Xanitizer 5.1 Release with Vue.js Support
In addition to other improvements, the results of a security analysis can now be exported in the SARIF format to integrate the results into further common third-party tools.
Xanitizer 5.0 Scores 100% in the OWASP Benchmark Test Suite for Security Analysis Tools
The OWASP Benchmark Project is an open-source test suite designed to evaluate the accuracy and coverage of automated security analysis tools like Xanitizer. It comprises about 2700 test case/weakness pairs, and for each of these pairs, it is specified if a security vulnerability for that weakness should be found in the test case or not. Thus, it can not only be used to measure what percentage of the problems are detected by a security analysis tool ("True Positive Rate"), but also how many false alarms are generated ("False Positive Rate").
The OWASP Benchmark project comes with precomputed results for a number of commercial and non-commercial security analysis tools. For the new 5.0 release we further improve the already excellent accuracy of Xanitizer. Xanitizer now scores 100% in the OWASP Benchmark test suite. This means that Xanitizer 5.0 detects 100% of the vulnerabilities with 0% false alarms. The reported average of the quality values for other commercial security analysis tools is only 26% (see here for more details).
Read more about how Xanitizer scores 100% in the OWASP Benchmark test suite.
Xanitizer 4.4 Release
If several of your security consultants analyze different parts of a software and you want to merge their results into one common report, or if you want to merge their comments for security findings on a feature branch into the Xanitizer time line of the master branch, you should switch to the new Xanitizer 4.4 major release, which is available now. The new merge feature can also be easily integrated into your merge process by using our integrations into the different build systems.
Xanitizer Support for Alpine Linux
Alpine Linux is a security-oriented, lightweight Linux distribution. It is more resource efficient and smaller than traditional GNU/Linux distributions. Therefore a standard Java VM does not work with Alpine Linux. A Xanitizer for Alpine Linux is released with the new maintenance version 4.3.3.
Jenkins Plugin Available
A Xanitizer security analysis can now be configured directly in the open source automation server Jenkins via the Xanitizer Jenkins plugin. Further information on how to setup Jenkins for a Xanitizer security analysis can be found here. Please note, that the new Xanitizer maintenance release 4.3.2 is required.
Xanitizer 4.3.1 Release
The data directory of a Xanitizer project can now be configured. This way it is possible to share the results of an analysis with multiple users.
Xanitizer 4.3.0 Release
Xanitizer 4.3 is available now. It supports floating licenses for increased flexibility, especially in virtual machines and containers. In addition to many other changes security findings can now be exported to Jira and new visualizations help you to find the most efficient location for your security fixes.