Category Archives: SWAMP-in-a-Box

SWAMP-in-a-Box Update 1.31

SWAMP-in-a-Box version 1.31.151 is now available for download! The latest files are on GitHub, or you can download the install files here.

Noteworthy changes include:New

  • Synopsys Static Analysis (Coverity), a tool for assessing C/C++ packages, can now be added to a SWAMP-in-a-Box installation. You must license Synopsys Static Analysis and obtain either the 32-bit or 64-bit tool archive files separately from Synopsys, Inc.
  • Documentation for SWAMP-in-a-Box has been reorganized into an Administrator Manual and a Reference Manual. Each comes as a PDF and HTML document, which can be found in `/opt/swamp/doc` on the SWAMP-in-a-Box host.
  • New versions of the CentOS and Scientific Linux 6.7 (32-bit and 64-bit) assessment platforms are available. If any of these platforms were previously installed as an add-on, we recommend you download and install the updated versions.
  • The CentOS and Scientific Linux 5.11 (32-bit and 64-bit) assessment platforms are no longer supported. If any of these platforms were previously installed as an add-on, they will be removed as part of the upgrade to SWAMP-in-a-Box 1.31.
  • Added new versions and/or updates for the following assessment tools: Checkstyle, error-prone, Findbugs, PMD, and XML Lint.
  • General enhancements and bug fixes.

Let us know if you have any questions at sib@continuousassurance.org.

SWAMP Plug-Ins for Eclipse, Git/SVN, Jenkins

Make sure you are taking advantage of everything the SWAMP has to offer! The SWAMP has created a variety of plug-ins to integrate into the software development lifecycle and to support continuous integration. The SWAMP’s plug-ins are open-source and can connect to the SWAMP site or to your own SWAMP-in-a-Box. Find them here: https://continuousassurance.org/plug-ins/.

  • Eclipse: The Eclipse plug-in allows Java and C/C++ Eclipse users to perform static code assessments in the SWAMP and view the results within the Eclipse Integrated Development Environment (IDE).
  • Git and Subversion: This script is a Git and Subversion hook. Any commit or push of a new version will upload that version of code in the SWAMP. Results are viewable from the SWAMP website.
  • Jenkins: The Jenkins plug-in allows projects using Jenkins to perform static code assessments in the SWAMP as part of a build. Results and trend data can be viewed on the SWAMP website or directly in Jenkins.

CSIAC Webinar about SWAMP

CSIAC LogoThe SWAMP team will be presenting a webinar for the Cyber Security & Information Systems Information Analysis Center (CSIAC) on Tuesday, September 12, 2017 from 12:00pm to 1:00pm Eastern Time. This free webinar will provide an Overview of the Software Assurance Marketplace and SWAMP-in-a-Box. More details about the webinar and how to register can be found here.

SWAMP-in-a-Box Update 1.30.114

We have released an update to SWAMP-in-a-Box (SiB) version 1.30. SiB release v1.30.114 contains a few bug fixes and a patch to allow the SWAMP plug-ins to work with SiB. If you have already downloaded or installed SiB v1.30 (v1.30.113), you are not required to download the latest update unless you would like to use the SWAMP plug-ins with your SiB instance.

The updated SWAMP-in-a-Box v1.30.114 is now available for download here or on GitHub. Note that you may still see the version reflected as 1.30, as not all files received the updated 1.30.114 version number, but all appropriate files have been updated.

Let us know if you have any questions at sib@continuousassurance.org.

SWAMP-in-a-Box Update 1.30

SWAMP-in-a-Box version 1.30 is now available for download! The latest files are on GitHub, or you can download the install files here.

Noteworthy changes include:New

  • SWAMP-in-a-Box can now be configured to use an LDAP or LDAP-compatible Active Directory server for managing user accounts.
  • SWAMP-in-a-Box can now be configured to allow GitHub, Google, and CILogon accounts to be linked to SWAMP user accounts, allowing users to sign into the SWAMP using their third-party credentials.
  • The GrammaTech CodeSonar tool for assessing C/C++ packages can now be added to a SWAMP-in-a-Box installation. You must license CodeSonar and obtain either the 32-bit or 64-bit installers for CodeSonar separately from GrammaTech, Inc.
  • SWAMP users can now add Application Passwords to their SWAMP accounts. These passwords can be used with the SWAMP plugins for Eclipse and Jenkins to allow them to connect to the SWAMP without using the users’ main passwords.
  • Java 8 is now the default Java version when creating new Java source and Java bytecode packages.
  • The SWAMP now uses the “recursive” option to include linked sub-modules when pulling code from GitHub to create a new package or when adding a new package version.
  • The Native viewer for assessment results now includes information about the package, tool, and platform used, along with start and completion times, for the assessment.
  • SWAMP users can now change their SWAMP username when editing their profile page.
  • Added new versions and/or updates for the following assessment tools: Brakeman, Dawn, Reek, RuboCop, and ruby-lint.
  • The SWAMP-in-a-Box install and upgrade scripts now configure the web server (Apache) to disallow HTTP connections. The SWAMP must be accessed using HTTPS.
  • The SWAMP-in-a-Box install and upgrade scripts no longer attempt to configure firewall settings on the host. Required configuration is now documented in the `README-BUILD-SERVER.md` file that is included with the SWAMP-in-a-Box installer.
  • General enhancements and bug fixes.

Let us know if you have any questions at sib@continuousassurance.org.

SWAMP is at OSCON 2017!

If you are in Austin, TX this week for OSCON 2017, the SWAMP Team wants to see you! If you still need to register for the conference, use our discount code, SWAMP25, to save 25% on your admission.

Visit the Software Assurance Marketplace in Booth #518 on May 10th and 11th! We will be demoing our new plug-ins along with the newest features in SWAMP-in-a-Box.

Several SWAMP team members will also be giving presentations during the conference:

Read more about the SWAMP’s activities here.

OSCON 2017 Exhibiting Banner

End of RHEL 6.7 Support in SWAMP

On May 15, 2017, RHEL 6.7 will be removed from the SWAMP for use as an assessment platform for C and C++ packages. CentOS and Scientific Linux will continue to be supported and can be used as a replacement for RHEL (list of supported platforms in SWAMP). Results from previous assessments using RHEL 6.7 will still be viewable. If you have concerns about this change, contact us at support@continuousassurance.org.

« Older Entries