Articles in this section

DeepFactor Release Notes Follow

Avatar
DeepFactor Support
  • Updated

 

DeepFactor 1.6.3

Improvements

  • Added support to running DF instrumented application on SUSE Linux Distro.

DeepFactor 1.6.2

Improvements

  • Fixed crash in DeepFactor Portal CVE service.

DeepFactor 1.6.1

Improvements and Fixes

ZAP Scan Improvements

  • Added ZAP scan diagnostics log downloading for all scans.

Instrumentation & Insights

  • Added the ability to delete cloned/custom alert policies.
  • Added the ability to live stream telemetry from the application creation timestamp.
  • Improved DeepFactor runtime performance using local caching and reusing TLS connections. Customers must upgrade the deepfactor-runtime package and re-instrument their applications to implement this improvement.
  • Fixed DeepFactor runtime deadlock in applications with complex initialization sequence requiring multiple initialization scripts. Customers must upgrade the deepfactor-runtime package and re-instrument their applications to implement this improvement.
  • Fixed regression introduced in 1.6 release regarding CVE alert reporting for vulnerable libraries loaded by application.
  • Renamed Black/White lists to Allow/Deny lists.

Alerts Improvements

  • Improved alert details for MM6 “program forked without clearing sensitive memory regions.
  • Improved alert policy processing rules for AppSec policy Violations (PS8, LB4, LB &, LB8).
  • Added DeepFactor platform performance alert if applications have high rates of launching child processes.
  • LB4 Alert “Loading dynamic library from uncommon path” disables by default in alert policy. Users need to enable it based on their application composition.
  • Fixed reporting error in rate of library load per second.

Integrations

  • Added support for GitLab integration.
    • DeepFactor now supports complete integration of DeepFactor alerts within the GitLab dashboard.

Installation & On-boarding

  • Added beta version support for DeepFactor portal deployments in Kubernetes clusters (EKS).
    • DeepFactor portals deployed with Kubernetes supports launching ZAP scans simultaneously for Web Applications.
      • Note: This feature is currently limited to maximum capacity of the worker node running the DeepFactor backend service (WebAppSvc).
    • DeepFactor portal can be deployed in EKS clusters using Helm Charts.

UI Enhancements

  • Added application dashboard reporting across various categories.

Limitations

  • Following are limitations for DeepFactor portals deployed in EKS clusters.:
    • Portal passwords are stored in plain text in config.
    • UI will display a set of commands to be executed by Kubernetes admins to upgrade DF portal.
    • UI will display a set of commands to download ZAP scan logs for DF portals deployed in Kubernetes.
    • The beta version of DF portal deployed in Kubernetes does not support the uploading of application debug symbol.
    • DeepFactor portals deployed in Kubernetes clusters are not setup with the pre-populated vulnerability database. Hence, instrumented applications may not show vulnerabilities until the database is fully populated.

 

DeepFactor 1.6

Improvements and Fixes

ZAP Scan Improvements

  • Added support to launch ZAP scans from a portal deployed with proxy configuration.

Insights

  • Improved event push architecture to scale to billions of events from a single component instance. 

  • Improved evidence reporting to make alerts actionable. In addition, for OWASP alerts, you can now generate a curl command to replay the attack for debugging.

  • Fixed bug in CVE processing engine that resulted in false positive reporting of vulnerable OS dependencies. 

Installation & On-boarding

  • User can request a portal license upgrade from portal UI,

UI Enhancements

  • Live telemetry streaming with event summary reporting.

Limitations

  • Old CVE alerts for vulnerable OS dependency may be false positive and must be ignored. Users must use correct build filters to eliminate old potentially False Positive old alert data.
  • Portals configured with proxy do not support Custom ZAP scans.
  • Stack traces for Alpine applications are not reported by DF runtime. However, Java application stack traces will be reported.
  • The agent to collect java application stack traces needs to be configured while launching java applications. Currently dfctl does not detect java application to automatically inject java agent while launching.

