Release Notes

New Horusec-Admin resource in the v1.0 version and starting the implementation for 2.0 version. It was created to simplify the web application installation, now you only have to run a command.

The Account microsservice was renamed to Core. Now we have new operations like workspace management, repositories, permissions and tokens.

Accessibility resources implementation: fontsize, color contrast and improvements on keyboard and screen reader browsing.

A more detailed dashboard, now it shows information like the amount of severities and what types were found.

Pages navigation improvement, now you can view detailed vulnerabilities in an analytical way.

New Analytic service version.

New Account service version, the name was updated to Core.

New vulnerabilities management service.

New data management service.

A new service was created specifically for vulnerabilities management that allows you to update and filter the vulnerabilities found in your application.

Supports a new language: Swift.

Add new tool Owasp Dependency Check for languages: Python, Ruby, Javascript/Typescript, Java, C#.

Add new tool dotnet-cli for C#.

Shellcheck is not enabled by default. To enable it, use the -j flag.

Add Nancy dependency check for Golang.

Feature/output txt.

Add new tool Trivy.

New Horusec-Engine > Javascript rules.

Add new tool Checkov as HCL analyzer.

Data download of the dashboard in: PDF, XLS, XML, CSV, PNG, JSON.

Add accessibility in Horusec-manager.

Add new analysis tools in Horusec-api: dependency check and dotnet-cli.

Add Nancy support in the analysis API.

Permissions on the new Manager navigation.

Repositories' count in the workspace.

New Manager screens: ‘Home’ and ‘User’.

Create automatic Continuous Deployment for release and deploy new images on DockerHub.

Corrections on the bug that broke our vulnerabilities hashes, also breaking the pipelines already configured with false-positive and risk accepted.

To make sure we solved the problem:

• On CLI’s v2.6.3 release, we corrected the issue, so both hashes are identified and accepted.
• On Horusec’s platform, we implemented a correction so the hashes could return to default before the bug. It will be available in the 2.17.3 version.

Code base restructure.

Analysis correction in the Git history ignoring files inside the git folder.

Corrections to run tests with data-races.

Fix error: CLI was trying to pull the images even with the disable Docker flag activated.

Fix error in the shellcheck output parse.

Remove unnecessary paths Horusec ignored.

Remove duplicated vulnerabilities from yarn audit.

Fix error to remove Horusec CLI container on Windows.

Fix error on Horusec-Manager path manipulation.

Fix wrong values in Helm Charts.

Fix some text when export in multiples languages.

Fix URI on Helm Charts' schema.

Fix URLs in Helm Charts.

Fix repositories created with workspace token that didn’t inherit permissions.

Fix the LDAP authentication, in some cases the repositories were duplicated.

Fix error in the ‘Get’ repository and in the workspace when there is LDAP authentication.

Fix LDAP error message and verified other messages.

Fix the ‘Get’ repository created with workspace token.

Fix repositories created with the workspace’s token that didn’t inherit permissions.

Fix specific cases in the LDAP authentication, some repositories were duplicated.

Fix readme gifs.

Fix the automation of the release processes.

Fix the admin application.

Included a new route for data return;

Data was changed to support the return of information like vulnerabilities’ severity and what kind you are able to find, such as: vulnerability, accepted risk, false positive and adjusted.

A new database was included to perform an application test.

Now you have control over the user section and the system configuration is centered on it.

Message Broker is now required to use Horusec Web Application. You can also configure the SMTP (Simple mail transfer protocol) use in the platform.

NGINX file support.

Update Gitleaks on the analysis tool to the latest version available.

Add CWE links in all descriptions of Swift rules.

Migration service was changed to be more dynamic, it will allow Horusec to run a folder with all migrations from a specific database.

Horusec’s VScode plugin version update. Check out more on Github’s project.

Update Horusec CLI container to v2.

Project’s migration to the Horusec Platform: https://github.com/ZupIT/horusec-platform

New resource to manage the registered webhooks in your application.

Improvement of the tools that use Horusec-Engine.

Add CWE links in all descriptions of Swift rules.

Build binaries for platforms and draft a GitHub release.

Move tfsec formatter to match the architecture standards.

Tests: refactor end-to-end tests.

Tests: fix vulnerabilities on Javascript.

Remove unused constants.

Normalize interfaces to follow Go standards.

Support for Horusec-CLI’s lastest available version.

Improvement on Horusec-Manager’s responsiveness.

Add new ‘not configured’ values.

Update migrations to save to database table and check if the script has already been run.

Standardize environment variables' names in Horusec-Manager.

Improve all Horusec-Manager tables.

Change to use the enums from devkit to setup use cases of min. and max. length.

Improvement when updating a vulnerability.

Update how to invite users in a workspace or repository.

Improve the invitation user flow.

Install with Operator.

Install with Horusec-Admin.