November 14, 2023
Welcome to Lucent Sky AVM version 2309 MR. Developed under the code name Lucent Sky AVM 10, it is based on the forth-generation analysis architecture and comes with ML-augmented identification and remediation engines. Lucent Sky AVM 2309 MR also includes support for new technologies such as JDK 21 and applications written in Dart, automatic analysis target detection and support for multiple analysis targets, and UX improvements like improved dependency analysis support in IDEs and multi-factor authentication for on-premise deployment. To learn more about this release, visit Lucent Sky AVM version 2309 release notes.
First announced in Spring 2023, new analysis and remediation engines in Lucent Sky AVM are augmented by machine learning and are capable of providing automatic vulnerability identification and remediation that adapts to how its users write and secure code. Currently, many organizations customize their Lucent Sky AVM instances so the generated Instant Fixes are compatible with their own security libraries. Starting with Lucent Sky AVM version 2309, instances with advanced real-time intelligence enabled will be able to automatically learn how its users write and secure code, validate the robustness of the security libraries and mechanisms used by the users, and incorporate those in the Instant Fixes in generated.
Comparing to traditional SAST tools, Lucent Sky AVM already provides significantly better analysis specificity. In version 2309, machine learning algorithms will help further reduce false positives in scan results. ML-augmented hybrid analysis enables automatic false positive suppression to adapt to its users, by learning how results are triaged and how security and weakness policies are applied.
To learn more about how developers can leverage the ML-augmented identification and remediation engines to get tailored automatic vulnerability remediation while maintaining visibility and control, visit Lucent Sky introduced ML-augmented vulnerability remediation.
The development of the forth-generation analysis architecture started in late 2019. Its primary goal is a scalable analysis architecture that can support flow-based, contextual hybrid analysis of source code, binary files, and dependencies of a large modern application. The binary analysis engine for C/C++, first available in 2022 for select customers, was the first engine based on the forth-generation analysis architecture. In Lucent Sky AVM version 2309, all analysis and remediation engines have been updated to use this new architecture, and scans are not only more accurate but also up to 15% faster.
The forth-generation analysis architecture also brings support for multiple analysis targets and automatic analysis target detection. Entire .NET solutions, nested Java projects, or hundreds of build artifacts can be analyzed in one go, and if no analysis target was specified, Lucent Sky AVM will intelligently pick a project or build artifact for analysis based on the uploaded source code and historic data.
Lucent Sky AVM for Visual Studio is now generally available, and is available on macOS and Ubuntu in addition to Windows.
To streamline naming of IDE extensions, the Eclipse plug-in has been renamed Lucent Sky AVM for Eclipse and the Visual Studio extension has been renamed Lucent Sky AVM for Visual Studio. Both received improved support on dependency analysis and now support dependency update guidance.
Because of the new analysis architecture, version 2309 introduces several breaking changes. To learn more about these changes and how they might impact your Lucent Sky AVM instances, visit Lucent Sky AVM version 2309 release notes on Lucent Sky Docs.
If you are using Lucent Sky AVM Enterprise or Standard Edition (either on-premise or cloud) and have an active subscription, you can update to 2309 MR immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your instances will be updated to 2309 MR if they are not impacted by the breaking changes. Otherwise, our support team will reach out and work with you on a upgrade plan.