Improved UI & Developer Experience:
- Refined the width of the user detail slide-out for a cleaner layout.
- Enhanced filter controls and applied several UI polish updates across the platform.
- Corrected the “View More Details” link in check-run views for smoother navigation.
- Improved the Azure DevOps experience by fixing URLs, improving the new-scan interaction, and displaying project names accurately.
- Fixed policy bug 3rd party scanners
Platform Stability & Data Integrity:
- Prevented the creation of duplicate projects within the same company.
- Added support for new ignore rules in scan configuration to give teams more control over scan output.
- Corrected filtering behavior for dependency views to ensure accurate and intuitive results.
User Interface Enhancements:
- Relocated the user search bar to provide a more intuitive navigation experience.
- Removed an incorrect warning message that appeared for public-repository projects.
- Improved CI review comments by using a more concise and helpful summary.
- Expanded internal issue tracking with additional properties for better reporting and analytics.
- Fixed agent-related actions to ensure consistent scan execution.
- Prevented project tag updates from unintentionally overwriting existing values.
Improvements:
- Fixed error because of long file path.
Bug Fixes:
- Fixed an issue with dropdown menus not displaying correctly.
Platform Stability:
- Improved GitHub reliability by handling user error cases.
- Updated button styling for better visual consistency.
New Features:
- Added a SAML tab on the users list page for easier identity management.
- Fixed page shifting when creating new scans or interacting with menu icons.
- Improved redirection logic for admin users to ensure smoother navigation.
- Fixed an issue where policies were not displaying properly in the policies view.
New Features:
- Added support for “New Scan” on projects uploaded as ZIP files.
- Enabled “New Scan” functionality for public repository URLs.
- Improved the inbox page with search functionality and cleaner spacing.
- Updated redirection logic to send users without permissions to the inbox page.
- Suppressed unnecessary Slack webhook error messages for a cleaner log experience.
New Features:
- Vulnerability Source from OSV: Added detailed vulnerability source information powered by the OSV database, enhancing transparency and traceability in scan results.
- History View: Enhanced the history view for a clearer, more streamlined experience.
- Commenting Experience: Improved commenting interface and added AI-powered LLM explanations for better context understanding.
- Repository Dropdown: Fixed overlapping UI elements between the repository dropdown and navigation bar.
- Search Bar on Projects Page: Refined search functionality for smoother navigation and quicker access to projects.
- Case-Insensitive Branch Search: Dropsite branch search is now case-insensitive for easier usability.
- Resolved issues with project list visibility for GitHub repositories.
- Improved handling of missing Git user info to prevent failures.
- Addressed GitLab “branch not found” errors gracefully.
- General bug fixes and performance improvements.
New Features:
- Scan Audit History: Added a dedicated tab for viewing detailed scan audit history.
- Enhanced messaging and consistency across various pages.
- Displayed a proper 404 error page for invalid scan or issue links.
- Fixed inaccurate counts on the scan page for non-BLAST scans.
- Improved API handling for invalid or missing scan IDs.
- Stability fixes for integration tests and backend reliability.
Bug Fixes & Stability:
- Fixed versioning display to ensure accurate build tracking.
- General fixes and optimizations for smoother performance.
New Features & Enhancements:
- Enhanced Export Capabilities: Added support for exporting CSV reports that include false positive data for comprehensive security analysis.
- Advanced API Filtering: Introduced filtering and sorting capabilities in the API to provide more flexible data access and integration options.
- Third-Party Scanner Integration: Improved support for third-party security scanners with enhanced deep linking capabilities for seamless workflow integration.
- Checkmarx Integration: Added additional context support for Checkmarx scans to provide more detailed security insights.
- Scan List Optimization: Significantly improved page load times for the scan list to provide faster navigation and better user experience.
- Enhanced Issue Management: Fixed issues with false positive visibility controls to ensure accurate issue filtering and management.
- Improved Scan Organization: Code quality scans are now properly excluded from the main scan list for cleaner project organization.
- Enhanced Monitoring: Improved system monitoring with heartbeat functionality for better service reliability.
- Issue Status Management: Fixed issue status inheritance to ensure consistent status tracking across projects.
- Jira Integration: Resolved Jira integration issues for seamless ticket management.
- File Type Handling: Improved file type detection and processing for more accurate scan results.
- Various bug fixes and performance enhancements across the platform.
- Improved user experience based on customer feedback.
- Enhanced system stability and reliability.
New Features & Enhancements:
- Project Management: Added permissions to allow authorized users to delete projects when needed.
- CWE Filtering: Introduced an option to filter vulnerabilities by CWE category directly in project settings.
- SAML Integration: Added support for assigning default groups when users log in via SAML.
- Language Detection: The platform now automatically detects the programming language for imported scans, improving compatibility and accuracy.
