Lucent Sky AVM version 2006 MR released

July 06, 2020

Welcome to Lucent Sky AVM version 2006 MR, the third Minor Release of 2020. The highlight of this release is cluster support for on-premise instances. It also includes updates to the binary and source code analysis engines, support for CVSS and priority ratings, and other improvements and bug fixes. To learn more about this release, visit Lucent Sky AVM version 2006 release notes.

On-premise cluster

Lucent Sky AVM instances on Azure has long been able to run in clusters. With this release, we are extending this capability to on-premise Lucent Sky AVM instances. All Lucent Sky AVM instances in a cluster are backed by a single database and storage, allowing better performance scaling, higher availability, and easier management. Cluster support is available on Lucent Sky AVM E3, and we are planning to make it available to E1 in the near future. To learn more about migrating a standalone instance to a cluster, contact Lucent Sky Support.

Automatic build detection

When scanning a .NET or JDK application, Lucent Sky AVM will now analyze the analysis target and the structure of the application to select the right build tools. For example, if a pom.xml is set as the analysis target, Maven will be used to build the application. If a directory containing .class files is set as the analysis target, these .class files will be packed together and used as the binary analysis target.

Kotlin

Many developers have adopted Kotlin in developing Android apps, and starting with this release, these apps can be scanned just like apps developed with Java. To scan an Android app developed with Kotlin, create a new Android application in Lucent Sky AVM, upload its source code, and code in Kotlin will automatically be recognized and scanned as such. As Kotlin is a preview feature, make sure your Lucent Sky AVM instance has joined the Lucent Sky AVM Preview Program.

CVSS and priority ratings

In addition to the 1 to 4 priority score indicating how urgent a result should be addressed and remediated, from this release onward, each result will also get a high, medium, and low priority rating, and a CVSS score. The priority rating is simply a rating converted from the numerical score, with 1 being high, 2 being medium, and 3 and 4 being low. The CVSS score assigned is a CVSS Base Score calculated according to the CVSS v3.1 specifications. It should be kept in mind that the Base Score represents the intrinsic characteristics of a vulnerability that are constant over time and across environments, and should be supplemented with Temporal and Environmental Scores.

Updating to 2006 MR

If you are using Lucent Sky AVM Enterprise or Standard Edition (either on-premise or cloud) and have an active subscription, you can update to 2006 MR immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to 2006 MR in the next few days.