SCAFinding Improvements

What's Changed

• ScaFinding fixed_in improvements by @fpintoppb in #192

Full Changelog: v2.0.1...v2.0.2

v2.0.0

Changelog (v2.0.0 - 13.06.2024)

The Software Composition Analysis (SCA) tool is designed to help developers and organizations manage their open-source dependencies, ensuring they are up-to-date and free of vulnerabilities. The tool synchronizes Software Bill of Materials (SBOMs) from our sbom-repo (https://github.com/surface-security/django-sbomrepo), processes dependencies and their vulnerabilities fetched from OSV.dev database, groups them by project, and offers features to suppress or automatically remediate vulnerabilities using Renovate (https://github.com/renovatebot/renovate).

Added

• GitSource Model: New model to track code sources
• SCA (Software Composition Analysis) app
• Application Model Admin: New admin view to manage applications.

Features

• SBOM Synchronization: Automatically syncs Software Bill of Materials (SBOMs) to keep track of all dependencies in your projects.
• Dependency Processing: Identifies and processes all dependencies and their associated vulnerabilities.
• Project Grouping: Organizes dependencies and vulnerabilities by project for better visibility and management.
• Vulnerability Management: Offers options to suppress or automatically remediate vulnerabilities using Renovate.

v1.1.1

Changelog (v1.1.1 - 02.05.2023)

Fixed

• dns_ips Nameserver migration will break if users have data in the database due to poor iteration. This patch ensures the migration actually works and that the columns are correct after the migration. It is advised for users with data to unapply this migration (if you applied it already), back-up your data, run the migration and ensure it passes. Users without data should still unapply and apply again this one, even though it passed the first time so the correct columns and types in the database are applied.

[dev] Added

• Test to all search and filters.

Changed

• Few dependency upgrades

v.1.1.0

Changelog (v1.1.0 - 17.04.2023)

Added

• Adds django-apitokens as installed app to Surface, allowing users to generate djangorestframework compatible tokens.
• Adds django-impersonator as installed app to Surface, allowing superusers to impersonate other normal users.
• Adds Finding model to Surface inventory, to help Security teams bootstrap their vulnerability management program in Surface.
• Adds pre-commit to improve developer experience and standardise things
• Adds end-to-end integration tests to increase coverage and facilitate writing regression tests.
• Adds developer scripts to bootstrap trivial tasks like creating database containers, reset databases and so on.
• Adds test to ensure all admin search fields settings work.

Changed

• Multiple dependencies upgrades, from developer, to test and to main dependencies.

Full Changelog: v1.0.0...v1.1.0

v1.0.0

This marks the beginning of Surface-Security as an open source software project.

Surface Security is an asset inventory and automation platform developed by security engineers to other security engineers.

This release does not bring any backward incompatibility for anyone. It's just a shift to semantic versioning, improved pipelines and workflows and other tweaks. Therefore, this release does not have any release notes to follow up.