Skip to main content

Spectra Assure Release Notes

This page is a chronological overview of the most important features and improvements across Spectra Assure product releases.

Every feature has labels indicating product support. Use the buttons below to filter the features by product (CLI or Portal).

You can always check the list of the most recent major features by clicking "Feature spotlight" in the footer of your Portal instance.



2024.12.1 (Portal) - 2.5.0 (CLI)​

RL-SAFE Portal CLI​

Users can now generate a comprehensive offline report, bundling all available report types into a portable archive. This β€œRL-SAFE” archive includes integrity verification and encryption to protect the confidentiality of software testing audit records.

SAFE Report Viewer Portal CLI​

ReversingLabs has published an application dedicated to opening the new RL-SAFE archive, viewing SAFE reports offline, and exporting other report types. This application helps bypass inherent limitations found in common internet browsers by enabling a user to view large HTML reports generated by analyzing complex software binaries. Application can be downloaded from: docs.secure.software/safe-viewer


2024.11.2 (Portal)​

SAML Single Sign-On (SSO) Support Portal​

We now support SAML SSO, enabling users to log in using their organization’s identity provider. This integration ensures authentication processes comply with established security protocols, reducing the risk of credential breaches. By streamlining access management, SAML SSO enhances security and significantly improves the user experience.


2024.10.2 (Portal) - 2.4.2 (CLI)​

License Page Portal CLI​

A new section has been added to the SAFE report dedicated to license information detected within software components and dependencies. This view enables users to more efficiently filter software licenses by family type (copyleft, proprietary, etc.) and identify any unusual or unwanted licenses which may expose their organization to legal or compliance risk.


2024.10.1 (Portal)​

Sync API Portal​

The Spectra Assure API now supports version reanalysis for existing software projects. Using the new β€œSync” action, users can rescan a package version to synchronize it with an updated policy configuration or the latest engine update. Reanalysis is provided free of charge (no additional quota is consumed), offering greater flexibility and control over software testing workflows.


2024.9.2 (Portal) - 2.4.0 (CLI)​

Malicious Model Detection Portal CLI​

We’ve strengthened security for machine learning workflows by introducing enhanced detection of unsafe function calls during model deserialization. Any models exhibiting unusual behaviors are automatically flagged as malicious, ensuring your organization is protected from evolving software supply chain threats. Supported formats include NumPy (NPY/NPZ) and PyTorch (PKL).

Expanded Disk Image Support Portal CLI​

We now support unpacking QCOW and QCOW2 disk image formats. Spectra Assure can now analyze disk images with LVM partitions, and those using UFS2 or XFS file systems.

Enhanced Threat Hunting Portal CLI​

We’ve integrated threat hunting machine learning models to detect novel software supply chain attacks in the PyPI and NPM communities.

New Security Permissions Portal​

The Security role can now edit Organizational policies and Group policy configurations, providing greater flexibility in managing security settings across the organization.

RL-URI Portal CLI​

Spectra Assure users can now download networking data in CSV format using the "Export" button within the Networking tab. These "RL-URI" reports enable offline preservation of networking data for audit purposes and facilitate information sharing for stakeholders who do not maintain access to the Portal.


2024.9.1 (Portal)​

Shareable Report Enhancements Portal​

Workflows for sharing SAFE reports have been improved to support the generation of multiple report variants, each with distinct restrictions. Additionally, sharing metrics such as the number of views and artifact downloads (e.g. SBOM, package or issues) can now be tracked. Users now have additional expiration length options (60 and 90 days) for shareable links, as well as the option to distribute these reports via email. These enhancements empower organizations to foster transparency into software supply chain risk while exercising greater control over access to sensitive package analysis results.

New Group Role Portal​

A new β€œMaintainer” role has been introduced, extending the existing β€œGroup Member” permissions. This role grants users the ability to perform actions (create, delete, reanalyze, etc) within the Projects page of the Portal, while maintaining restrictions to policy configuration. The expanded role enables more granular control over user privileges within member groups.


2024.8.3 (Portal) - 2.3.3 (CLI)​

Shareable Report Enhancements Portal​

Workflows for sharing SAFE reports have been improved to support the generation of multiple report variants, each with distinct restrictions. Additionally, sharing metrics such as the number of views and artifact downloads (e.g. SBOM, package or issues) can now be tracked. Users also have the option to distribute these reports via email. These enhancements empower organizations to foster transparency into software supply chain risk while exercising greater control over access to sensitive package analysis results.

Behavior Prevalence Statistics Portal CLI​

The SAFE report now presents data describing the prevalence of an identified software behavior within popular (e.g. Top 100) packages across open source communities (PyPI, NPM, RubyGems). This data will help Spectra Assure users contextualize whether an observed behavior is common, suspicious, or exclusively used by malicious open source software.