- Endpoint Discovery: Enhanced the endpoint discovery engine with support for PHP and C# projects.
- Feedback System: Added the ability to provide feedback on false positives to continuously improve detection accuracy.
- Improved GitLab and Azure DevOps scheduled scan reliability.
- Enhanced GitHub app installation handling to support webhook timing edge cases.
- Ensured all project types can be deleted consistently.
- Prevented unnecessary processing of privileged users during webhook callbacks.
- Streamlined project linking using project IDs for more consistent behavior.
- Fixed minor UI issues such as button alignment and whitespace handling.
- General performance, stability, and reliability improvements across the platform.
New Features:
- Risk Management Enhancements: Added automatic expiry options for accepted risks, making it easier to manage ongoing security decisions.
- Project Settings Update: Improved project settings interface for a smoother configuration experience.
- False Positive Detection: Upgraded the false-positive detection system to use GPT-5, providing smarter and more accurate results.
- Automated QA Checks: Added issue codes for quality assurance checks and improved retry handling when checks fail.
- Improved Ignore File Support: Added support for ignore files (corgea.yaml) within project settings for more flexible configurations.
- Search Bar Enhancements: Added a “Clear” button and improved multi-select behavior in the search bar.
- CWE Filter Fix: Enhanced auto-search functionality for CWE filters to deliver more accurate filtering.
- Improved Error Messages: Cleaned up and clarified various error messages for better readability.
- Projects Page Fixes: Improved layout and stability on the Projects page for smoother navigation.
- Webhook Settings: Fixed Azure webhook link display for easier configuration.
- Scan Overview API: Fixed an issue that could cause server errors when loading scan overviews.
- Command-Line Scans: Improved handling for CLI-based scans to ensure smoother operations.
- General Bug Fixes & Improvements: Various performance and reliability enhancements across the platform.
We were shipping too fast and a lot happened.
Major Platform Updates:
- Complete UI Redesign: Overhauled the entire user interface with modern design principles and improved user experience.
- Performance Optimization: Significantly improved platform performance with faster load times and smoother interactions.
- Mobile Responsiveness: Enhanced mobile experience with responsive design improvements across all pages.
- Advanced Vulnerability Detection: Upgraded security scanning algorithms to detect more sophisticated threats.
- Real-time Security Monitoring: Added continuous security monitoring capabilities for immediate threat detection.
- Enhanced Compliance Reporting: Improved compliance reporting features with more detailed analytics and export options.
- New API Endpoints: Added 1new API endpoints for better third-party integrations.
- Webhook Enhancements: Improved webhook reliability and added support for custom payload formats.
- CI/CD Pipeline Integration: Enhanced integration with popular CI/CD platforms for seamless security scanning.
- Improved Documentation: Comprehensive updates to API documentation and developer guides.
- Better Error Handling: Enhanced error messages and debugging capabilities throughout the platform.
- Scalability Improvements: Enhanced platform scalability to handle increased user load.
- Monitoring & Alerting: New monitoring systems and alerting mechanisms for better system reliability.
2024.08.01
- New scans page to view all scans with filters
- Filtering on the reporting page
- Fix feedback redesign
- New Dropsite
- New User management views
- Admin and user token rotation
2024.07.14
- New reporting page
- Signin redesign
- Registration redesign
2024.06.28
- New issue view. View by CWE, File or all the issues.
- Diff viewer line-by-line or side-by-side
2024.06.04
- Added Additional Instructions to inform engineers of additional steps needed
- Advanced False Positive Detection
2024.04.29
- Support to fix Checkmarx SAST scan findings
- New Dropsite to upload code and vulnerability data without the Corgea CLI
2024.04.22
- Added Azure DevOps Integration
- Updated Github PR comment
- Added Projects pagination
- Corgea CLI pypi package
2024.04.15
- Improvements that increased fix coverage by 10%
2024.04.08
- New Projects view to see all projects
- Introduced Corgea Verified to show quality checks
- Improved fix quality
- White consistency improvements
- CLI improvements
- Added filter tags for Date & Issue type on the Issues table
2024.04.01
- Introduction of Single tenant support
2024.03.25
- CLI authentication checks before scan
2024.03.18
- Shortened Fix explanations to improve legibility
- Security fixes
2024.03.11
- GitHub Oauth login and registration
- GitHub App for Corgea
- Improved how to fix vulnerable code in large functions
- Updated Fix and Quality models to increase fix quality
- Added Projects to the filter criteria on the Issues list page
2024.02.16
- C# language support
- Sorting and filtering of issues
- New CLI tool
- Additional fix quality checks
- CodeQL support
2024.01.17
- Github integration for issuing fixes
- Ruby language support
- Java language support
- Go language support
2024.01.04
- Added download fix as a git diff and a full file
- Added email notification when fixes are available
- Added ability to delete issue
- Code integrity improvements