|
5 | 5 |
|
6 | 6 | # Codescoring On-premise Changelog |
7 | 7 |
|
| 8 | +### 2026.11.0 – 2026-03-13 |
| 9 | + |
| 10 | +#### Added |
| 11 | + |
| 12 | +- Added a dedicated alert page |
| 13 | +- Added Kaiten as a task manager integration |
| 14 | +- <span class="module-tag sca">SCA</span> Added EPSS data and related security policies to the vulnerability page |
| 15 | +- <span class="module-tag sca">SCA</span> Added CVSSv4 scores and related security policies to the vulnerability page |
| 16 | +- <span class="module-tag sca">SCA</span> Added the SSVCv2.0.3 score and related security policies to the vulnerability page |
| 17 | +- <span class="module-tag sca">SCA</span> Added protestware categories and related security policies to the vulnerability page |
| 18 | +- <span class="module-tag sca">SCA</span> Added publication, revocation, and update dates for vulnerabilities in a specific feed |
| 19 | +- <span class="module-tag sca">SCA</span> Added the ability to copy vulnerability identifiers on the vulnerability page |
| 20 | +- <span class="module-tag sca">SCA</span> Added a tooltip for the top description block on the vulnerability page |
| 21 | +- <span class="module-tag sca">SCA</span> Added a tooltip for the "Scan with hashes" field to the project settings |
| 22 | +- <span class="module-tag sca">SCA</span> Added the "Ignore note" field to the policy ignores table in the PDF report |
| 23 | +- <span class="module-tag sca">SCA</span> Added the "Note" column to the CSV export on the alerts page |
| 24 | +- <span class="module-tag sca">SCA</span> Added sorting by the "Found at" column in "Affected dependencies" on the vulnerability page |
| 25 | +- <span class="module-tag sca">SCA</span> Added display of the number of successful SCA analyses in a project group |
| 26 | +- <span class="module-tag sca">SCA</span> Added highlighting of the "VCS" and "Licenses" fields on the project dependency settings page when changed manually |
| 27 | +- <span class="module-tag sca">SCA</span> Added an image hash filter on the CLI project scan history page |
| 28 | +- <span class="module-tag sca">SCA</span> Added a licenses column on the dependency page |
| 29 | +- <span class="module-tag sca">SCA</span> Linked the "Environment" and "Technology" filters on the Dependencies page |
| 30 | +- <span class="module-tag sca">SCA</span> Added the "Blocking status" field for alerts in PDF and CSV reports |
| 31 | +- <span class="module-tag sca">SCA</span> Added a column with a link to the alert page in the alerts table on the SCA project page |
| 32 | +- <span class="module-tag osa">OSA</span> Linked the "Repository" and "Repository manager" filters on the requests and packages pages |
| 33 | +- <span class="module-tag osa">OSA</span> Added an "Available" filter to the "Repository managers" page |
| 34 | +- <span class="module-tag osa">OSA</span> Added a CodeScoring user filter on the OSA requests page |
| 35 | +- <span class="module-tag osa">OSA</span> Added a field to configure the timeout for checking image availability in the registry before analysis |
| 36 | +- <span class="module-tag osa">OSA</span> Added the last scan date to the container page |
| 37 | +- <span class="module-tag osa">OSA</span> Added logging of successful completion and container image load statistics in the audit log |
| 38 | +- <span class="module-tag osa">OSA</span> Added marking an image as “Outdated” when a scan fails due to a missing image and cleanup of outdated images in `periodic_cleanup_osa_components` |
| 39 | +- <span class="module-tag osa">OSA</span> Added the `USE_JSON_LOG_FORMAT` environment variable in the OSA API that controls log format (default `true`) |
| 40 | +- <span class="api-tag">API</span> Added the `projects_isnull` filter to `/api/policies/`, `/api/policy_alerts_v2/`, `/api/settings/policy_ignores/` |
| 41 | +- License and vulnerability update runs from the Index API now create an audit log entry |
| 42 | + |
| 43 | +#### Changed |
| 44 | + |
| 45 | +- <span class="module-tag secrets">Secrets</span> Updated the model for assessing secret validity |
| 46 | +- <span class="module-tag secrets">Secrets</span> Changed the fine-tuning sampling methodology |
| 47 | +- <span class="module-tag osa">OSA</span> Changed container image loading logic to use explicitly specified media types |
| 48 | +- <span class="module-tag sca">SCA</span> Renamed a field in PDF report filters |
| 49 | +- <span class="module-tag sca">SCA</span> Changed the numbering field to the alert identifier in the "Policy Ignores" table of the PDF report |
| 50 | +- <span class="module-tag sca">SCA</span> Changed CVSS scores, metrics, and severity display: data now comes from the source with the highest score for each CVSS version |