2024.8.1 (Portal) - 2.3.1 (CLI)​

Behavior Transparency Portal CLI​

Users can now view the software behaviors which cause Threat Hunting [TH] policy violations. The report also offers a more detailed explanation of the triggers driving these behaviors, providing deeper insights into the root cause of issues detected.


2024.7.2 (Portal) - 2.3.0 (CLI)​

Enhanced Reporting Portal CLI​

Dynamic charts and graphs have been incorporated into the report summary, offering multi-dimensional context to the analysis and improving the linkage between policies, issues, and risks they might cause.

Users can now interactively browse software package components, accessing detailed file-level metadata to support in-depth security triage.


2024.7.1 (Portal) - 2.2.0 (CLI)​

Expanded License Coverage Portal CLI​

New policies have been added to detect and report issues with software licenses, such as the presence of copyleft licenses, restricted licenses, and licenses with aggressive enforcement.

Integrity and Diagnostics Portal CLI​

New policies have been added to report data integrity issues and information about errors or warnings encountered by the scan engine when unpacking files or analyzing content.

Disk Image Formats Portal CLI​

The Spectra Assure scan engine can now unpack VMDK, OVA, VDI, VHD, and VHDX disk image formats that use a Windows (FAT/NTFS) or Linux (EXT) file system.

PHP/Packagist Support Portal CLI​

Spectra Assure now includes vulnerability detection for PHP open source libraries hosted on Packagist.org.

Python SDK Portal​

We have published a Python-based SDK as a wrapper for the Spectra Assure Portal API. Customers can leverage the SDK to expedite integrations with external systems.


2024.4.2 (Portal) - 2.1.0 (CLI)​

RL-CVE Portal​

Spectra Assure users can now download vulnerability data in CSV format using the "Export" button within the report banner. These "RL-CVE" reports enable offline preservation of software vulnerability data for audit purposes and facilitate information sharing for stakeholders who do not maintain access to the portal.

Automatic CVE Triage Portal CLI​

Spectra Assure now automatically triages CVEs identified in package dependencies when vulnerable code is not present in the Software Bill of Materials. This enhancement improves the solution's detection efficacy and minimizes the burden of manual review. Automatically suppressed vulnerabilities appear with a tag β€œTriaged” in the report.


2024.4.1 (Portal)​

Configurable Shareable Reports Portal​

Spectra Assure users now have the option to configure shareable reports. This includes the ability to password protect reports, as well as restrict the ability to download related outputs of the analysis (software package, SBOM in CycloneDX or SPDX, or SARIF). These new configurable shareable reports foster transparency between software publishers and enterprise buyers while enabling granular control of the sensitive information uncovered during analysis.


2024.3.2 (Portal) - 2.0.0 (CLI)​

Spectra Assure Now GA Portal CLI​

We are thrilled to announce the renaming of ReversingLabs SSCS to Spectra Assure for General Availability (GA). This change is a reflection of our commitment to continued innovation within the product, aiming to provide our customers with the best possible user experience.

Threat Hunting Portal CLI​

Users can now apply threat hunting (TH) policies to detect a software compromise based on the presence of malicious behaviors, suspicious network references, and other common attack indicators in a single package. These new policies will help quickly surface indicators of software tampering to the user.

Enhanced Differential Analysis Portal CLI​

The solution can now detect software tampering by identifying when new behaviors resembling previously known attacks are introduced between two release versions. By categorizing behaviors of these high-profile attacks, ReversingLabs can help organizations ensure future release versions are protected from compromise.

New Behavior Metadata Portal CLI​

The β€œBehavior” tab in the report now includes metadata that describes how each behavior is commonly triggered and the prevalence of the behavior in the Open Source Community from which the component exhibiting the behavior was sourced. New filters have also been added to navigate and sort by behaviors with ease.


2024.2.2 (Portal)​

Shareable Reports Portal​

Users can now share reports of a specific software package version for a limited time from the Projects page with individuals who do not have an SSCS Portal account. The workflow provides options for different link expiration timeframes and the ability to stop sharing at any time.

This capability facilitates seamless collaboration with external parties for various use cases. A software producer could share a report with a supplier identifying an issue for resolution. A software buyer could share a report with an auditor for visibility into specific analysis results.


2023.12.1 (Portal) - 1.5.0 (CLI)​

Secrets Liveness Check Portal CLI​

Users can now validate whether detected secrets are active and subject to abuse. This liveness check helps automatically triage leaked secrets by understanding if they are usable and require further protection or if they have been revoked or expired. This analysis option enables users to accelerate their review process, making informed decisions on secrets which present the most significant risk.

