Spectra Assure Release Notes
This page is a chronological overview of the most important features and improvements across Spectra Assure product releases.
Every feature has labels indicating product support. Use the buttons below to filter the features by product (CLI or Portal).
2024.9.1 (Portal)β
Sharable Report Enhancements Portalβ
Workflows for sharing SAFE reports have been improved to support the generation of multiple report variants, each with distinct restrictions. Additionally, sharing metrics such as the number of views and artifact downloads (e.g. SBOM, package or issues) can now be tracked. Users now have additional expiration length options (60 and 90 days) for shareable links, as well as the option to distribute these reports via email. These enhancements empower organizations to foster transparency into software supply chain risk while exercising greater control over access to sensitive package analysis results.
New Group Role Portalβ
A new βMaintainerβ role has been introduced, extending the existing βGroup Memberβ permissions. This role grants users the ability to perform actions (create, delete, reanalyze, etc) within the Projects page of the Portal, while maintaining restrictions to policy configuration. The expanded role enables more granular control over user privileges within member groups.
2024.8.3 (Portal) - 2.3.3 (CLI)β
Shareable Report Enhancements Portalβ
Workflows for sharing SAFE reports have been improved to support the generation of multiple report variants, each with distinct restrictions. Additionally, sharing metrics such as the number of views and artifact downloads (e.g. SBOM, package or issues) can now be tracked. Users also have the option to distribute these reports via email. These enhancements empower organizations to foster transparency into software supply chain risk while exercising greater control over access to sensitive package analysis results.
Behavior Prevalence Statistics Portal CLIβ
The SAFE report now presents data describing the prevalence of an identified software behavior within popular (e.g. Top 100) packages across open source communities (PyPI, NPM, RubyGems). This data will help Spectra Assure users contextualize whether an observed behavior is common, suspicious, or exclusively used by malicious open source software.
2024.8.1 (Portal) - 2.3.1 (CLI)β
Behavior Transparency Portal CLIβ
Users can now view the software behaviors which cause Threat Hunting [TH] policy violations. The report also offers a more detailed explanation of the triggers driving these behaviors, providing deeper insights into the root cause of issues detected.
2024.7.2 (Portal) - 2.3.0 (CLI)β
Enhanced Reporting Portal CLIβ
Dynamic charts and graphs have been incorporated into the report summary, offering multi-dimensional context to the analysis and improving the linkage between policies, issues, and risks they might cause.
Users can now interactively browse software package components, accessing detailed file-level metadata to support in-depth security triage.
2024.7.1 (Portal) - 2.2.0 (CLI)β
Expanded License Coverage Portal CLIβ
New policies have been added to detect and report issues with software licenses, such as the presence of copyleft licenses, restricted licenses, and licenses with aggressive enforcement.
Integrity and Diagnostics Portal CLIβ
New policies have been added to report data integrity issues and information about errors or warnings encountered by the scan engine when unpacking files or analyzing content.
Disk Image Formats Portal CLIβ
The Spectra Assure scan engine can now unpack VMDK, OVA, VDI, VHD, and VHDX disk image formats that use a Windows (FAT/NTFS) or Linux (EXT) file system.
PHP/Packagist Support Portal CLIβ
Spectra Assure now includes vulnerability detection for PHP open source libraries hosted on Packagist.org.
Python SDK Portalβ
We have published a Python-based SDK as a wrapper for the Spectra Assure Portal API. Customers can leverage the SDK to expedite integrations with external systems.
2024.4.2 (Portal) - 2.1.0 (CLI)β
RL-CVE Portalβ
Spectra Assure users can now download vulnerability data in CSV format using the "Export" button within the report banner. These "RL-CVE" reports enable offline preservation of software vulnerability data for audit purposes and facilitate information sharing for stakeholders who do not maintain access to the portal.
Automatic CVE Triage Portal CLIβ
Spectra Assure now automatically triages CVEs identified in package dependencies when vulnerable code is not present in the Software Bill of Materials. This enhancement improves the solution's detection efficacy and minimizes the burden of manual review. Automatically suppressed vulnerabilities appear with a tag βTriagedβ in the report.
2024.4.1 (Portal)β
Configurable Shareable Reports Portalβ
Spectra Assure users now have the option to configure shareable reports. This includes the ability to password protect reports, as well as restrict the ability to download related outputs of the analysis (software package, SBOM in CycloneDX or SPDX, or SARIF). These new configurable shareable reports foster transparency between software publishers and enterprise buyers while enabling granular control of the sensitive information uncovered during analysis.
2024.3.2 (Portal) - 2.0.0 (CLI)β
Spectra Assure Now GA Portal CLIβ
We are thrilled to announce the renaming of ReversingLabs SSCS to Spectra Assure for General Availability (GA). This change is a reflection of our commitment to continued innovation within the product, aiming to provide our customers with the best possible user experience.
Threat Hunting Portal CLIβ
Users can now apply threat hunting (TH) policies to detect a software compromise based on the presence of malicious behaviors, suspicious network references, and other common attack indicators in a single package. These new policies will help quickly surface indicators of software tampering to the user.
Enhanced Differential Analysis Portal CLIβ
The solution can now detect software tampering by identifying when new behaviors resembling previously known attacks are introduced between two release versions. By categorizing behaviors of these high-profile attacks, ReversingLabs can help organizations ensure future release versions are protected from compromise.
New Behavior Metadata Portal CLIβ
The βBehaviorβ tab in the report now includes metadata that describes how each behavior is commonly triggered and the prevalence of the behavior in the Open Source Community from which the component exhibiting the behavior was sourced. New filters have also been added to navigate and sort by behaviors with ease.
