Category Archives: Cybersecurity

New updates for mir-swamp.org

You can now find the following updates on mir-swamp.org! New

  • Synopsys Static Analysis (Coverity) is now available for assessing C/C++ packages. You must request and receive permission to use this tool and agree to the EULA.
  • We removed from a number of workflows unnecessary pop up notifications affirming that the SWAMP has completed a requested action.
  • To accommodate packages with lengthy build parameters, we’ve increased the number of characters allowed for the Configuration and Build settings for new and existing Packages and Package Versions.
  • Project Ownership permission is no longer required to create and manage SWAMP projects.
  • The Run New Assessments page no longer displays the fields for Tool and Platform selection until you have selected a Package. Note that Platform selection is only available for C/C++ packages.
  • “Latest” is no longer an option for the Platform Version of a new assessment. Instead, the current most recent version is selected by default. When new Platform versions are made available, you will need to create new assessments specifically for those new versions.
  • You can now stop an assessment run in progress. The Assessment Status page displays a “Kill Assessment” button for assessments that are still in the HTCondor queue. The SWAMP removes the corresponding job from the Condor Queue, causing any VM to shut down. The status of the assessment is updated to “Terminated.” Note that it takes approximately 25 seconds for the termination process to complete.
  • Email notifications for completed assessments now correctly report their status as success or failed.
  • The Error Report page for assessments that have “finished with errors” now includes a link to the “Status.out and Debugging SWAMP Failures FAQ” documentation providing information for interpreting assessment errors.
  • Assessments using Android Lint are now displayed in the Native viewer.
  • We added new versions and/or updates for the following assessment tools: Checkstyle, error-prone, PMD, Findbugs, XML lint.
  • The CentOS 5.11 and Scientific Linux 5.11 platforms are no longer supported.
  • SWAMP-in-a-Box v1.31 is available.
  • General enhancements and bug fixes.

Let us know if you have any questions at support@continuousassurance.org.

SWAMP-in-a-Box Update 1.31

SWAMP-in-a-Box version 1.31.151 is now available for download! The latest files are on GitHub, or you can download the install files here.

Noteworthy changes include:New

  • Synopsys Static Analysis (Coverity), a tool for assessing C/C++ packages, can now be added to a SWAMP-in-a-Box installation. You must license Synopsys Static Analysis and obtain either the 32-bit or 64-bit tool archive files separately from Synopsys, Inc.
  • Documentation for SWAMP-in-a-Box has been reorganized into an Administrator Manual and a Reference Manual. Each comes as a PDF and HTML document, which can be found in `/opt/swamp/doc` on the SWAMP-in-a-Box host.
  • New versions of the CentOS and Scientific Linux 6.7 (32-bit and 64-bit) assessment platforms are available. If any of these platforms were previously installed as an add-on, we recommend you download and install the updated versions.
  • The CentOS and Scientific Linux 5.11 (32-bit and 64-bit) assessment platforms are no longer supported. If any of these platforms were previously installed as an add-on, they will be removed as part of the upgrade to SWAMP-in-a-Box 1.31.
  • Added new versions and/or updates for the following assessment tools: Checkstyle, error-prone, Findbugs, PMD, and XML Lint.
  • General enhancements and bug fixes.

Let us know if you have any questions at sib@continuousassurance.org.

Spread the Word about SWAMP!

Lines of code give life to modern technologies. As technology continues to evolve and is used by millions of people, it is increasingly important to code securely. It only takes one line of faulty code to disrupt the global economy. Luckily, the Software Assurance Marketplace is here to help. As a free to use open source resource, the SWAMP allows users to test code for vulnerabilities to ensure that all code being used is free of errors.

SWAMP users from Germany, the UK, Paraguay, India, Canada, Italy, the Netherlands, and many other countries are committed to the safety, security, and stability of software around the world. Join them in the fight for secure code! Spread the word about the SWAMP to help us promote software assurance! Learn more, call others to action, and leave comments across our social media platforms!

CSIAC Webinar about SWAMP

CSIAC LogoThe SWAMP team will be presenting a webinar for the Cyber Security & Information Systems Information Analysis Center (CSIAC) on Tuesday, September 12, 2017 from 12:00pm to 1:00pm Eastern Time. This free webinar will provide an Overview of the Software Assurance Marketplace and SWAMP-in-a-Box. More details about the webinar and how to register can be found here.

SWAMP Presenting at CyberSecurity R&D Showcase

If you are attending the 2017 DHS CyberSecurity R&D Showcase in D.C. this week, the SWAMP will be presenting on Wednesday, July 12th at 11:10am as part of Track 1. The event will be held at the Mayflower Hotel in Washington, D.C. from Tuesday, July 11th through Thursday, July 13th. The R&D Showcase and Technical Workshop is sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate’s Cyber Security Division (CSD) and is the federal government’s largest cybersecurity research and development conference. Visit the event website for more information.

SWAMP-in-a-Box Update 1.30.114

We have released an update to SWAMP-in-a-Box (SiB) version 1.30. SiB release v1.30.114 contains a few bug fixes and a patch to allow the SWAMP plug-ins to work with SiB. If you have already downloaded or installed SiB v1.30 (v1.30.113), you are not required to download the latest update unless you would like to use the SWAMP plug-ins with your SiB instance.

The updated SWAMP-in-a-Box v1.30.114 is now available for download here or on GitHub. Note that you may still see the version reflected as 1.30, as not all files received the updated 1.30.114 version number, but all appropriate files have been updated.

Let us know if you have any questions at sib@continuousassurance.org.

New MIR-SWAMP Updates

You can now find the following updates on mir-swamp.org! New

  • You can now change your SWAMP username when editing your profile page.
  • You can now add Application Passwords to your SWAMP account. These passwords can be used with the SWAMP plug-ins for Eclipse and Jenkins to allow you to connect to the SWAMP without using your main password.
  • Java 8 is now the default Java version when creating new Java source and Java bytecode packages.
  • The SWAMP now uses the “recursive” option to include linked sub-modules when pulling code from GitHub to create a new package or when adding a new package version.
  • The Native viewer for assessment results now includes information about the package, tool, and platform used, along with start and completion times, for the assessment.
  • We added new versions and/or updates for the following assessment tools: Android lint, Brakeman, Dawn, Reek, RuboCop, and ruby-lint.
  • We added support for newer versions of the Android SDK on the platform for building and assessing Android software packages.
  • SWAMP-in-a-Box v1.30 is available.

Let us know if you have any questions at support@continuousassurance.org.

« Older Entries