October 2023 Patch Update
We made a patch update to correct issues and improve performance.
- We created more efficiencies in our code for users accessing vulnerability finding details from Saved URLs.
- We resolved an issue where Security Gates were not working properly.
- We have improved load management across our infrastructure to improve communication between component systems and to improve scan performance.
This is version 19.1.17 - Release Date 2023-10-17
September 2023 Patch Update
We made a patch update to resolve a minor issue.
On the Dashboard for a Workspace, the two visualizations and the top-line severity counts were reflecting the total number of issues found rather than only showing counts of issues with an ACTIVE status. This has been fixed.
This is version 19.1.5 - Release Date 2023-09-29
September 2023 Update
We made a minor update that included a couple of small feature releases.
- Updated Reports
We added a "Lite Report" option that displays PDF reports with minimal formatting to reduce file sizes and enhance the ability to share and email. - Updated API
We have updated our API documentation to reflect a greater range of request methods to allow for greater functionality. - Log Viewer v1
Under the Setup-->Logging Main Navigation it is now possible to view log data associated with an environment. You can use different criteria to review the activity for a particular scan or a Workspace.
This is version 19.1.3 - Release Date 2023-09-27
Minor Update - August
We made a patch update to resolve a minor issue.
- Email Notifications for 2 Factor Authentication were not being sent promptly. Small code change to accommodate better reliability.
This is version 19.0.89
Minor Update - July
We made a patch update to resolve a number of minor issues.
- Resolved bug that would crash the user session when navigating between a newly opened tab to review a finding and the Findings Index screen in the previous tab.
- Resolved an issue related to using Single Sign-On with Azure AD
- Resolved an issue where scans would get stuck in pending status
- Resolved an issue where HTML encoded characters needed for spacing were appearing in Vulnerability Stack Tracing
- Resolved an issue with query parameters not working with screen pagination in Findings Detail screen
- Resolved an issue with the "Quick Export" button not working
- Resolved an issue with the formatting of long filenames and filepaths in printable report feature
- Resolved an issue with Google Auth SSO
This is version 19.0.87
Spring 2023 Update 1
We've made a number of follow-on bug fixes, and both feature and performance enhancements.
-
Improvements/Bug Fixes for GitHub Integration:
We have been working to improve the experience using DigitSec to scan GitHub repositories. We have reduced the number of scans that we run on a repository to only the target branch. We've also improved the way issues are communicated to GitHub so that there is greater alignment between the findings presented in our system and the findings that are presented in the SARIF file. GitHub does have certain limitations to the number of issues they can accommodate and we have noted that in our documentation. Also, GitHub deems some vulnerabilities as duplicates thus causing a slight variance in the top-line number of vulnerabilities reported. -
Algorithm Update:
We have made some updates to our Algorithm that will improve recognition of certain bugs such as SOQL injection vulnerabilities. -
User Permission Editing:
We have resolved a bug that prevented certain users that had been assigned a particular permission from being edited. -
Saved URLs:
We have updated our system to properly handle authentication and redirection of inbound links. In some cases, Users relying on saved links were getting an error after authenticating. -
Modifying Scan Settings on Multiple Workspaces:
For users that utilized the Switch Workspace pull-down menu to quickly make changes to Scan Settings, there was a bug with the UI not properly reflecting new changes even though the system recorded them. This has been fixed. -
Vulnerability Bookmark interfering with Working Issues Export:
In our Summer 23 Release, we introduced a new feature that would visually highlight the previously viewed Vulnerability when moving from a Vulnerability Detail screen to a Vulnerability Index screen. This introduced an issue where there was not a way to "de-select" the highlighted vulnerability. This caused a further impact in that the "Working Issues Export" would now only include the highlighted vulnerability and not reflect the current page of the Active Working Query. We have temporarily rolled back this feature in this version to accommodate a more substantive resolution to this problem that will include new working exports reflecting an active query from the findings database. -
Improved Formatting on View Report:
We are making some minor changes to the View Report functionality to resolve some of the extraneous spacing between some of the report elements and to fix the way some of the long file paths do not wrap properly on the page. This is in advance of additional working this summer to deploy "lighter weight" reports and to allow for more customized reports.
