| Latest Versions |
|
Engine: master.p698.q13576.a1914.i669 KLA: master.1942.p698.q13576 |
This release introduces a new API endpoint for exporting Kiuwan Audit results in JUnit format, enabling seamless integration with test case management tools such as TestRail and Xray.
In addition, Audit Checkpoint thresholds can now be configured as a percentage of files analyzed, offering greater flexibility and control. These updates are accompanied by numerous enhancements and fixes aimed at improving overall functionality, performance, and stability.
Improvements
- Added rule tags for OWASP API10:2023 - Unsafe Consumption of APIs
- Added Threshold Mode option for Relative or Fixed Audit Checkpoint threshold calculations.
- Added a new endpoint for exporting JUnit report of Kiuwan Audit
- API - General performance improvements
- Error messages in the UI now have a unique ID to facilitate support requests
- In the PDF version of the Software Analytics Report, we’ve additional information relating to methodologies when a custom model is used
- JavaScript - Implemented a new rule for arbitrary string searching
- Python - Added support for analyzing Python code inside .ipynb files. Python code not contained inside Magic commands will be analyzed.
- Python - Added support for match/case syntax
- The Quality Indicator graph is now visible in Lifecycles when a complete delivery is analyzed with multiple analysis types
- TypeScript - Added support for exception type arguments, such as any/unknown
- UI - Added tooltip to Audit checkpoints to clarify behavior when no rules are selected
Bugs
- API - PUT /applications endpoint - "forceModel" and "sourceCodeUpload" properties can now be updated through the API
- C - Performance improvements when scanning large codebases
- C - Resolved a false positive for rule OPT.C.CERTC.EXP33 a (void) variable is declared
- Fixed the label when updating or switching SSO methods
- Hash IDs for Mutes will not change when analyzing source code on different operating systems
- Java - Remove DESEDE from the allowed algorithms list
- Java - Resolved a false positive for rule OPT.JAVA.CNU.EPNU when a variable is used as a method reference
- Java - Resolved a false positive in Java rule OPT.JAVA.CONV.ObjectTypeVerification
- Java - Resolved a false positive in rule OPT.JAVA.SEC_JAVA.AvoidEJBJavaIo
- Java - Resolved a false positive in rule OPT.JAVA.STR.USC
- Java - Resolved a false positive with rule OPT.JAVA.SEC_JAVA.SpringUnrestrictedRequestMapping
- Kiuwan Local Analyzer no longer opens two windows when updating the version using kiuwan.cmd on Windows
- PHP - Resolved a false negative with rule OPT.PHP.SEC.PlaintextStorageOfPassword
- PL/SQL - Resolve a parsing error with JSON_QUERY Function
- Python - Resolved a false negative with rule OPT.PYTHON.SECURITY.CodeInjection
- Reports - Resolved an issue where the top of a Governance PDF report is truncated
- Resolved an issue where the Kiuwan Rule developer UI would not open when JDK 16 or above is used on Windows
- Resolved false positive where Insights associated jQuery 3.6.0 with CVE-2007-2379
- Swift - Resolved a parsing issue when using predefined SWIFTUI environment variables
- Typescript - Resolved a parsing error due to 'for await' loops
- UI - Resolved an issue where the "Duplicated" label is sometimes cropped on the Insights > Obsolescence page
- Updated links on the Governance landing page
- Updated the certificate in the Keystore used in the SSO configuration with SAML 2.0
- Updated the SAP HANA exportHanaCloudSources.xml file to detect file paths properly
- VB.NET - Resolved a parsing Issue with empty Sub Constructors