April 17, 2023
Welcome to Lucent Sky AVM version 2303 MR, the first release for 2023. This release includes improvements on binary, source code, and dependency analysis engines, and support for new technology stacks and security standards such as Go 1.20, PHP 8.2, and CWE 4.10. It also gained the ability to pull source code from version control for scanning, support for CSV, JSON, and SARIF report formats, and .NET Standard 2.0 support for the API. To learn more about this release, visit Lucent Sky AVM version 2303 release notes.
Binary analysis for Java applications are now faster and more comprehensive due to improved Intelligent Analysis algorithms and improved JSF and JSP support. The dependency analysis engine has improved artifact detection for Java application and further false positive reduction. The analysis engines are also more capable of recognizing custom security libraries derived from common security libraries such as OWASP ESAPI.
CSV, JSON, and SARIF reports can be generated alongside XML reports, enabling additional interoperability between Lucent Sky AVM and issue tracking and vulnerability management systems.
Go applications using Go 1.20 and PHP applications using PHP 8.2 are now supported. Vulnerability categorization and information have been updated to CWE 4.10. The weakness policy group for PCI DSS have been separated into two policy groups, one for PCI DSS v3.2.1 and one for PCI DSS v4.0. The current PCI DSS weakness policy group will be migrated to PCI DSS v4.0. To learn more about Lucent Sky AVM and the requirements of PCI DSS v3.2.1 and v4.0, visit Lucent Sky AVM for PCI DSS Compliance .
When integrating Lucent Sky AVM with software development lifecycle, it is common for scans to be initiated by a continuous integration pipeline, and pushing the source code to a Lucent Sky AVM for scanning. Version 2303 MR includes the ability to pull source code from a version control repository for scanning. In scenarios that is not practical to push the source code, users can configure Lucent Sky AVM to pull source code from a Git or TFVC repository for scanning. This feature supports popular Git and TFVC repositories, such as those provided by Azure DevOps, BitBucket, GitHub, and GitLab. To learn more about how to scan an application from version control, visit Scan an application from version control .
The API assemblies have been migrated from .NET Framework 4.8 to .NET Standard 2.0, enabling client applications to be built with latest .NET technologies such as .NET 7 while maintaining compatibility with clients built with .NET Framework.
If you are using Lucent Sky AVM Enterprise or Standard Edition (either on-premise or cloud) and have an active subscription, you can update to 2303 MR immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to 2303 MR in the next few days.