This release introduces a new feature: Static Analysis Results Interchange Format (SARIF) exports.
This enhancement enables teams to export a SARIF report from the Kiuwan UI, providing detailed insights into your application’s vulnerabilities, simplifying the exchange, integration, and presentation of findings across various tools and platforms.
SARIF export is initially available for Java. Support for additional languages and export options will be added in upcoming releases.
| Latest Versions |
|
Engine: master.p703.q13605.a1914.i670 KLA: master.1946.p703.q13605 |
In addition to SARIF exports, this release contains the following improvements and fixes:
Improvements
- Java - Improved detection of indirect inheritance and parameterized classes, reducing false positives and false negatives.
- VB.NET - New quality rule for detecting unused Enums: OPT.VBNET.VBnet.RemoveUnusedEnumMembers
- When muting vulnerabilities by source code, Kiuwan now ignores leading whitespace, leading to more efficient muting when indentation varies.
Bugs
- Java - Resolved false positives in rule OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseInjectableDecorator where the Inject() decorator is correctly used with injection tokens.