We are proud to announce our latest Update v1.4.10. With this release we further improved the concept of shared responsibility and distributed workflow by introducing an inbox, giving you a single point to oversee all open source relevant events. Also we improved many rudimentary functions to better serve your needs.
- Inbox - So far all system events such as vulnerability notifications or approval request were sent to your inbox only which required you to filter and search your inbox for your todos. The new inbox feature copies all events including the detailed links
- CVS-Score - If available, you will be presented the base CVSS for each vulnerability as well as the information about the attack vector. We do support both CVSS v2 and v3, however, information might not always be provided in both versions.
- New Vulnerabilities Feed - We have introduced a new vulnerabilities feed on the dashboard, providing you with information about the latest CVEs having been reserved. Not all CVEs assigned will turn into confirmed vulnerabilities, but at least it is an early heads-up.
- Suitability Checks - To further support the "shift left" philosophy, we provided two simple checks, that will allow developers to verify the impact of introducing a new license or component into their project even before it is put into the scan. You simply select the project and the license/component and TrustSource will tell you about the suitability or the most recent vulnerability information. You will find the feature in the section CHECK on the left side navigation bar. It also will be added as API-call, so that you may include it into your IDE.
- Extended Obligations Summary - We have extended the obligation summary with direct links to the components introducing the obligation, so that you may jump directly from the report to the component for further analysis or changes (e.g. marking component as unchanged, to get rid of the obligation). To request the obligations report, you no longer need to switch to the report section. It is now available directly in the list view. Just click the checkbox behind the module name.
- Private Licenses - from now on it is possible to provide your private license keys. This will allow to prevent "license not found" or "license not matched" hints to appear when identifying your private license key. You may create as many private licenses as you want.
- New License Overview - The license overview diagram on the Dashboard got a new look and a filtering capability by project. Thus you may select a specific project to see its licenses.
- Table/Grid-switch - We introduced a table view as an alternative to the grid view on project and module-level to better cope with larger projects. Because each view has its own benefits it is now possible to switch between both.
- Improved component data - We have extended the information available for the infrastructure components as well as improved the update frequency for such components.
- New licenses added - we were able to add some new rarely used license types.
- Some spelling mistakes were corrected
- A matching issue in the vulnerability scanner has been corrected
- Scalability has been improved