we are happy to announce our latest upgrade to version v1.8. In v1.8 we have included many new features. It will be deployed May 6th, between 2000-2400 CET.
PLEASE NOTE: Due to some breaking changes a short period of unavailability might be caused. We do not expect so, but 15 Min. might be required.
- Support for branches and tags in the scan API (837)
Many customers requested to get the option of adding tags or branch identifier, allowing even larger teams to review specific branches only. The API has been extended to accept these identifiers. Also did we extend the UI to provide a powerful filtering for these tags.
- Node Plugin extended to support tagging (849)
- Visual Studio plugin extended to support tagging (1002)
- Manual switch to turn on/off Written Offer (842)
You now may control whether to show or not to show the written offer statement using a switch. The system will alert you, in case you switch off the written offer despite being required to provide one.
- Written Offer editable in Notice File (812,923)
Last release we have provided the notice file generator. Customers requested a way to modify the "written offer". So we added a default text in the account section, that can be edited and will be provided the Notice File. There it can still be modified and turned on or off, while being turned on automatically if required.
- We have added the role "Account Admin"
allowing to free the manager role from the administration tasks of account management. So you may choose whom to task with access to account specific settings and user management tasks.
- Analysis moved so that larger projects may be assessed faster
We have restructured data so that the amount of data required to transfer between client and server could be reduced. This allows a faster login, dashboard display and the processing of even larger projects with several thousand components.
After someone having challanged TrustSource by uploading a project containing the complete Spring framework as dependency, we improved stability to handle even projects with several thousands of dependencies.
- Better Feedback in the API when uploading Scans
The API got additional return codes allowing you to better understand why particular scans have not been accepted or why a call did not arrive in the projects/module views. See the API-documentation for more details.
- Case sensitivity in email addresses has been finally removed
In the past some logins created difficulties due to a case-sensitive approach to login names. Thus users registering as U.ser@Comp.org were not able to find their account when trying to login as firstname.lastname@example.org . Case sensitivity has been removed for user names.
- Vulnerability calculations
in some cases the calculation of the percentage per class (critical, warning, OK) did not work properly.
- Validation of scan data
some special characters could cause frictions while processing scans. The validation rules for incoming data have been improved and new return codes have been provided.
Preview for next release
We are already working on a new service: DEEPSCAN. DeepScan has been designed to resolve the gap between declared and effective licenses. As you may be aware, there is a difference between real and effective licenses. If not, have a read here. To allow you a simple but sophisticated way to assess and analyze the effective license situation of a complete repository, we have developed DeepScan.
DeepScan will clone and search all files of a repository for all kind of license information. Whether it is a complete license text or just a license key. It will flag all indications and dispay you to the suspicious position. You may then decide whether to use the information or discard it. This feedback will flow back into the identification mechanism.