New Secrets Tab Portal CLI​

Sensitive information metadata is now displayed in a single view. This new tab introduces filters to make secrets more accessible, eliminating the hassle of navigating through several report layers to locate an exposed secret.

Enhanced Threat Detection Portal CLI​

The Spectra Assure platform has expanded its detection capabilities to incorporate results from dynamic analysis. RL Cloud Sandbox is now leveraged as an additional reputation source for threat detection.

Left-Hand Report Navigation Portal CLI​

Analysis reports now feature a left-hand navigation to improve ease of review. This enhancement drives more efficient investigation, enabling users to access required information without the need to search or scroll. Users can choose to minimize the navigation bar, increasing the visibility of the relevant results.


2023.10.0 (Portal)​

Expanded Project Capacity Portal​

To further expand the scale of the SSCS Portal, we have increased the number of possible packages across the organization to 10,000.

Enhanced Member Visibility Portal​

To provide administrators with better visibility into account usage, the Members tab now indicates the last activity date for each user.

Cryptographic Hash Upgrade Portal​

We employ cryptographic hashes to definitively identify components and files, since names and other labels may be inaccurate. We're upgrading all hash references to SHA-256 to virtually guarantee unique identification.


2023.9.0 (Portal) - 1.4.0 (CLI)​

Reproducible Builds Portal CLI​

We are thrilled to introduce the Reproducible Builds feature in this release β€” a significant step towards enhancing the security of your software development pipeline. This feature allows you to effortlessly detect and prevent build tampering, as it automatically verifies the integrity of your CI/CD system by comparing the behaviors of software compiled in separate build environments.

Move Files to Projects Portal​

We have enhanced our file management capabilities, allowing you to move files from the File Stream tab to the Projects tab. With this improvement, you can seamlessly enjoy the benefits of Projects without the need to re-upload files, thus saving your analysis quota.

Enabling SAFE Levels Portal​

Levels are predefined sets of policy controls designed to help you gradually enhance your software security. We have completed the beta period for Levels and are now enabling them for all projects and file streams. The default level applied will match existing behavior and preserve policy overrides without changing analysis results.

New Policy: Detect Political Protest Messages Portal CLI​

Ensure software compliance with proactive checks to identify and flag components containing political protest messages, preventing unintentional distribution of sensitive or harmful content.


2023.8.0 (Portal) - 1.3.3 (CLI)​

Known Exploited Vulnerabilities (KEV) Portal CLI​

The Spectra Assure platform now supports the CISA Known Exploited Vulnerability (KEV) catalog as a source for vulnerabilities assigned the "Patch Mandated" prioritization tag.

New Public APIs Portal​

With new Public API endpoints, you can update and delete projects, packages and versions, and view all projects for any group. To get started, first generate a personal access token in your User Settings, then check the full API reference for details on how to use the APIs.

Duplicate File Upload Check Portal​

If the file you're uploading has already been analyzed, the Portal now warns you that a duplicate record exists, and offers to navigate you to the existing report. This check is performed both in the File Stream and in Projects tabs. If required, you may dismiss the warning and continue with the file upload.

Download Capacity Indicator Portal​

You can now monitor the volume of download capacity that you organization has used on the Analysis Capacity page found within the Settings tab. Download quota is spent for every file downloaded from File Stream and Projects, and the quota is reset monthly.


2023.6.3 (Portal) - 1.3.0 (CLI)​

Vulnerabilities Portal CLI​

The Spectra Assure platform brings improved vulnerability detection thanks to new open source vulnerability data, and better vulnerability tracking across software versions and components. In Portal reports, this information is now in a separate Vulnerabilities tab with better filtering and clearer prioritization.

Public APIs Portal​

Automate common actions like uploading packages, creating projects, and exporting different report formats with the new Portal APIs. To get started, first generate a personal access token in your User Settings, then check the full API reference for details on how to use the APIs.

Approved Software Download Portal​

Portal users can now download previously approved software as part of the third-party software risk management workflow. If a file has been approved, you can download it from the actions menu.

Observer Role Portal​

Let your users explore the portal in read-only mode without risk of unwanted changes. Administrators and Group owners can assign the Observer group role to any user from the Group page.


2023.4.0 (Portal) - 1.2.0 (CLI)​

Approvals Portal​

Approvals help your teams manage risk from third-party software and mark files as safe to use. You'll notice this new feature in every file row, where you can click the Actions button to grant or reject approval for each uploaded file.

SAFE Levels Portal CLI​

Levels are optional, predefined sets of policy controls that help you gradually improve your software security. Decide which security goals you want to achieve and choose the corresponding level on the policy configuration settings page.

SSO Portal​

Single Sign-On will help you manage access to your Spectra Assure organization and control user permissions from a central place. Set it up on the SSO configuration page.