Category Archives: Continuous Integration

Transition of SWAMP Software

beverage break breakfast brown

Photo by Pixabay on Pexels.com

Dear Continuous Assurance Community,

We are reaching out to inform you the SWAMP project that has been funded by the Science and Technology Directorate of the Department of Homeland Security, has ended as of 05/31/2020. This marks a significant time of transition in our ongoing commitment to advancing and promoting the methodologies of continuous software assurance. We appreciate all the support we have received throughout the eight years of the project from the software development community, our user base and our collaborators. Despite the end of the project, we remain committed to supporting, with our platform, the educational community in teaching and training continuous software assurance techniques and practices.

Over the next few weeks, we will be working on transitioning the facility to a future, sustainable model. As a part of this, we will be working on providing a new hosted service for the educational community. We will keep the continuous assurance platform on our GitHub organization, ensuring the downloads of Software assurance-in-a-Box (SiB, formerly SWAMP-in-a-Box), plugins functionality, and looking at providing hosted SiB instances on request. For users of the facility at mir-swamp.org, we will keep your data available until August 25, 2020 for download. Afterward, we will start the process of shutting down the mir-swamp endpoint and removing any account data. Please contact us if you need assistance in this process at support@continuousassurance.org.

Again, we want to thank you for all the support and connections we made throughout the years in the software development community. Please do not hesitate to reach out to us with any questions you may have. We look forward to staying connected with you.

Sincerely,

The SiB Team

Secure Your Software with SWAMP

SWAMP Secure Your Software Gear Logo

 

What’s hiding in your code?

Discover bad coding practices, bugs, weaknesses, and vulnerabilities by scanning your own software or software that you’d like to use in the SWAMP. There are two ways to use the SWAMP: the ready-to-use cloud computing platform at mir-swamp.org or by downloading the SWAMP-in-a-Box (SiB) open-source distribution. SWAMP also has a Java command line interface, a GitHub webhook, and plugins for Jenkins, Eclipse, and Git/SVN.

Use the SWAMP in 3 simple steps:

1) Upload a package.
2) Run assessments.
3) View results.

SWAMP Plug-Ins Updates

Updates are now available for the following SWAMP plug-ins:

If a user submits an assessment with a tool that they do not have permission to use, the assessment is not submitted and an error is reported to the user.

SWAMP plug-ins can be found in the Jenkins and Eclipse marketplaces and on GitHub: https://github.com/mirswamp.

SWAMP Plug-Ins Updates

Updates are now available for the following pieces of SWAMP open-source software!

  • Java-CLI version 1.5.3
  • SWAMP-Jenkins-Plugin version 1.2.2
  • SWAMP-Eclipse-Plugin version 1.1.3

These updates address a cookie expiration issue that was impacting plug-ins used with SWAMP-in-a-Box instances that did not have the time set to current.

SWAMP plug-ins can be found in the Jenkins and Eclipse marketplaces and on GitHub: https://github.com/mirswamp.

DevOpsDays Baltimore – SWAMP Discount

If you are going to be in Baltimore, MD on March 21-22 for DevOpsDays Baltimore, stop by to see the SWAMP team! When registering for the conference, use the SWAMP’s discount code SWAMPFRIENDS to save 10% on your registration. The SWAMP team will be providing demos and answering questions about the SWAMP’s open source software, including SWAMP-in-a-Box and SWAMP plug-ins for Eclipse, Jenkins, and Git/Subversion.

Register for DevOpsDays here.

SWAMP SCMS Plug-In Update

The SWAMP’s plug-in for SCMS (source control management systems) was updated recently. The 1.3 release makes the plug-in easier to use and increases stability and correctness. The 1.3.3 version contains bug fixes. Noteworthy changes are listed below. More information about our plug-ins (https://continuousassurance.org/plug-ins/) can be found on our website.

SCMS plug-in versions 1.3 and 1.3.3:

  1. Added complete verification of the entire plug-in configuration through enhancement of the –verify option. Always run the uploader with –verify after making configuration changes to verify that everything is correct. If it can’t pass –verify, the configuration will not work.
  2. Support for newer SWAMPs with os-ver-bits platform names.
  3. Java used by the plug-in can be configured in the plug-in config file; this allows development with java which is not compatible with the swamp-cli used by the SCMS plug-in.
  4. Added update capabilities to the installer to update current and already installed plug-ins to a newer version. Any changed “config” files will be installed with a “.instnew” extension so it is easy to manually diff and configure existing config files.
  5. Installer updated to allow login and querying of information from a SWAMP to assist in configuring the plug-in.
  6. Extensive notes and examples added to the default configuration file.
  7. Global config and credential files are no longer installed by default unless the –global option is added.
  8. New swamp-java-cli 1.3.3 added to plug-in.
  9. RELEASE_NOTES.md updated.
  10. General enhancements and bug fixes.
« Older Entries