SWAMP-in-a-Box Update: Developer’s Preview Release v1.35

New iconThe SWAMP-in-a-Box developer’s preview release v1.35 is now available! Note worthy updates in the version include:

  • Ability to run assessments on an Ubuntu 16.04 Docker container
  • Installing SWAMP-in-a-Box on AWS (Amazon Web Services) and run assessments in Docker

Let us know if you have any questions at suppport@continuousassurance.org.

Note: A v1.35 stable release will follow later this Spring. 

Join SWAMP for FREE at Developer Week 2020!

Developer Week logoThe SWAMP team will be exhibiting at the Developer Week 2020 conference on Thursday, February 13th and Friday, February 14th at the Oakland Convention Center in Oakland, California! If you will be in the area or would like to make the trip, please join us in the Expo Hall (Booth 213) and attend the conference.

We have free OPEN passes available ($200 value)! This provides access to select Keynotes, OPEN Talks, and the Expo Hall, OR apply the $200 discount to a PRO or Premium Pass. Register for Developer Week using our custom link to receive your discount.

Join SWAMP for FREE at Developer Week Austin!

DeveloperWeek Austin logoThe SWAMP team will be exhibiting at Developer Week Austin on Wednesday, November 6th and Thursday, November 7th at the Palmer Events Center in Austin, Texas! If you will be in the area or would like to make the trip, please join us in the Expo Hall (Booth #307) and attend the conference. We have free OPEN passes available ($150 value)! Register for Developer Week Austin using our custom link to receive your discount.

SWAMP Update 1.34.5

The following SWAMP updates are now available for mir-swamp.org and SWAMP-in-a-Box. The latest SWAMP-in-a-Box version 1.34.5 files can be obtained from the download server or GitHub.

Noteworthy changes include:New

  • A new version of the ESLint tool for assessing Web Scripting packages that contain JavaScript is available: version 6.4.0.
  • A new version of the PMD tool for assessing Java packages is available: version 6.14.0.
  • New versions of the Parasoft C/C++test and Jtest tools for assessing C/C++ and Java packages are available: version 10.4.2.
  • We have deprecated the RevealDroid tool for assessing Android .apk packages.
  • We have deprecated the ruby-lint tool for assessing Ruby packages.
  • We have deprecated the FindBugs tool for assessing Java packages. It is superseded by SpotBugs.
  • We have deprecated older versions of most tools.
  • The CentOS 7.4 and Scientific Linux 7.4 platforms now include updated dependencies and cmake3. The Ubuntu Linux 16.04 platform includes updated dependencies.
  • SWAMP’s Native results viewer now displays weaknesses on the List tab grouped by File. Weaknesses displayed on the List tab include links to open a new page displaying the code for a specific File at a specific Line number, with weaknesses flagged.
  • General enhancements and bug fixes.

Changes specific to SWAMP-in-a-Box include:

  • Support for SWAMP-in-a-Box on CentOS 6 will end with the 1.34.x release series. SWAMP-in-a-Box version 1.35 and later will not support CentOS 6.
  • The ‘make_swamp_tool’ and ‘install_tool’ utilities now support version 10.4.2 of both Parasoft C/C++test and Parasoft Jtest.
  • The deprecated RevealDroid, ruby-lint, and FindBugs tools will be automatically removed when upgrading to SWAMP-in-a-Box version 1.34.5.
  • We have deprecated older versions of all tools except error-prone (version 1.1.1 is still available for assessment of older Java packages). Most tools will now only have the latest version available. Older versions of tools installed with previous versions of SWAMP-in-a-Box will be removed as part of the upgrade to SWAMP-in-a-Box version 1.34.5. However, any custom add-on tools or tool versions added to a SWAMP-in-a-Box installation will not be changed by the upgrade.
  • An updated version of the Ubuntu Linux 16.04 platform is available and will be automatically installed with SWAMP-in-a-Box 1.34.5.
  • Updated versions of the CentOS 7.4 and Scientific 7.4 platforms are available. They can be downloaded and installed as an add-on to SWAMP-in-a-Box. Download from: https://platform.swampinabox.org/platform-images/1.34_and_later/. Refer to the SWAMP-in-a-Box Administrator Manual for instructions on adding a Platform.
  • SWAMP-in-a-Box can now be configured to store user session data in the SWAMP database. When thus configured, SWAMP provides administrators with a means of filtering the Review Accounts page to show only users who are currently signed in. For new SWAMP-in-a-Box 1.34.5 installations this is the default configuration. Existing SWAMP-in-a-Box installations that are upgraded to 1.34.5 will still be configured to store session data either in cookies or in the web server file system. To change this configuration, set the ‘SESSION_DRIVER’ parameter equal to ‘database’ in ‘/var/www/swamp-web-server/.env’. Additional information is available in section 1.6 of the SWAMP-in-a-Box Reference Manual.
  • We upgraded the version of the Marionette framework used by the SWAMP web front end to Marionette version 4.1.2.

Let us know if you have any questions at support@continuousassurance.org.

Upcoming SWAMP Events

The next few months are going to be busy for the SWAMP team. Check out what we’re going to be up to, and meet up with us if you can!

More information about these and other events will be shared on the SWAMP’s home page and social media, so check back often!

Updates to BugInjector Test Cases in SWAMP

Updates to the BugInjector test cases are now available in the SWAMP! Visit mir-swamp.org, click on the Resources tab, and click on the Packages link for a list of publicly available packages for testing. There are 11 BugInjector packages for C/C++, each containing hundreds of different versions with injected CWEs, or known weaknesses. After selecting a package version containing a CWE of interest, run an assessment of the chosen “bug injected” software using one or more software assurance tools in the SWAMP.

For more information about BugInjector, view the press release.


« Older Entries