SmartDec Scanner Release Notes 3.3.0
Step by step, we are moving towards our goal that we stated in the previous release notes. The goal is to create a powerful analyzer with an intuitive interface. Today we want to present you SmartDec Scanner 3.3.0.
Overview
We have added Perl and Vyper support and now you can analyze apps in 31 languages. We have redesigned navigation, implemented breadcrumbs. Also, we have implemented SonarQube integration.
Below you can see the details.
Languages Support
We have added new programming languages:
- Perl
- Vyper
Interface
Navigation. You can notice that we have redesigned navigation. Tabs have been replaced with side menu sections.
One more navigation improvement is breadcrumbs. We have added them in the Project and Administration sections.
License. Now any user can view license parameters in the User Profile section. License parameters, such as expiration date, scans left, and available languages, are listed in the Restrictions tab.
Scan UUID. Scan UUID is used in API requests. In version 3.3, you can copy the scan UUID in the Project section. Click “info” button, and then in the window that opens, click “copy” button.
Select All/Deselect All. Now you can use Select All/Deselect All buttons in lists of 5 or more checkboxes.
Analytics page. We have made some page improvements: groups and graphs after editing are updated automatically. Also, selected project groups are saved for display after page refresh.
Last Scan. Implemented a warning about one remaining scan. You will receive a notification when only one scan remains.
Rule Base
One of our main goals is to improve and expand our base of vulnerability search rules. For all supported languages, we have:
- improved vulnerability search algorithms
- added new vulnerability search rules
- supplemented vulnerability descriptions
PCI DSS
We have updated PCI DSS vulnerability classification to version 3.2.1. You can export a report with PCI DSS 3.2.1 classification now.
App Analysis
We have changed app analysis. If you upload an executable file, SmartDec Scanner will analyze code in all supported programming languages (not only Java/Scala/Kotlin and Objective-C/Swift):
- for iOS: executable .ipa files and applications from the App Store
- for Android: .apk files and applications from Google Play
- .jar, .war, .aar, .ear files
SonarQube Integration
In version 3.3.0, we implemented integration with SonarQube. After installing the plugin, you can view SmartDec Scanner results in the SonarQube interface.
LDAP Integration
We have implemented new functionality for integration with LDAP. Now you can add LDAP users to local groups.
We are trying to take into account all your wishes. Your feedback helps us to make our tool better. To get SmartDec Scanner trial send a request to sdscanner-sale@smartdec.com.
This article was created by SmartDec, a security team specialized in static code analysis, decompilation and secure development.
Feel free to use SmartCheck, our smart contract security tool for Solidity and Vyper, and follow us on Medium, Telegram and Twitter. We are also available for smart contract development and auditing work.
