Xanitizer GitHub Action
We are very proud to announce our new Xanitizer GitHub Action, which integrates with GitHub code scanning. Code scanning is a native feature available within GitHub Advanced Security that enables developers to prevent security issues in code, before they reach production. This complete and automated approach enables increased developer productivity, reduced risk and improved time-to-market.
With the new Xanitizer GitHub Action you can run your Xanitizer analysis right on your repository
within the GitHub infrastructure and see the results in GitHub’s new Security tab. You can address security risks earlier, automate vulnerability fixes, and enforce policies as code to ship secure applications.
This year, Europe’s leading congress and expo for IT security is going digital. The new digital IT security platform it-sa 365 starts October 6.
Get in touch with us digitally for the whole year at the it-sa 365. Please note that you have to be logged in to contact us directly via the it-sa 365 website.
RIGS IT is gold sponsor of the heise devSec 2020 from October 21 to 22.
Talk with us digitally about the newest features of Xanitizer and how it can automatically detect vulnerabilities in your code.
Xanitizer 5.1 Release with Vue.js Support
In addition to other improvements, the results of a security analysis can now be exported in the SARIF format to integrate the results into further common third-party tools.
Xanitizer 5.0 Scores 100% in the OWASP Benchmark Test Suite for Security Analysis Tools
The OWASP Benchmark Project is an open-source test suite designed to evaluate the accuracy and coverage of automated security analysis tools like Xanitizer. It comprises about 2700 test case/weakness pairs, and for each of these pairs, it is specified if a security vulnerability for that weakness should be found in the test case or not. Thus, it can not only be used to measure what percentage of the problems are detected by a security analysis tool ("True Positive Rate"), but also how many false alarms are generated ("False Positive Rate").
The OWASP Benchmark project comes with precomputed results for a number of commercial and non-commercial security analysis tools. For the new 5.0 release we further improve the already excellent accuracy of Xanitizer. Xanitizer now scores 100% in the OWASP Benchmark test suite. This means that Xanitizer 5.0 detects 100% of the vulnerabilities with 0% false alarms. The reported average of the quality values for other commercial security analysis tools is only 26% (see here for more details).
Read more about how Xanitizer scores 100% in the OWASP Benchmark test suite.
Xanitizer 4.4 Release
If several of your security consultants analyze different parts of a software and you want to merge their results into one common report, or if you want to merge their comments for security findings on a feature branch into the Xanitizer time line of the master branch, you should switch to the new Xanitizer 4.4 major release, which is available now. The new merge feature can also be easily integrated into your merge process by using our integrations into the different build systems.
Xanitizer Support for Alpine Linux
Alpine Linux is a security-oriented, lightweight Linux distribution. It is more resource efficient and smaller than traditional GNU/Linux distributions. Therefore a standard Java VM does not work with Alpine Linux. A Xanitizer for Alpine Linux is released with the new maintenance version 4.3.3.
Jenkins Plugin Available
A Xanitizer security analysis can now be configured directly in the open source automation server Jenkins via the Xanitizer Jenkins plugin. Further information on how to setup Jenkins for a Xanitizer security analysis can be found here. Please note, that the new Xanitizer maintenance release 4.3.2 is required.