web analytics

Deepfactor 3.3 Includes Enhanced Prioritization of SCA Findings and New Free-Trial Offer – Source: securityboulevard.com

deepfactor-33-includes-enhanced-prioritization-of-sca-findings-and-new-free-trial-offer-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Deepfactor

Deepfactor Release 3.3 Overview

In Release 3.3 of Deepfactor Developer Security, we have made significant enhancements to the platform’s artifact scanner and runtime correlation to help users prioritize SCA findings. Users can now export the scan results in multiple formats including SPDX, as well as gate builds using exit code. We have also launched our cloud SaaS platform— users can now easily sign up for, and get value from, Deepfactor within minutes.

For additional details on 3.3 release, please review the Release Notes in Deepfactor Docs.

AWS Builder Community Hub

Release 3.3 Highlights

Features Enhancements
Core Platform ·       Multi-tenant Cloud SaaS platform. ·       Improved user management capabilities such as change user role, delete user and revoke user tokens.

·       Improved authentication/authorization mechanism to access Deepfactor APIs
Core Runtime ·       Support for Oracle Linux version 8.5

·       Support for Rocky Linux

·       Support for K8s version 1.24, 1.25, 1.26 and 1.27

·       Reporting of stack traces for application using Python version 3.11
SBOM, SCA & Container Scans ·       Added SPDX report format support

·       Configurable exit code, which can be used to gate builds in CI/CD pipeline

·       Exploits-in-the-wild information for vulnerabilities as another metric for prioritization

·       Classification of transitive and direct dependencies along with root dependency information
Runtime SCA ·       Runtime usage of Python and NodeJS dependencies to prioritize SCA findings
Runtime Security ·       Added multiple runtime security alerts that look for anomalous behavior.

Release 3.3 Details: Key Features Added

  1. Multi-tenant Cloud SaaS platform: We launched our multi-tenant cloud SaaS platform making it very easy for users to signup and experience the capabilities Deepfactor offers. Users can sign up for a free trial here.
  2. SPDX support: Users can now export their SBOM in SPDX format from the CLI as well as API and UI. We also now allow users to generate multiple reports in different formats for a single scan.
  3. Gate builds: dfctl scan now return a configurable exit code if the scan output results in at least one policy violation. Users can specify thresholds for CVSS score and vendor severity. They can also specify a list of disallowed license regexes to get alerted if a dependency with an undesired license is added.
  4. Exploit information: Deepfactor now pulls exploit information from different sources such as exploit-db, CyberSecurity Infrastructure and Security Agency (CISA) and PoCs in Github and shows it for the vulnerabilities associated with the user’s applications. This serves as another metric users can utilize to prioritize which vulnerabilities to address first.
  5. Runtime usage of Node.js and python applications: Deepfactor helps developers and AppSec teams prioritize which vulnerable dependencies to fix first by providing runtime usage information of dependencies. In this release, we have now extended that support to Node.js and python applications.
  6. Classification of transitive and direct dependencies: Modern software applications have complex SBOMs with several direct dependencies (included by your developers) importing further dependencies and those dependencies bringing more dependencies resulting in a n-depth tree. If a sub-dependency is vulnerable, developers can’t directly update them. They need to know which direct dependency is responsible for bringing in the vulnerable sub dependency so they can upgrade the direct dependency. Deepfactor not only identifies which dependencies are transitive but also the direct dependency which brought in the sub dependency.

The post Deepfactor 3.3 Includes Enhanced Prioritization of SCA Findings and New Free-Trial Offer appeared first on Deepfactor.

*** This is a Security Bloggers Network syndicated blog from Deepfactor authored by Deepfactor. Read the original post at: https://www.deepfactor.io/deepfactor-3-3-includes-enhanced-prioritization-of-sca-findings-and-new-free-trial-offer/

Original Post URL: https://securityboulevard.com/2023/08/deepfactor-3-3-includes-enhanced-prioritization-of-sca-findings-and-new-free-trial-offer/

Category & Tags: Security Bloggers Network,Uncategorized – Security Bloggers Network,Uncategorized

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate