Release news for hosted customers

The Release News is published every month for hosted customers.

Contrast for hosted customers was released on August 13, 2024.

Improved the workflow of Agent wizards (accessed from Add New) to simplify the task of adding applications to Contrast. (PROD-2812)
Added a link to the Agent Configuration Editor to Agent wizards. (PROD-2773)
PREVIEW: New Attack events page that makes it easier to view and manage attack event data. (PROD-2300).
For access to this feature, contact your Contrast representative.
NEW: Added the ability to query audit log events using the new Audit API. (PROD-2887)
The new API allows you to query the audit log for SAST, Assess, and role-based access control (RBAC) events. The new events for SAST (Contrast Scan) and RBAC include:
- SAST
  - Creating/Deleting projects
  - Running scans
  - Changing vulnerability status
- RBAC:
  - Creating/Updating/Deleting users
  - Creating/Updating/Deleting resource groups
  - Creating/Updating/Deleting roles: Includes updates to built-in roles.
  - Creating/Updating/Deleting user access groups
PREVIEW: Report dashboard that shows aggregated data for open and closed vulnerabilities, trends for meantime to remediate vulnerabilities, and more. To access the dashboard, go to user menu > Report Dashboard. (PROD-3097)
Role-based access control (preview): Added guidance to help you select resource groups that match your selected actions when you add custom roles. (PROD-2878)
Contrast notifies you if your selected actions and resources don't match.

Contrast for hosted customers was released on July 16, 2024.

New! Contrast security observability: This new feature models an application’s security architecture and behavior at runtime. Use this information to better understand the underlying behavior of your applications for threat modeling, pen test support, and contextual information around vulnerabilities and attacks.
Currently, this feature supports Java applications only.
New! Generate a SARIF file with Assess and SCA findings
A new sarif CLI command lets you create a SARIF file that includes findings from Assess and SCA for a specific application. (PROD-2809)
Batch edit of Scan vulnerability status: You can now change the status for multiple Scan vulnerabilities at the same time. (PROD-2760)
Filter by last Contrast Scan: You can now create filters to view scans based on a specified time frame. (PROD-3045)

Contrast for hosted customers was released on June 14, 2024.

Protect for PHP. The PHP agent now supports Protect rules and features including Command Injection, SQL Injection, Path Traversal, Reflected XSS, Bot Blocking, IP Blocking, and Sensitive Data Masking. (PROD-1636)
Vulnerability tab enhancements. Added a column on the vulnerabilities tab under Scan projects that displays the specific language the vulnerability belongs to. You can also filter the results by language for the column. (PROD-2796, PROD-2798)
CSV report enhancements. CSV report can now be generated to include only specific criteria based on filter selections. (PROD-2933)
Authentication. It is strongly recommended to enable multi-factor authentication if single sign-on is not enabled for the organization. (PROD-1881)
Maven wrapper. Added CLI support for Maven wrapper. (PROD-3021)
Improved endpoint performance. Improved the performance of the /Contrast/api/ng/?/libraries/filter endpoint. (SCA-1671)

Contrast for hosted customers was released on May 14, 2024.

Compatibility Check. Contrast is now able to check if routing frameworks are supported after agent instrumentation. The Contrast dashboard will display details about which frameworks it finds during route discovery. Currently, the latest versions of the Java and .NET agents support this feature. (PROD-2447)
Java Agent. Added gRPC support for Java. (PROD-2546)
Java Agent. Added support for Glassfish/Payara 5 and 6 for Java. (PROD-2792)
.NET Agent. Added gRPC support for DOTNET. (PROD-2289)

In this section:

Search results