 

DeepFactor 1.5.1

Improvements and Fixes

Installation and onboarding

  • DF Portal can now be deployed behind a proxy for internet access

ZAP Scan improvements

  • Fixed failure of first external ZAP scans 

Instrumentation Improvements

    • DF runtime install scripts now support installing a specific version of runtime packages that include setting up docker volumes 

Limitations

    • DF portal deployed with a proxy configuration may have limited support for running ZAP scans on applications

DeepFactor 1.5

Improvements and Fixes

  • ZAP Scan improvements
    • DeepFactor now supports specifying authentication parameters for DAST scans
    • Users can save and reload their scan configurations
    • Users can also configure a list of URIs to be included or excluded during scans. These are configurable scan parameters.
    • DeepFactor can now launch DAST scans against non-instrumented web applications
    • All of the above functions these can be exercised via APIs
  • Instrumentation Improvements
    • DeepFactor now supports launching Docker images with the DF runtime instrumentation of container images at launch time
  • Insights and Alerts
    • Improved evidence reporting in the DeepFactor alerts DF platform
    • Added APIs to report differences in alerts generated between application build versions
    • Added support for Java agents to collect application stack trace as evidence for alerts
  • Limitations
    • The agent to collect Java application stack traces needs to be configured while launching Java applications. Currently dfctl does not detect java application to automatically inject java agent while launching.

DeepFactor 1.4

Improvements and Fixes

  • ZAP Scan Improvements
    • Upgraded ZAP version from 2.9 to 2.10
    • Optimized ZAP plugin for HTTP request and response evidence collection and reporting
    • Added OWASP alert web confidence report  
    • Added WebApp scanning using Swagger (yaml or json) document 
  • Insights
    • Added reporting of CVE alerts at occurrence level
    • Added stack trace alerting for Alpine applications
    • Added DF CLI help page
  • Miscellaneous Fixes
    • Added ability to add comments to alert at each occurrence level
    • Added API to create Jira tickets at alert occurrence level
    • Added Web Scan repo in diagnostics logs
    • Added API to compare alerts difference between App versions
  • Known Limitations
    • Stack traces are currently not reported for Alpine applications

DeepFactor 1.3.1

Improvements and Fixes

  • Insights
    • Fixed Alert count mismatch in risk scenarios tile.
    • Disabled ZAP plugin to report HTTP request and response to address high memory consumption when scanning some web applications.

  • Instrumentation

    • Added Kubernetes admission webhook for DF instrumentation of applications
    • Added parsing json blob as argument to application run using dfctl run.
      dfctl run now requires absolute path of the command.

  • Integrations

    • Published Orb for integrating DF into CircleCI pipeline.  
    • Added OpenAPI document publishing on portal for downloads

      Note: DeepFactor does not publish OVAs and AMIs for patch releases. Customers can upgrade to 1.3.1 using their portal instances.


DeepFactor 1.3

The DeepFactor 1.3 release contains the following improvements and fixes. 

Improvements and Fixes

  • ZAP scan improvements
    • Reporting HTTP request and response as evidence in ZAP alerts.
    • Added ability for users to exclude URI params in scan config.
    • Added ability for users to stop running ZAP scan and collect results.
  • Insights
    • Reporting of stack traces in alerts
    • Improved alert workflow
    • Alerts and Alert policy regrouping
    • Alert acknowledgement at occurrence level.
  • Integrations
    • Okta integration for standard edition
    • Published REST APIs for third party integration
    • Published Orb for integrating DF into CircleCI pipeline.  
  • Miscellaneous fixes
    • DF_API_TOKEN has been renamed to DF_RUN_TOKEN. DF runtime will support DF_API_TOKEN for one more release before deprecating it.
    • Fixed install-dfctl.sh scripts to not upgrade all packages on the host.
    • Added support for “Scan Strength Config” while launching ZAP scans via API
    • Added ability for admins to change password for other users. This is also supported via API
    • Reporting of name of the process as evidence for alerts on loading of library that are not part of any package.
    • Added alert page summary info at top.
    • Email verification is mandated for users signing up for accounts on DF resolute server.
    • Fixed forgot password flow on resolute server.

