25 Aug
August 25, 2020

Xanitizer 5.1 Release with Vue.js Support

Xanitizer 5.1 enhances the security analysis of JavaScript projects by supporting the Vue.js framework and by detecting new problem types in JavaScript.

In addition to other improvements, the results of a security analysis can now be exported in the SARIF format to integrate the results into further common third-party tools.

01 Jul
July 01, 2020

Xanitizer Now Supports JavaScript, TypeScript and Angular

With version 5.0, Xanitizer supports JavaScript, TypeScript and Angular. You are now able to analyze your whole Java full stack projects together with backend code implemented for Node.js.

Xanitizer performs a complete data flow analysis on the JavaScript code. This dramatically reduces the number of false alarms which would otherwise occur for an untyped language like JavaScript. Here you can read in detail how the analysis is done by Xanitizer.

01 Jul
July 01, 2020

Xanitizer 5.0 Scores 100% in the OWASP Benchmark Test Suite for Security Analysis Tools

The OWASP Benchmark Project is an open-source test suite designed to evaluate the accuracy and coverage of automated security analysis tools like Xanitizer. It comprises about 2700 test case/weakness pairs, and for each of these pairs, it is specified if a security vulnerability for that weakness should be found in the test case or not. Thus, it can not only be used to measure what percentage of the problems are detected by a security analysis tool ("True Positive Rate"), but also how many false alarms are generated ("False Positive Rate").

The OWASP Benchmark project comes with precomputed results for a number of commercial and non-commercial security analysis tools. For the new 5.0 release we further improve the already excellent accuracy of Xanitizer. Xanitizer now scores 100% in the OWASP Benchmark test suite. This means that Xanitizer 5.0 detects 100% of the vulnerabilities with 0% false alarms. The reported average of the quality values for other commercial security analysis tools is only 26% (see here for more details).
Read more about how Xanitizer scores 100% in the OWASP Benchmark test suite.

28 Feb
February 28, 2020

Xanitizer 4.4 Release

If several of your security consultants analyze different parts of a software and you want to merge their results into one common report, or if you want to merge their comments for security findings on a feature branch into the Xanitizer time line of the master branch, you should switch to the new Xanitizer 4.4 major release, which is available now. The new merge feature can also be easily integrated into your merge process by using our integrations into the different build systems.

25 Nov
November 25, 2019

Xanitizer Support for Alpine Linux

Alpine Linux is a security-oriented, lightweight Linux distribution. It is more resource efficient and smaller than traditional GNU/Linux distributions. Therefore a standard Java VM does not work with Alpine Linux. A Xanitizer for Alpine Linux is released with the new maintenance version 4.3.3.

11 Nov
November 11, 2019

Jenkins Plugin Available

A Xanitizer security analysis can now be configured directly in the open source automation server Jenkins via the Xanitizer Jenkins plugin. Further information on how to setup Jenkins for a Xanitizer security analysis can be found here. Please note, that the new Xanitizer maintenance release 4.3.2 is required.

16 Oct
October 16, 2019

Xanitizer 4.3.1 Release

The data directory of a Xanitizer project can now be configured. This way it is possible to share the results of an analysis with multiple users.

04 Sep
September 04, 2019

Xanitizer 4.3.0 Release

Xanitizer 4.3 is available now. It supports floating licenses for increased flexibility, especially in virtual machines and containers. In addition to many other changes security findings can now be exported to Jira and new visualizations help you to find the most efficient location for your security fixes.