This is version 19.0.81
Spring 2023
- Improved User Interface
We have updated the underlying front-end design framework from Bootstrap/Angular to use React. This component-based design is much more nimble and responsive. We are also integrating cards and tabs much more consistently across screens. You will also notice improved data visualizations for each Workspace. - Meta-Data for Scans
We have improved the amount of data we are presenting to users on the Scan Statistics screen as well as on the data cards for each Scan. Users can now see at a glance which scan types were run and for management purposes, they can modify the title or assign tags to Scans. - Updated User Model
We have upgraded our user management model to now allow admins to strictly control access on a per Workspace basis. The system includes two tiers of management: Environment and Workspace; there are also Admins, Managers, Users, and Read-Only roles that are pre-established. Admins can create custom roles by assigning Read or Read/Write permissions on any major object.
Spring 2022
- Web Upload Zip File
Running SAST and SCA scans on zipped code packages got a lot easier when we added the capability to upload a file via browser Drag and Drop or File Picker to the S4 site. This capability has always been a part of the S4 Command Line Interface utility, but we extended it to the web as well. - Common Weakness Enumeration
Software Developers from across different backgrounds and experiences can now reference DigitSec S4 findings against a standard reference for the Software Development Lifecycle. Each vulnerability displays the CWE ID and the Findings Index page includes a pull-down menu for filtering results. - Commerce Cloud
DigitSec expands the capabilities of S4 under a new licensing program that can target security vulnerabilities under Salesforce Commerce Cloud. Allowing public access to Salesforce CRM data can unleash amazing potential for business and organizations, but it can also expose massive vulnerabilities. Give your team the tools they need to confidently secure your Commerce Cloud environment.
Winter22
- Single Sign On / Third Party Authentication
Integrate S4 with your Single Sign On provider and streamline your S4 onboarding process to include all the users in your organization. They’ll no longer be required to login directly to S4. - SAML Integrations
Leveraging the power of Security Assertion Markup Language allows you to integrate S4 with some of the most popular SSO providers. You can also leverage other SSO providers that are SAML compatible. - OneLogin
- OKTA
- Azure Active Directory
- Dynamic SAML
- Two Factor Authentication
Increase the security of your accounts by adding 2 Factor Authentication to every S4 user account. Users will receive a random string via email that will be used to verify access. - Google OAuth
If you signed up for S4 with your Google Account, you can leverage that identity to authorize your access to S4. - VS Code Plug-in
DigitSec has developed a robust plug-in for VS Code. You can find it in the VS Code Extensions Library by clicking on the Extensions icon and using the Search Tool to find "DigitSec s4". Now, Developers can run S4 scans on single files or entire projects directly from the IDE immediately after clicking Save. Vulnerability finding reports now allow you to click and go directly to that line of code. - SARIF Support with GIT
Connecting S4 to a GitHub repository now allows Developers to quickly run scans against their source and target branches simultaneously to speed the process of identifying new vulnerabilities and fixes. This is a very powerful tool that makes it easy to keep track of potential problems. Bring the S4 Vulnerability Findings Detail report directly into your source code repository to empower your entire team to resolve issues across source and feature branches. - Scan Type filtering on Finding Reports
We are expanding the slice and dice capabilities of our findings detail pages for each scan, now allowing you to filter vulnerabilities by the type of scan that identifies the issue: Configuration Scans (CONFIG), Runtime/Interactive Scans (IAST), Code Composition (SCA), Static Code Analysis (SAST) . - Expansion of Trial Account Functionality
Our free trial accounts have always been a great way to get a sense of S4 and how easy it is to get started with scanning S4. Many potential customers have been amazed to see the dashboard results showing the number of vulnerabilities that have grouped by severity. In the past, we've limited access to vulnerability findings reports to potential customers that are willing to schedule a meeting with us. In an effort to be more efficient and build more momentum with customers earlier in the sales cycle, we've modified the trial to show one example finding from each severity type. Customers can now see a real world example of how S4 interacts with their own code and config to highlight critical problems. - Copado Essentials Integration
In our Summer21 release, we added S4 integration with Copado. In this release, we expand on that integration by bringing S4 to the Copado Essentials Continuous Integration tool. You can access the S4 Scan results by jumping directly into S4. - Compliance Reporting Overlays
DigitSec Vulnerability Reports now include features that allow you to prioritize or filter findings based upon certain compliance regimes like HIPAA, SOX, APPI, ISO-27001, GDPR, and PCI-DSS. - UX/UI Improvements
With every release we make minor bug fixes and improvements. In this release, we've added the ability to add custom fields and values to S4 Findings results and have improved the filter selection tools for reports to include custom fields as well as the scan types, error types, severity level, task assignments, and compliance priorities.