2024.2.2 (Portal)β
Shareable Reports Portalβ
Users can now share reports of a specific software package version for a limited time from the Projects page with individuals who do not have an SSCS Portal account. The workflow provides options for different link expiration timeframes and the ability to stop sharing at any time.
This capability facilitates seamless collaboration with external parties for various use cases. A software producer could share a report with a supplier identifying an issue for resolution. A software buyer could share a report with an auditor for visibility into specific analysis results.
2023.12.1 (Portal) - 1.5.0 (CLI)β
Secrets Liveness Check Portal CLIβ
Users can now validate whether detected secrets are active and subject to abuse. This liveness check helps automatically triage leaked secrets by understanding if they are usable and require further protection or if they have been revoked or expired. This analysis option enables users to accelerate their review process, making informed decisions on secrets which present the most significant risk.
New Secrets Tab Portal CLIβ
Sensitive information metadata is now displayed in a single view. This new tab introduces filters to make secrets more accessible, eliminating the hassle of navigating through several report layers to locate an exposed secret.
Enhanced Threat Detection Portal CLIβ
The Spectra Assure platform has expanded its detection capabilities to incorporate results from dynamic analysis. RL Cloud Sandbox is now leveraged as an additional reputation source for threat detection.
Left-Hand Report Navigation Portal CLIβ
Analysis reports now feature a left-hand navigation to improve ease of review. This enhancement drives more efficient investigation, enabling users to access required information without the need to search or scroll. Users can choose to minimize the navigation bar, increasing the visibility of the relevant results.
2023.10.0 (Portal)β
Expanded Project Capacity Portalβ
To further expand the scale of the SSCS Portal, we have increased the number of possible packages across the organization to 10,000.
Enhanced Member Visibility Portalβ
To provide administrators with better visibility into account usage, the Members tab now indicates the last activity date for each user.
Cryptographic Hash Upgrade Portalβ
We employ cryptographic hashes to definitively identify components and files, since names and other labels may be inaccurate. We're upgrading all hash references to SHA-256 to virtually guarantee unique identification.
2023.9.0 (Portal) - 1.4.0 (CLI)β
Reproducible Builds Portal CLIβ
We are thrilled to introduce the Reproducible Builds feature in this release β a significant step towards enhancing the security of your software development pipeline. This feature allows you to effortlessly detect and prevent build tampering, as it automatically verifies the integrity of your CI/CD system by comparing the behaviors of software compiled in separate build environments.
Move Files to Projects Portalβ
We have enhanced our file management capabilities, allowing you to move files from the File Stream tab to the Projects tab. With this improvement, you can seamlessly enjoy the benefits of Projects without the need to re-upload files, thus saving your analysis quota.
Enabling SAFE Levels Portalβ
Levels are predefined sets of policy controls designed to help you gradually enhance your software security. We have completed the beta period for Levels and are now enabling them for all projects and file streams. The default level applied will match existing behavior and preserve policy overrides without changing analysis results.
New Policy: Detect Political Protest Messages Portal CLIβ
Ensure software compliance with proactive checks to identify and flag components containing political protest messages, preventing unintentional distribution of sensitive or harmful content.
2023.8.0 (Portal) - 1.3.3 (CLI)β
Known Exploited Vulnerabilities (KEV) Portal CLIβ
The Spectra Assure platform now supports the CISA Known Exploited Vulnerability (KEV) catalog as a source for vulnerabilities assigned the "Patch Mandated" prioritization tag.
New Public APIs Portalβ
With new Public API endpoints, you can update and delete projects, packages and versions, and view all projects for any group. To get started, first generate a personal access token in your User Settings, then check the full API reference for details on how to use the APIs.
Duplicate File Upload Check Portalβ
If the file you're uploading has already been analyzed, the Portal now warns you that a duplicate record exists, and offers to navigate you to the existing report. This check is performed both in the File Stream and in Projects tabs. If required, you may dismiss the warning and continue with the file upload.
Download Capacity Indicator Portalβ
You can now monitor the volume of download capacity that you organization has used on the Analysis Capacity page found within the Settings tab. Download quota is spent for every file downloaded from File Stream and Projects, and the quota is reset monthly.
2023.6.3 (Portal) - 1.3.0 (CLI)β
Vulnerabilities Portal CLIβ
The Spectra Assure platform brings improved vulnerability detection thanks to new open source vulnerability data, and better vulnerability tracking across software versions and components. In Portal reports, this information is now in a separate Vulnerabilities tab with better filtering and clearer prioritization.
Public APIs Portalβ
Automate common actions like uploading packages, creating projects, and exporting different report formats with the new Portal APIs. To get started, first generate a personal access token in your User Settings, then check the full API reference for details on how to use the APIs.
Approved Software Download Portalβ
Portal users can now download previously approved software as part of the third-party software risk management workflow. If a file has been approved, you can download it from the actions menu.
Observer Role Portalβ
Let your users explore the portal in read-only mode without risk of unwanted changes. Administrators and Group owners can assign the Observer group role to any user from the Group page.
2023.4.0 (Portal) - 1.2.0 (CLI)β
Approvals Portalβ
Approvals help your teams manage risk from third-party software and mark files as safe to use. You'll notice this new feature in every file row, where you can click the Actions button to grant or reject approval for each uploaded file.
SAFE Levels Portal CLIβ
Levels are optional, predefined sets of policy controls that help you gradually improve your software security. Decide which security goals you want to achieve and choose the corresponding level on the policy configuration settings page.
SSO Portalβ
Single Sign-On will help you manage access to your Spectra Assure organization and control user permissions from a central place. Set it up on the SSO configuration page.