March 19, 2024
Welcome to Lucent Sky AVM version 2403 MR, the first release for 2024. This release includes major enhancements to the entire binary analysis process - from faster, broader analysis to more actionable results enabled by machine learning. Also included are support for new tech stacks and security standards such as .NET 8 and CWE 4.13, and management, security, and UX improvements for on-premise instances. To learn more about this release, visit Lucent Sky AVM version 2403 release notes.
Hybrid analysis, a process that analyzes both the source code and its build artifacts and correlate the results, is fundamental to Lucent Sky AVM’s vulnerability remediation capabilities. When integrated with continuous integration processes or used directly by developers, a Lucent Sky AVM scan is almost always based on the source code and its build artifacts. However, when a scan is done later in the software development lifecycle, getting the right source code and the right build artifacts might be a challenge. Stakeholders not only have to get the right source code, but also need to correctly place them relative to the build artifacts. Automatic source path detection was developed to solve this issue. In version 2403, the hybrid analysis engine uses machine learning to intelligently locate the source code for the binary files that are being analyzed. Even when the source code is placed in an arbitrary location, the hybrid analysis engine can use contextual information to correlate binary files and source code files, providing Instant Fixes and more context for vulnerabilities found in those binary files.
In addition to improvements from automatic source path detection, version 2403 also includes other enhancements for binary analysis:
Precompiled JSP files - precompiled JSP files are now supported when using direct binary analysis. In addition, if both the original JSP files and precompiled JSP files are present when using direct binary analysis, they will also be automatically mapped to present a streamlined view of identified vulnerabilities.
Opportunistic binary analysis - first available in version 2309, opportunistic binary analysis allows a scan that failed to build to continue with both binary and source code analyses by intelligently identifying build artifacts as binary analysis targets. Our telemetry shows that opportunistic binary analysis has been very effective - build artifacts were correctly discovered and analyzed in over 70% of the scans that failed to build but have existing build artifacts. Based on these telemetries, we further improved the algorithms to recognize additional build artifacts and to use additional clues to select the most suitable build artifacts for binary analysis.
Because of the new binary analysis process, version 2403 introduces a few changes that might potentially be breaking for customers with highly-customized scan configurations. To learn more about these changes and how they might impact your Lucent Sky AVM instances, visit Lucent Sky AVM version 2403 release notes on Lucent Sky Docs.
If you are using Lucent Sky AVM Enterprise or Standard Edition (either on-premise or cloud) and have an active subscription, you can update to 2403 MR immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to 2403 MR in the next few days.