Limitations

  • Swagger document not available as yet. This should be published soon.

DeepFactor 1.2

The DeepFactor 1.2 release contains the following improvements and fixes. 

Improvements and Fixes

  • Instrumentation
    • Added new application on-boarding flow.
    • Transitioned from build-time instrumentation to runtime instrumentation by adding support for
      dfctl run instead of dfctl create and manifest-based sealed application launch.
  • ZAP Scan Improvements
    • Improved evidence in ZAP scans.
    • Increased handling of HTTP response by 3XX.
    • Enhanced reporting scan progress.
    • Added active scan policy support.
    • Added more evidence for SQL injection alerts.
  • Insights
    • Added stack trace alert reporting.
    • Fixed reporting CVEs for Alpine applications.
  • Installation and On-boarding
    • Users can now change data TTL from admin settings.
    • Added one-command installation of dfctl.
    • portalctl now supports restart verb to restart portal services.
  • Integrations
    • Improved Slack Notifications.
    • Added API support for third-party integrations (Work in Progress).
  • General Fixes
    • Fixed error in reporting CVEs for some Ubuntu versions.
    • Fixed ZAP Scan proxy fills out disk.

Limitations

  • Stack trace for Alpine applications are not reported.
  • DeepFactor instrumented Chrome application running NodeJS has undefined behavior.
  • Jenkins plugin needs upgrade after changes in supported API.
  • Launching of DF instrumented postgres service on CentOS 7 fails.
  • MongoDB on CentOS7 VM does not send telemetry to the backend.
  • DeepFactor instrumented service telemetry reported in default runtime environment.
  • DeepFactor supports registering only one component per container image (more then one component executing inside one container image is not allowed).

DeepFactor 1.1

The DeepFactor 1.1 release contains the following new features and improvements. The build version is 1.1-482.

New Features

  • Added User Flow in the portal UI replacing Invite User to improve the user onboarding workflow.
  • Added alert reporting by sub-category.
  • Added support to revoke tokens using portalctl.
  • Added ZAP Scan performance improvements for web servers that do not set content-length or transfer encoding. (Requests that depended on connection close to terminate content previously took 60 seconds to time out.)
  • Added more evidence for ZAP Scan Alerts.
  • Added Jenkins CI Plugin for Deepfactor container build instrumentation.

Improvements and Fixes

  • Fixed issues with Dependency Check for applications using JAVA as well as NodeJS components.
  • Fixed issues in telemetry reporting for DF instrumented Redis service on CentOS7 platform.
  • Fixed issues in telemetry reporting for DF instrumented Httpd service on CentOS7 platform.
  • Fixed user token expiration issue.

Limitations

  • Launching the Deepfactor instrumented postgres service on CentOS 7 fails with the following error:
Jun 09 08:22:49 localhost.localdomain postgresql-check-db-dir[22892] : sh: rpm: command not found
Jun 09 08:22:49 localhost.localdomain pg_ctl[22907]: sh: rpm: command not found
    • WebApp Scan may launch against old/dead instances.
    • Application instrumented using dfctl create, when launched, extracts an instance of libdf under /tmp. This may cause file system to fill up over a period of time.
    • DeepFactor Instrumented HAProxy Service may experience crashes.
    • DeepFactor supports registering only one component per container image. (The service cannot have more then one component executing inside one container image.)
    • DeepFactor instrumented service telemetry gets reported in default runtime environment.
    • MongoDB on CentOS7 VM does not send telemetry to the backend.

Related articles

Comments

0 comments

Article is closed for comments.