| 51 | +- <span class="module-tag sca">SCA</span> Changed publication/revocation/update date display on the vulnerability page: shows the earliest publication and revocation dates and the latest update date across sources. Policies with conditions on these properties will be updated on the next project, image, or package scan |
| 52 | +- <span class="module-tag sca">SCA</span> Changed the provider priority for vulnerability metadata: CVE.ORG, GHSA, Kaspersky, BDU, then others in alphabetical order |
| 53 | +- <span class="module-tag sca">SCA</span> Changed the color for the "critical" CVSS severity level |
| 54 | +- <span class="module-tag sca">SCA</span> Updated the "Impact" field text on the vulnerability page for the Kaspersky feed |
| 55 | +- <span class="module-tag sca">SCA</span> Improved criticality display on the vulnerability page |
| 56 | +- <span class="module-tag sca">SCA</span> <span class="module-tag osa">OSA</span> Simplified SBOM parameter editing for SCA projects and container images: settings open in edit mode by default and can be saved with a single action |
| 57 | +- <span class="api-tag">API</span> Changed the `impacts` field format for vulnerabilities in the relevant API methods to `pk-name` |
| 58 | +- Changed the release-date policy logic: only the date (no time) is now considered, and time is no longer shown in the UI |
| 59 | +- Updated base images for backend / tasks-*, judge, index-proxy, osa, and frontend (Alpine 3.23.3, nginx 1.29.5) |
| 60 | +- Removed default scopes when configuring OIDC |
| 61 | + |
| 62 | +#### Fixed |
| 63 | + |
| 64 | +- <span class="module-tag osa">OSA</span> Fixed scanning images with missing alerts |
| 65 | +- <span class="module-tag osa">OSA</span> Optimized security policies processing for requests with more than 100 packages |
| 66 | +- <span class="module-tag osa">OSA</span> Optimized OSA API: standardized access checks and request context handling, improved token and key caching |
| 67 | +- <span class="module-tag osa">OSA</span> Fixed desynchronization between the policy service and OSA when checking dependency policies |
| 68 | +- <span class="module-tag sca">SCA</span> Fixed dependency graph scaling |
| 69 | +- <span class="module-tag sca">SCA</span> Fixed saving vulnerability reachability results for existing projects |
| 70 | +- <span class="module-tag sca">SCA</span> Fixed vulnerability source names in SBOM export |
| 71 | +- <span class="module-tag sca">SCA</span> Fixed duplicate rows in the "Affected images" table on the vulnerability page |
| 72 | +- <span class="module-tag sca">SCA</span> Fixed counting vulnerabilities with missing CVSS3 severity on SCA project and project group pages |
| 73 | +- <span class="module-tag sca">SCA</span> Fixed dependency, vulnerability, and alert counts in project groups when no SCA analysis has been performed |
| 74 | +- <span class="module-tag sca">SCA</span> Fixed the missing `"language"` property for dependencies in SBOM export formats `1.6_ext` or `1.7_ext` |
| 75 | +- <span class="module-tag sca">SCA</span> Fixed OSS Index integration in SCA |
| 76 | +- <span class="module-tag sca">SCA</span> Fixed updating the "fixed version" field for vulnerabilities where the latest fixed version was revoked |
| 77 | +- <span class="module-tag sca">SCA</span> Fixed vulnerability counts for dependencies in SCA scan history |
| 78 | +- <span class="module-tag sca">SCA</span> Optimized dependency page loading |
| 79 | +- <span class="module-tag tqi">TQI</span> Fixed author count errors in audit reports when repositories returned 404 |
| 80 | +- <span class="module-tag tqi">TQI</span> Optimized author comparison algorithm and reduced false negatives |
| 81 | +- <span class="module-tag secrets">Secrets</span> Fixed a secrets serialization bug when analyzing a project connected via the "Other Git VCS" integration |
| 82 | +- <span class="module-tag sca">SCA</span> Fixed SBOM export filters behavior that caused the file to be exported in full regardless of selected content |
| 83 | +- <span class="module-tag osa">OSA</span> Fixed image scanning via OSA API when the specified repository manager had not been created |
| 84 | +- <span class="module-tag osa">OSA</span> Fixed duplicate image tags appearing when loading images from the registry |
| 85 | +- <span class="api-tag">API</span> Fixed the `/api/commits` schema: the `author.id` field is now `nullable` |
| 86 | +- Fixed report file downloads getting stuck in the "In progress" status when a save request fails |
| 87 | +- Fixed group rule creation being blocked when LDAP is unavailable |
| 88 | +- Fixed incomplete audit logging for policy actions |
| 89 | +- Removed usage of the `public` schema in migrations, which caused errors when migrating to PostgreSQL 15+ with a non-`public` schema |
| 90 | + |
| 91 | +#### Removed |
| 92 | + |
| 93 | +- <span class="module-tag secrets">Secrets</span> Deleting a project now removes the secrets found in it |
| 94 | + |
8 | 95 | ### [2026.3.3] - 2026-03-12 |
9 | 96 |
|
10 | 97 | #### Added |
|
0 commit comments