Open in app

Sign up

Sign in

Write

Sign up

Sign in

SmartDec Scanner 3.4.0 Release Notes

Yelizaveta Kharlamova
SmartDec Cybersecurity Blog
Published in
5 min readFeb 6, 2020

--

SmartDec Scanner 3.4.0 has absolutely new report module! After four releases with the module from our old interface, we finally did it. We’ve added flexible and quick export configuration and new design. Please, read about all the details below.

Overview

We have added one new language, new vulnerability verification statuses, some interface and analysis algorithms improvements. The rest is about the new report module.

Languages Support

We have added VB.NET support, and now it is 32 languages in total. We are still the leaders.

User Interface Functionality

New vulnerability verification statuses: Confirmed, Rejected, Not processed. Mark the checked vulnerabilities as Confirmed to fix them later, or as Rejected so that the vulnerabilities will no longer appear. 5000 vulnerabilities need to be checked? Do not worry, all the marks will remain after rescanning.

Vulnerability menu has been implemented. Now you can quickly change severity level and verification status: Confirmed, Rejected, Not processed. The same is available on the Vulnerability Management tab.

Separate filters: vulnerabilities with setup recommendations for Imperva SecureSphere, ModSecurity, F5, and Without recommendations. We thought you might have not all the WAFs at the same time.

Quantities by category: now you can see the number of vulnerabilities for each category in the filter.

Language icons: enjoy our new ones. Our designers have worked on it!

Reporting Module

Export Report

New flexible report settings: you can export only project summary or detailed scan information, vulnerabilities list and recommendations for their elimination. That will be 2 pages or hundreds. We leave the choice to you.

Export configuration templates: create one or several templates for quick export of various reports: brief and detailed. The System template is ours, but you can use it for detailed ones.

Vulnerability filters: by language, verification status, Jira task availability, and Fuzzy Logic Engine filter. Works as in the Detailed Results section.

Number of vulnerabilities setting: if there are hundreds of vulnerabilities, and you need to include only a few in the report, specify a certain number of entries for each vulnerability.

Vulnerable code context size setting: the whole file or only a few lines before and after vulnerability — it’s also up to you now.

Export Settings

Configuration templates have been implemented. Create multiple templates for your project to quickly export different reports. View, edit and create new templates. Set the template by default and manage templates visibility.

PDF Report

Title

Plus one page: we’ve added title page with our logo and common information:

  • your project name
  • report creation date
  • report author
  • vulnerability classification method: By severity, OWASP Top 10, OWASP Mobile Top 10, PCI DSS, HIPAA or CWE/SANS Top 25
  • SmartDec Scanner version

Navigation

Clickable table of contents: finally it happened, now you can easily go to any section.

Clickable lists of scans and vulnerabilities: quickly move to the scan or vulnerability details you want.

Report Content

Would you like to export all you see in the interface to PDF? Now you can export even more:

  • Scan history: different scan statistics and use for navigation.
  • Vulnerability diagrams: pie charts of vulnerability statistics by severity and prevalence.
  • Scan results comparison: diagrams, tables, vulnerabilities list.
  • Vulnerability comments: comments that you left on the Detailed results page.
  • Traces: data flow diagrams. This is an improved version of the one you can see in Detailed Results: each trace element is represented by a code context.

Integration Improvements

Git: now we analyze submodules.

TFS: was it difficult to choose that long list of languages by one? We added a quick selection now.

Open API specification: redefined default values ​​for the report export request. Now removed vulnerabilities and scan comparison are not included by default.

Rule Base and Algorithms

Supported file extensions: have you faced problems when analyzing .tsql or .plsql? We added new file extensions support:

  • ABAP: .bsp
  • Cobol: .pso
  • PL / SQL: .spb, .prc, .sp, .plsql, .trg, .sps, .st, .spp
  • T-SQL: .tsql, .sp

Algorithms: we’ve improved determining source code language of .class files: Java, Scala, or Kotlin.

Vulnerability search rules: we’ve added 100 new rules for supported programming languages.

Supplemented vulnerability descriptions.

Thank you for reading.

We have many plans for developing our product. Your feedback helps us understand which features are the most important.

Please feel free to request SmartDec Scanner trial via sdscanner-sale@smartdec.com.

This article was created by SmartDec, a security team specialized in static code analysis, decompilation and secure development.

Feel free to use SmartCheck, our smart contract security tool for Solidity and Vyper, and follow us on Medium, Telegram and Twitter. We are also available for smart contract development and auditing work.

Smartdec Scanner
Security
Application Security
Static Code Analysis
Smartdec

--

--

Yelizaveta Kharlamova
SmartDec Cybersecurity Blog
Follow

Written by Yelizaveta Kharlamova

6 Followers
Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams