7 posts tagged with "2025"

Documentation release for the Spectra Assure CLI 2.6.2 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.4.1 Portal version.

CLI​

• Added a new status sub-command to rl-secure vault that checks if the password vault has been initialized for the specified package store

• Added Palantir JWT to the list of supported secrets under the find command

• Updated the rl-deploy version, release date, links, and hashes to v2.3.0

Other​

• Added new behaviors to the reference docs: BH13765, BH13766, BH13767, BH13768, BH13769, BH13770, BH13771, BH13772, BH13773, BH13774, BH13775, BH13776, BH13777

• Removed the incorrect reference to rl-cve from the rl-uri report schema frontmatter

• Fixed a broken link in the Suppress secrets policy configuration guide

• Fixed tags in the report example on the rl-uri report schema page

• Removed the duplicate listing of differential analysis policies on the Policies > Threat hunting page

• Transformed SAFE and Integrations categories into dropdowns. All important pages in these categories can now always be accessed from any part of the docs

• Fixed the CBOM glossary entry to mention that it's included only in the CycloneDX report format

Documentation release for the Spectra Assure CLI 2.6.1 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.3.2 Portal version.

CLI​

• Added Anthropic API key to the list of supported secrets under the find command

• Updated the main policy configuration example with new sections

• Updated phrasing in all policy configuration guides to clarify where and how policy changes apply, and which policy configuration objects are used

• Created a policy configuration guide for declaring network services

• Created a policy configuration guide for BOM editing

• Updated the instructions for networking filters to match the new opt-in behavior for declaring networking placeholders

• Updated the policy configuration schema with new objects supported in the xBOM release (networking.protocol.filter.address.service, processing.filter.identity.component, processing.filter.identity.model_card, processing.filter.identity.dependency)

• Updated the rl-checks report schema with objects added in the xBOM release (report.scans.scan-{type}.rl_store, report.scans.scan-{type}.assessments.assessment.evaluations)

Portal​

• Updated the Portal API specification:

  • Added the Usage details for an organization endpoint returning data for an organization and for all groups the user has access to
  • Added the Usage details for a group endpoint returning data for an organization and the selected group (if the user has access to the group)

• Updated SAFE Viewer version, hashes, and download links to v1.1.1

Other​

• Updated the product release notes

• Added examples of ML models, services, and algorithms to the xBOM page

• Added a missing behavior ID (BH13402) in the Monitor behavior category

• Fixed some broken links to individual policies in expandable sections on the Known vulnerabilities and Application hardening pages

• Made a distinction between the my.secure.software domain and region-specific domains across all pages that refer to servers and connectivity

Documentation changes related to the Spectra Assure CLI 2.6.0 / 2025.3.1 Portal product update.

Integrations​

• Updated the Portal Docker image docs with changes related to response codes and configuration parameters (--submit-only, --rl-portal-host, --rl-portal-server)

Other​

• Updated the Analysis reports conceptual guide to clarify that the PDF Summary is now supported in Portal File Stream
• Added new behaviors and licenses to the reference docs
• Modified phrasing in the How Spectra Assure analysis works conceptual guide

Documentation release for the Spectra Assure CLI 2.6.0 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.3.1 Portal version.

CLI​

• Added new --[show-]models, --[show-]sbom, --[with-]license, and --no-dep[endencie]s options to the inspect command. Their usage has been illustrated by accompanying examples

• Added the --no-tracking option to the report command

• Marked the --no-vex option as deprecated in the report command

• Expanded the admonition about --keep-reference on the rl-secure scan command page to include the Windows issue

• Added the Windows issue regarding symbolic links to the CLI Troubleshooting page

SAFE​

• Updated the SAFE Viewer version, release date, links, and hashes to v1.1.0

Other​

• Created a new How Spectra Assure analyzes software page under Concepts & Reference that explains the different stages in the analysis process. A diagram was used to visualize the entire process and make the order of analysis steps easier to understand

• Created a new Services category under Concepts & Reference, containing all supported SaaSBOM services sorted by type

• Reorganized the tables on the Community and language coverage page to improve search, navigation, and content maintenance

• Added the following new policies to the documentation:

  • New policies in the Malware detection category focus on adware, PUAs and low-quality content in software components and their dependencies: SQ30121, SQ30205, SQ30122, SQ30204, SQ30201, SQ30206, SQ30203, SQ30202

  • New policies in the Digital signatures category focus on issues with countersigning and integrity validation of signatures: SQ20133, SQ20136, SQ20135, SQ20134, SQ20132

