Spectra Assure Portal Release Notes
This page is a chronological overview of the most important features and improvements across Spectra Assure Portal product releases.
You can always check the list of the most recent major features by clicking "Feature spotlight" in the footer of your Portal instance.
Portalβ
2024.4.2β
RL-CVEβ
Spectra Assure users can now download vulnerability data in CSV format using the "Export" button within the report banner. These "RL-CVE" reports enable offline preservation of software vulnerability data for audit purposes and facilitate information sharing for stakeholders who do not maintain access to the portal.
Automatic CVE Triageβ
Spectra Assure now automatically triages CVEs identified in package dependencies when vulnerable code is not present in the Software Bill of Materials. This enhancement improves the solution's detection efficacy and minimizes the burden of manual review. Automatically suppressed vulnerabilities appear with a tag βTriagedβ in the report.
2024.4.1β
Configurable Shareable Reportsβ
Spectra Assure users now have the option to configure shareable reports. This includes the ability to password protect reports, as well as restrict the ability to download related outputs of the analysis (software package, SBOM in CycloneDX or SPDX, or SARIF). These new configurable shareable reports foster transparency between software publishers and enterprise buyers while enabling granular control of the sensitive information uncovered during analysis.
2024.3.2β
Spectra Assure Now GAβ
We are thrilled to announce the renaming of ReversingLabs SSCS to Spectra Assure for General Availability (GA). This change is a reflection of our commitment to continued innovation within the product, aiming to provide our customers with the best possible user experience.
Threat Huntingβ
Users can now apply threat hunting (TH) policies to detect a software compromise based on the presence of malicious behaviors, suspicious network references, and other common attack indicators in a single package. These new policies will help quickly surface indicators of software tampering to the user.
Enhanced Differential Analysisβ
The solution can now detect software tampering by identifying when new behaviors resembling previously known attacks are introduced between two release versions. By categorizing behaviors of these high-profile attacks, ReversingLabs can help organizations ensure future release versions are protected from compromise.
New Behavior Metadataβ
The βBehaviorβ tab in the report now includes metadata that describes how each behavior is commonly triggered and the prevalence of the behavior in the Open Source Community from which the component exhibiting the behavior was sourced. New filters have also been added to navigate and sort by behaviors with ease.
2024.2.2β
Shareable Reportsβ
Users can now share reports of a specific software package version for a limited time from the Projects page with individuals who do not have an SSCS Portal account. The workflow provides options for different link expiration timeframes and the ability to stop sharing at any time.
This capability facilitates seamless collaboration with external parties for various use cases. A software producer could share a report with a supplier identifying an issue for resolution. A software buyer could share a report with an auditor for visibility into specific analysis results.
2023.12.1β
Secrets Liveness Checkβ
Users can now validate whether detected secrets are active and subject to abuse. This liveness check helps automatically triage leaked secrets by understanding if they are usable and require further protection or if they have been revoked or expired. This analysis option enables users to accelerate their review process, making informed decisions on secrets which present the most significant risk.
New Secrets Tabβ
Sensitive information metadata is now displayed in a single view. This new tab introduces filters to make secrets more accessible, eliminating the hassle of navigating through several report layers to locate an exposed secret.
Enhanced Threat Detectionβ
The Spectra Assure platform has expanded its detection capabilities to incorporate results from dynamic analysis. RL Cloud Sandbox is now leveraged as an additional reputation source for threat detection.
Left-Hand Report Navigationβ
Analysis reports now feature a left-hand navigation to improve ease of review. This enhancement drives more efficient investigation, enabling users to access required information without the need to search or scroll. Users can choose to minimize the navigation bar, increasing the visibility of the relevant results.
2023.10.0β
Expanded Project Capacityβ
To further expand the scale of the SSCS Portal, we have increased the number of possible packages across the organization to 10,000.
Enhanced Member Visibilityβ
To provide administrators with better visibility into account usage, the Members tab now indicates the last activity date for each user.
Cryptographic Hash Upgradeβ
We employ cryptographic hashes to definitively identify components and files, since names and other labels may be inaccurate. We're upgrading all hash references to SHA-256 to virtually guarantee unique identification.
2023.9.0β
Reproducible Buildsβ
We are thrilled to introduce the Reproducible Builds feature in this release β a significant step towards enhancing the security of your software development pipeline. This feature allows you to effortlessly detect and prevent build tampering, as it automatically verifies the integrity of your CI/CD system by comparing the behaviors of software compiled in separate build environments.
Move Files to Projectsβ
We have enhanced our file management capabilities, allowing you to move files from the File Stream tab to the Projects tab. With this improvement, you can seamlessly enjoy the benefits of Projects without the need to re-upload files, thus saving your analysis quota.
Enabling ReversingLabs Levelsβ
Levels are predefined sets of policy controls designed to help you gradually enhance your software security. We have completed the beta period for Levels and are now enabling them for all projects and file streams. The default level applied will match existing behavior and preserve policy overrides without changing analysis results.
New Policy: Detect Political Protest Messagesβ
Ensure software compliance with proactive checks to identify and flag components containing political protest messages, preventing unintentional distribution of sensitive or harmful content.
2023.8.0β
Known Exploited Vulnerabilities (KEV)β
The Spectra Assure platform now supports the CISA Known Exploited Vulnerability (KEV) catalog as a source for vulnerabilities assigned the "Patch Mandated" prioritization tag.
New Public APIsβ
With new Public API endpoints, you can update and delete projects, packages and versions, and view all projects for any group. To get started, first generate a personal access token in your User Settings, then check the full API reference for details on how to use the APIs.
Duplicate File Upload Checkβ
If the file you're uploading has already been analyzed, the Portal now warns you that a duplicate record exists, and offers to navigate you to the existing report. This check is performed both in the File Stream and in Projects tabs. If required, you may dismiss the warning and continue with the file upload.
Download Capacity Indicatorβ
You can now monitor the volume of download capacity that you organization has used on the Analysis Capacity page found within the Settings tab. Download quota is spent for every file downloaded from File Stream and Projects, and the quota is reset monthly.
2023.6.3β
Vulnerabilitiesβ
The Spectra Assure platform brings improved vulnerability detection thanks to new open source vulnerability data, and better vulnerability tracking across software versions and components. In Portal reports, this information is now in a separate Vulnerabilities tab with better filtering and clearer prioritization.
Public APIsβ
Automate common actions like uploading packages, creating projects, and exporting different report formats with the new Portal APIs. To get started, first generate a personal access token in your User Settings, then check the full API reference for details on how to use the APIs.
Approved Software Downloadβ
Portal users can now download previously approved software as part of the third-party software risk management workflow. If a file has been approved, you can download it from the actions menu.
Observer Roleβ
Let your users explore the portal in read-only mode without risk of unwanted changes. Administrators and Group owners can assign the Observer group role to any user from the Group page.
2023.4.0β
Approvalsβ
Approvals help your teams manage risk from third-party software and mark files as safe to use. You'll notice this new feature in every file row, where you can click the Actions button to grant or reject approval for each uploaded file.
ReversingLabs Levelsβ
Levels are optional, predefined sets of policy controls that help you gradually improve your software security. Decide which security goals you want to achieve and choose the corresponding level on the policy configuration settings page.
SSOβ
Single Sign-On will help you manage access to your Spectra Assure organization and control user permissions from a central place. Set it up on the SSO configuration page.