Summer21
- CI/CD Pipeline Integration
- Copado Integration
Adding to our existing CI/CD tools, we’ve integrated with Copado, an industry
leading DevOps Platform Manager. S4 can be called to scan your code during
every build and test phase. You can manage Flow Parameters to set critical
thresholds for gating your flows. Severity Summaries are entered into the
Description of the Step Results with a link back to the S4 Dashboard Vulnerability
Findings Report.
- Copado Integration
- Code Repository / Version Control
- Integrate S4 with one of these code repositories and you will be able to run SAST and SCA scans directly on your code, instead of pulling from Salesforce. This functionality gives developers more control over scanning their code prior to deployment. Developers can initiate these scans from the S4 Dashboard, using the S4 CLI in their favorite IDE, or as a trigger in their CI/CD pipeline. Comments can be added to your commit or pull request with the severity summary findings of the scan.
- Bitbucket
- GitHub
- Gitlab
- Azure DevOps
- Integrate S4 with one of these code repositories and you will be able to run SAST and SCA scans directly on your code, instead of pulling from Salesforce. This functionality gives developers more control over scanning their code prior to deployment. Developers can initiate these scans from the S4 Dashboard, using the S4 CLI in their favorite IDE, or as a trigger in their CI/CD pipeline. Comments can be added to your commit or pull request with the severity summary findings of the scan.
- Salesforce OAuth Workflow for S4 Authorization
- Connecting to S4 and Salesforce is now even easier! Instead of needing to generate a specific key on Salesforce and then pass that key over to S4, Salesforce Administrators can add a Salesforce Org to S4 by simply logging into Salesforce with their credentials and clicking a confirmation button.
- Expanded User Access Controls
- S4 Administrators now have a wider array of granular permissions that can be assigned to S4 users. Specific Users can be limited to scanning only certain Salesforce Orgs.
- Expanded Scan Granularity on a per Org basis
- Users now have more flexibility on being able to control which scans run on a per Org basis when they initiate the scan via the S4 Dashboard. For example, your sandbox org may only need SAST/SCA scans while your production org would have SAST/IAST/SCA/CONFIG. These changes will be effective for all users in your S4 account.
- UX/UI Improvement
- With every release we make minor bug fixes and improvements. In this release, we have made changes to the dashboard that improves the readability of the data visualizations. We’ve also improved the multi-select dropdown menus for easier de/selection of orgs included in the visualization. Also, you can now use our dashboard to schedule scans on a per org basis. Finally, page display and HTML redirects now provide a better UX experience.
Spring21
- Jenkins Integration
- Connect S4 to one of the popular CI/CD automation tools and have S4 run a scan on
your code after kicking off a commit.
- Connect S4 to one of the popular CI/CD automation tools and have S4 run a scan on
- S4 CLI
- Harness the power of the S4 Cloud by using this utility that integrates with your favorite
Command Lite interface.
- Harness the power of the S4 Cloud by using this utility that integrates with your favorite
- IDE Plugin Integration
- Developers live in the Integrated Development Environments. They can now include S4 information directly into their source code and issue commands to run scans from local files directly from their IDE Terminal Command line.
- IntelliJ
- VS Code
- Developers live in the Integrated Development Environments. They can now include S4 information directly into their source code and issue commands to run scans from local files directly from their IDE Terminal Command line.
Winter21
- Jira Integration
- S4 now allows you to synchronize your Vulnerability Findings Report with JIRA allowing
you to manage the remediation of bugs inside your existing Software Development
Lifecycle Management tools and processes.
- S4 now allows you to synchronize your Vulnerability Findings Report with JIRA allowing
- Software Composition Analysis Scan 2.0
- S4 integrates a new scan to the platform which analyzes bundled and remotelyreferenced code libraries to check whether they are appearing in Common Vulnerability
and Exploit databases, giving you confidence in your software supply chain.
- S4 integrates a new scan to the platform which analyzes bundled and remotelyreferenced code libraries to check whether they are appearing in Common Vulnerability
- Improved UX/UI Elements
- With every release we make minor bug fixes and improvements. In this release, we have
integrated powerful data visualizations into the S4 dashboard that gives users a fulsome
understanding of the distribution of potential attack vectors.
- With every release we make minor bug fixes and improvements. In this release, we have
