Welcome to Lucent Sky AVM version 2009 SU1, the first Service Update for 2009 MR. In addition to bug fixes, this Service Update also includes minor improvements on analysis engines and better remediation support for imported SAST scans. To learn more about this release, visit Lucent Sky AVM version 2009 release notes.

Analysis

The most visible changes in 2009 SU1 is opportunistic analysis. In previous versions, when build failed for .NET or JDK applications, the scan fails. With opportunistic analysis, instead of failing the scan when the application failed to build, additional source code analysis will be added to compensate the lack of binary analysis and allow the scan to complete (although with a warning). Opportunistic analysis is disabled by default, as we encourage our customers to use both binary analysis and source code analysis to take advantage of Lucent Sky AVM’s accuracy and to enable Instant Fixes on more vulnerabilities.

In addition, we have also made improvements to the binary and source code analysis engines for better accuracy and support for additional 3rd-party security libraries, as well as warning when the detected framework of the application source code mismatches the framework set for the scan.

Updating to 2009 SU1

If you are using Lucent Sky AVM Enterprise or Standard Edition (either on-premise or cloud) and have an active subscription, you can update to 2009 SU1 immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to 2009 SU1 in the next few days.