  • New policies in the Threat hunting category focus on developer reputation, detecting additional known software supply chain compromises, and identifying behaviors typical for infostealer, keylogger, and rootkit malware: TH15110, TH15403, TH20108, TH20113, TH15402, TH15401, TH20114, TH20112, TH18201, TH15405, TH15108, TH18202, TH15109, TH20110, TH15404, TH20109, TH20111

• Updated the verified glossary entry with new verification types

• Added new glossary entries for SaaSBOM, CBOM, ML-BOM, BOV, and VEX

• Updated the Spectra Assure analysis reports page with new information on new Bill of Materials formats

• Updated the product release notes

• Added BTRFS filesystem support on Community and language coverage and File format coverage pages

• Updated the CycloneDX and SPDX versions in the docs. We're now using CycloneDX 1.6 and SPDX 3.0.1

Documentation release for the Spectra Assure CLI 2.5.5 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.2.2 Portal version.

CLI​

• Updated the rl-deploy version, release date, links, and hashes to v2.3.0

Portal​

• Made a new Best practices for working with projects guide in the Portal docs. It includes the best naming practices, as well as all important information on the projects hierarchy and usage on Spectra Assure Portal

• Separated the workflows from the Portal File Stream and Projects pages. This helps users focus on the actions available on each page, without having to scroll through the general information every time

• Simplified the File Stream and Projects workflows and added roles tags to each. This eliminates the need to check the User and group management page for every action

• Replaced all screenshots with interactive guides in the Portal docs

SAFE​

• Moved the Reproducibility check section from the Projects page to the Report landing page

• Updated the SAFE Viewer version, release date, links, and hashes to v1.0.4

• Added information on the new File Stream header to the Summary page of the SAFE report. It allows users to export parts of the report in various formats and move the version to a project of their choice right from the top of the landing page of the report

• Removed the incorrectly included RAT from the list of Threat types on the Summary page of the report

Other​

• Re-designed API, Portal, and CLI category landing pages to look the same as Integrations, Partners, and SAFE category landing pages in our docs

• Moved Reproducibility checks, Live secret validation, and Managing third-party risks guides to a new Conceptual guides sidebar category

Documentation release for the Spectra Assure CLI 2.5.4 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.2.1 Portal version.

CLI​

• Updated the rl-deploy version, release date, links, and hashes to v2.2.9

• Updated the rl-secure list and rl-secure report pages to indicate that those commands don't require an active license

Portal​

• Added the new Entitlements section to the Settings page. It allows users to check which SAFE Assessment categories are enabled for their ReversingLabs cloud account and are evaluated during software analysis

• Made changes to the Settings page. Screenshots on the page have been replaced with interactive guides, while the textual content has been refreshed

• Fixed the incorrect year in the 2025.1.2 version title in the Portal release notes

Integrations​

• Information about the ServiceNow integration can now be accessed from the Integrations page

• Added support for creating the PDF summary (rl-summary-pdf) to the Portal Docker image documentation

SAFE​

• Updated the information relating to the SAFE Assessment part of the report summary

• Updated the SAFE Viewer version, release date, links, and hashes to v1.0.3

Other​

• Policy and behavior statistics have been refreshed.

• New behaviors have been added.

• Landing pages for Application hardening and Threat hunting policies have been improved by adding links to headings so it's easier to navigate within the page.

Documentation release for the Spectra Assure CLI 2.5.3 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.1.2 Portal version.

CLI​

• Updated the information on Entitlements. Entitlements are now more dynamic, since they're no longer tied to the user license, but to the user account

• Updated the list of secrets supported by the find command

Portal​

• Added the new PDF Summary export feature to the Portal and API docs

• Resolved minor issues in the Portal API reference docs:

  • Fixed the incorrect response message when trying to replace a version
  • Fixed the incorrect request body in Approval (TPRM) endpoints that misrepresented the reason field as optional
  • Removed 400 responses from endpoints that don't support them; replaced generic 404 response for reports with more specific messages
  • Changed content types in response schemas to match the file format that the API returns and clarified response handling for report content
  • Updated request code examples with placeholder value for report type

Integrations​

• Linked the new JFrog Artifactory integration in CLI and Portal sections

SAFE​

• Updated the SAFE Viewer version, download links, and hashes. The "Current version" admonition now also shows the release date of the latest version

Other​

• Updated the product release notes

• Added a short description of the new PDF Summary export to the Analysis reports page

• Removed all references to the unused endpoint (api.reversinglabs.com) from the docs