Welcome to Lucent Sky AVM version 2409 MR, the first release of the 11th version of Lucent Sky AVM. In this release, we focus on making automatic remediation more accessible. New features such as explanations for vulnerabilities and Instant Fixes help all stakeholders efficiently remediate vulnerabilities, while the general availability of a cross-platform CLI and plugin for IntelliJ IDEA enable more developers to use Lucent Sky AVM in a familiar environment. Additionally, version 2409 brings support for Lua and Rust applications, macOS and Linux binary files, and infrastructure-as-code configurations. To learn more about this release, visit Lucent Sky AVM version 2409 release notes.

Let’s take a look at the prominent new features, enhancements, and important changes in version 2409.

Explanations for vulnerabilities and remediation

Instant Fixes help developers efficiently and reliably remediate vulnerabilities in source code. For those who want to learn more about the vulnerabilities and how Instant Fixes remediate them, the ML-augmented remediation engine can use language models to generate explanations about how a vulnerability might be exploited and why the remediation can prevent the vulnerabilities from being exploited. Explanations are generated from contextual information about the vulnerability and its remediation using foundation language models trained on millions of vulnerabilities identified and remediated by Lucent Sky AVM. For example, an explanation about a SQL injection in a Java application might include how an attacker could exploit the vulnerability by crafting malicious user inputs that are later used to construct a SQL query, and how the Instant Fix remediates the vulnerability by passing the user inputs as parameters along with the query.

As part of ML-augmented remediation, explanation generation works on both cloud and on-premise Lucent Sky AVM instances and does not require Internet access. Lucent Sky does not use customer content, including source code and scan results, to train algorithms or models or otherwise improve Lucent Sky services.

Cross-platform CLI and IDE plugins

Also referred to as CLI Core, the new cross-platform CLI is built with .NET 8 and works natively on Windows, Linux, and macOS. For the past year, a group of Lucent Sky customers have been testing and using CLI Core in their production environments as part of the Lucent Sky AVM Preview Program. With version 2409, CLI Core is now generally available. It has feature parity and shares the same syntax with the CLI built with .NET Framework, and can be used as a direct replacement.

Cross-platform enhancements have also been made to IDE plugins. With the help of the cross-platform CLI, both Lucent Sky AVM for Eclipse IDE and the newly released Lucent Sky AVM for IntelliJ IDEA will work natively on Windows, Linux, and macOS.

Revised remediation confidence

To provide a more unified developer experience across different categories of remediation generated by Lucent Sky AVM, the names of the remediation categories and their confidence levels have been revised:

• Instant Fix remains the name of remediation that is production-ready and can be applied directly to code. The remediation confidence can be high or low.
• Guided Fix is the new name for contextual suggestion, remediation generated from the vulnerable source code, but requires developer review before it can be applied to code. The remediation confidence is always guided.
• Guided Update is the new name for update guidance, remediation enabling developers to update vulnerable dependencies to a secure version in a single step. The remediation confidence is always guided.
• Suggestion is reserved for generic recommendations that are based on the application’s technology stack. The remediation confidence is always none.

Binary analysis enhancements

The new binary analysis process introduced in version 2403 allows us to further enhance Lucent Sky AVM’s binary analysis capabilities. In version 2409, the most notable enhancement is support for C and C++ binaries in the ELF and Mach-O formats, commonly used by binaries designed to run on Linux and macOS, respectively. Other enhancements include improved opportunistic analysis for multi-module projects and better compatibility for binary files without source code mappings.

Backward compatibility

The XML report schema has been updated to allow better compatibility with vulnerability management systems and faster performance when accessed programmatically. The schema change might be breaking for customers who parse the XML reports programmatically, depending on the exact implementation.

In an effort to make Lucent Sky AVM IDE plugins cross-platform, all IDE plugins, including Lucent Sky AVM for Visual Studio, require the new cross-platform CLI to be installed.

To learn more about these changes and how they might impact your Lucent Sky AVM instances, visit Lucent Sky AVM version 2409 release notes on Lucent Sky Docs.

Updating to 2409 MR

For customers with managed Lucent Sky AVM instances and customers of Lucent Sky AVM On-Demand, your servers will be updated to 2409 MR in the next few days, unless they are affected by backward compatibility issues or an opt-out is in effect.

For customers with on-premise Lucent Sky AVM instances, you can update to 2409 MR immediately. Our support team will reach out to you shortly to schedule the update.