be occurring, including general enhancements, bug fixes, and performance improvements.

Let us know if you have any questions at support@continuousassurance.org.

SWAMP Update 1.34.3

The following SWAMP updates are now available for mir-swamp.org and SWAMP-in-a-Box. The latest SWAMP-in-a-Box version 1.34.3 files can be obtained from the download server or GitHub.

Noteworthy changes include:New

  • A new version of the PHPMD tool for scripting languages (PHP) is available: version 2.6.0-swamp. This version includes a custom patch for a bug in the tool that prevents assessment of some packages.
  • A new version of the Flow tool for scripting languages (JavaScript) is available: version 0.98.0.
  • A new version of the SpotBugs tool for Java is available: version 3.1.12.
  • A new version of the error-prone tool for Java is available: version 2.3.1.
  • A new version of the checkstyle tool for Java is available: version 8.20.
  • We have improved the performance of the proxy used to connect to Code Dx web servers in viewer VMs.

Let us know if you have any questions at support@continuousassurance.org.

« Older Entries