Noteworthy changes include:
- Improvements to the SWAMP’s Native Results Viewer.
- The weaknesses shown can now be filtered by bug type.
- The locations of weaknesses within the affected code files are shown. Specifically, each weakness listed provides a link to a page showing the code file in which that weakness is located with the specific line of code flagged. Additionally, the Native Viewer has a tree view of the files and directories included in the package archive and provides a count of weaknesses per file and a code view of files with all weaknesses flagged.
- General enhancements and bug fixes for SWAMP-in-a-Box.
- SWAMP-in-a-Box user sign-in works when using an Active Directory server with multiple, hierarchical DNs (distinguished names).
- SWAMP-in-a-Box assessments run for users where the user_uid includes an “@” character, which happens when SWAMP-in-a-Box uses an LDAP/AD server for user authentication and the SWAMP User ID maps to an LDAP/AD attribute that has values containing an “@”.
- You can now specify when the SWAMP layout cookie expires in number of days. Use an integer value for cookie.expires in the web front end configuration file (/var/www/html/config/config.json).
- The SWAMP-in-a-Box web server no longer includes access-control related headers in responses if the APP_CORS_URL is the same as APP_URL in the .env configuration file (/var/www/swamp-web-server/.env).
- The upgrade script has been updated to prevent problems with a SWAMP-in-a-Box install not including tool metadata records. When creating an assessment, platforms can now be selected for individual tools.
Let us know if you have any questions at firstname.lastname@example.org.