3 posts tagged with "2025-03"

Documentation release for the Spectra Assure CLI 2.6.1 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.3.2 Portal version.

CLI​

• Added Anthropic API key to the list of supported secrets under the find command

• Updated the main policy configuration example with new sections

• Updated phrasing in all policy configuration guides to clarify where and how policy changes apply, and which policy configuration objects are used

• Created a policy configuration guide for declaring network services

• Created a policy configuration guide for BOM editing

• Updated the instructions for networking filters to match the new opt-in behavior for declaring networking placeholders

• Updated the policy configuration schema with new objects supported in the xBOM release (networking.protocol.filter.address.service, processing.filter.identity.component, processing.filter.identity.model_card, processing.filter.identity.dependency)

• Updated the rl-checks report schema with objects added in the xBOM release (report.scans.scan-{type}.rl_store, report.scans.scan-{type}.assessments.assessment.evaluations)

Portal​

• Updated the Portal API specification:

  • Added the Usage details for an organization endpoint returning data for an organization and for all groups the user has access to
  • Added the Usage details for a group endpoint returning data for an organization and the selected group (if the user has access to the group)

• Updated SAFE Viewer version, hashes, and download links to v1.1.1

Other​

• Updated the product release notes

• Added examples of ML models, services, and algorithms to the xBOM page

• Added a missing behavior ID (BH13402) in the Monitor behavior category

• Fixed some broken links to individual policies in expandable sections on the Known vulnerabilities and Application hardening pages

• Made a distinction between the my.secure.software domain and region-specific domains across all pages that refer to servers and connectivity

Documentation changes related to the Spectra Assure CLI 2.6.0 / 2025.3.1 Portal product update.

Integrations​

• Updated the Portal Docker image docs with changes related to response codes and configuration parameters (--submit-only, --rl-portal-host, --rl-portal-server)

Other​

• Updated the Analysis reports conceptual guide to clarify that the PDF Summary is now supported in Portal File Stream
• Added new behaviors and licenses to the reference docs
• Modified phrasing in the How Spectra Assure analysis works conceptual guide

Documentation release for the Spectra Assure CLI 2.6.0 product update.

New release of the Spectra Assure Portal and Public API documentation, covering the 2025.3.1 Portal version.

CLI​

• Added new --[show-]models, --[show-]sbom, --[with-]license, and --no-dep[endencie]s options to the inspect command. Their usage has been illustrated by accompanying examples

• Added the --no-tracking option to the report command

• Marked the --no-vex option as deprecated in the report command

• Expanded the admonition about --keep-reference on the rl-secure scan command page to include the Windows issue

• Added the Windows issue regarding symbolic links to the CLI Troubleshooting page

SAFE​

• Updated the SAFE Viewer version, release date, links, and hashes to v1.1.0

Other​

• Created a new How Spectra Assure analyzes software page under Concepts & Reference that explains the different stages in the analysis process. A diagram was used to visualize the entire process and make the order of analysis steps easier to understand

• Created a new Services category under Concepts & Reference, containing all supported SaaSBOM services sorted by type

• Reorganized the tables on the Community and language coverage page to improve search, navigation, and content maintenance

• Added the following new policies to the documentation:

  • New policies in the Malware detection category focus on adware, PUAs and low-quality content in software components and their dependencies: SQ30121, SQ30205, SQ30122, SQ30204, SQ30201, SQ30206, SQ30203, SQ30202

  • New policies in the Digital signatures category focus on issues with countersigning and integrity validation of signatures: SQ20133, SQ20136, SQ20135, SQ20134, SQ20132

  • New policies in the Threat hunting category focus on developer reputation, detecting additional known software supply chain compromises, and identifying behaviors typical for infostealer, keylogger, and rootkit malware: TH15110, TH15403, TH20108, TH20113, TH15402, TH15401, TH20114, TH20112, TH18201, TH15405, TH15108, TH18202, TH15109, TH20110, TH15404, TH20109, TH20111

• Updated the verified glossary entry with new verification types

• Added new glossary entries for SaaSBOM, CBOM, ML-BOM, BOV, and VEX

• Updated the Spectra Assure analysis reports page with new information on new Bill of Materials formats

• Updated the product release notes

• Added BTRFS filesystem support on Community and language coverage and File format coverage pages

• Updated the CycloneDX and SPDX versions in the docs. We're now using CycloneDX 1.6 and SPDX 3.0.1