- Web Upload Zip File
Running SAST and SCA scans on zipped code packages got a lot easier when we added the capability to upload a file via browser Drag and Drop or File Picker to the S4 site. This capability has always been a part of the S4 Command Line Interface utility, but we extended it to the web as well.
- Common Weakness Enumeration
Software Developers from across different backgrounds and experiences can now reference DigitSec S4 findings against a standard reference for the Software Development Lifecycle. Each vulnerability displays the CWE ID and the Findings Index page includes a pull-down menu for filtering results.
- Commerce Cloud
DigitSec expands the capabilities of S4 under a new licensing program that can target security vulnerabilities under Salesforce Commerce Cloud. Allowing public access to Salesforce CRM data can unleash amazing potential for business and organizations, but it can also expose massive vulnerabilities. Give your team the tools they need to confidently secure your Commerce Cloud environment.
- Single Sign On / Third Party Authentication
Integrate S4 with your Single Sign On provider and streamline your S4 onboarding process to include all the users in your organization. They’ll no longer be required to login directly to S4.
- SAML Integrations
Leveraging the power of Security Assertion Markup Language allows you to integrate S4 with some of the most popular SSO providers. You can also leverage other SSO providers that are SAML compatible.
- Azure Active Directory
- Dynamic SAML
- Two Factor Authentication
Increase the security of your accounts by adding 2 Factor Authentication to every S4 user account. Users will receive a random string via email that will be used to verify access.
- Google OAuth
If you signed up for S4 with your Google Account, you can leverage that identity to authorize your access to S4.
- VS Code Plug-in
DigitSec has developed a robust plug-in for VS Code. You can find it in the VS Code Extensions Library by clicking on the Extensions icon and using the Search Tool to find "DigitSec s4". Now, Developers can run S4 scans on single files or entire projects directly from the IDE immediately after clicking Save. Vulnerability finding reports now allow you to click and go directly to that line of code.
- SARIF Support with GIT
Connecting S4 to a GitHub repository now allows Developers to quickly run scans against their source and target branches simultaneously to speed the process of identifying new vulnerabilities and fixes. This is a very powerful tool that makes it easy to keep track of potential problems. Bring the S4 Vulnerability Findings Detail report directly into your source code repository to empower your entire team to resolve issues across source and feature branches.
- Scan Type filtering on Finding Reports
We are expanding the slice and dice capabilities of our findings detail pages for each scan, now allowing you to filter vulnerabilities by the type of scan that identifies the issue: Configuration Scans (CONFIG), Runtime/Interactive Scans (IAST), Code Composition (SCA), Static Code Analysis (SAST) .
- Expansion of Trial Account Functionality
Our free trial accounts have always been a great way to get a sense of S4 and how easy it is to get started with scanning S4. Many potential customers have been amazed to see the dashboard results showing the number of vulnerabilities that have grouped by severity. In the past, we've limited access to vulnerability findings reports to potential customers that are willing to schedule a meeting with us. In an effort to be more efficient and build more momentum with customers earlier in the sales cycle, we've modified the trial to show one example finding from each severity type. Customers can now see a real world example of how S4 interacts with their own code and config to highlight critical problems.
- Copado Essentials Integration
In our Summer21 release, we added S4 integration with Copado. In this release, we expand on that integration by bringing S4 to the Copado Essentials Continuous Integration tool. You can access the S4 Scan results by jumping directly into S4.
- Compliance Reporting Overlays
DigitSec Vulnerability Reports now include features that allow you to prioritize or filter findings based upon certain compliance regimes like HIPAA, SOX, APPI, ISO-27001, GDPR, and PCI-DSS.
- UX/UI Improvements
With every release we make minor bug fixes and improvements. In this release, we've added the ability to add custom fields and values to S4 Findings results and have improved the filter selection tools for reports to include custom fields as well as the scan types, error types, severity level, task assignments, and compliance priorities.
- CI/CD Pipeline Integration
- Copado Integration
Adding to our existing CI/CD tools, we’ve integrated with Copado, an industry
leading DevOps Platform Manager. S4 can be called to scan your code during
every build and test phase. You can manage Flow Parameters to set critical
thresholds for gating your flows. Severity Summaries are entered into the
Description of the Step Results with a link back to the S4 Dashboard Vulnerability
- Code Repository / Version Control
- Integrate S4 with one of these code repositories and you will be able to run SAST and SCA scans directly on your code, instead of pulling from Salesforce. This functionality gives developers more control over scanning their code prior to deployment. Developers can initiate these scans from the S4 Dashboard, using the S4 CLI in their favorite IDE, or as a trigger in their CI/CD pipeline. Comments can be added to your commit or pull request with the severity summary findings of the scan.
- Azure DevOps
- Salesforce OAuth Workflow for S4 Authorization
- Connecting to S4 and Salesforce is now even easier! Instead of needing to generate a specific key on Salesforce and then pass that key over to S4, Salesforce Administrators can add a Salesforce Org to S4 by simply logging into Salesforce with their credentials and clicking a confirmation button.
- Expanded User Access Controls
- S4 Administrators now have a wider array of granular permissions that can be assigned to S4 users. Specific Users can be limited to scanning only certain Salesforce Orgs.
- Expanded Scan Granularity on a per Org basis
- Users now have more flexibility on being able to control which scans run on a per Org basis when they initiate the scan via the S4 Dashboard. For example, your sandbox org may only need SAST/SCA scans while your production org would have SAST/IAST/SCA/CONFIG. These changes will be effective for all users in your S4 account.
- UX/UI Improvement
- With every release we make minor bug fixes and improvements. In this release, we have made changes to the dashboard that improves the readability of the data visualizations. We’ve also improved the multi-select dropdown menus for easier de/selection of orgs included in the visualization. Also, you can now use our dashboard to schedule scans on a per org basis. Finally, page display and HTML redirects now provide a better UX experience.
- Jenkins Integration
- Connect S4 to one of the popular CI/CD automation tools and have S4 run a scan on
your code after kicking off a commit.
- S4 CLI
- Harness the power of the S4 Cloud by using this utility that integrates with your favorite
Command Lite interface.
- IDE Plugin Integration
- Developers live in the Integrated Development Environments. They can now include S4 information directly into their source code and issue commands to run scans from local files directly from their IDE Terminal Command line.
- Jira Integration
- S4 now allows you to synchronize your Vulnerability Findings Report with JIRA allowing
you to manage the remediation of bugs inside your existing Software Development
Lifecycle Management tools and processes.
- Software Composition Analysis Scan 2.0
- S4 integrates a new scan to the platform which analyzes bundled and remotelyreferenced code libraries to check whether they are appearing in Common Vulnerability
and Exploit databases, giving you confidence in your software supply chain.
- Improved UX/UI Elements
- With every release we make minor bug fixes and improvements. In this release, we have
integrated powerful data visualizations into the S4 dashboard that gives users a fulsome
understanding of the distribution of potential attack vectors.