We’ve put a lot in the feature box again!

Rejoice with us and try it out right away!

New Features:

New role Portfolio Manager and Portfolio Overview introduced:
In response to customer requests, a Portfolio Manager role has been introduced, which can always keep an eye on the totality of issues. For this purpose, an explicit portfolio overview was built, which allows to identify critical components from the portfolio overview within only three clicks.
New search options for Vulnerability Lake:
It is now also possible to search for CPEs or component identifiers and subscribe to them if suitable. This makes it easy to track different identifiers or sources.
Ability to display vulnerability descriptions directly (Get Details):
Allows the description of a vulnerability to be displayed directly so that the screen does not have to be changed. This allows decisions to be made directly in context.
Vulnerabilities for infrastructure components:
With the help of the vulnerability lake, it is now also possible to better resolve the known vulnerabilities for the infrastructure components and display them in detail in the application.
Automatic fixing of legal todos with the help of the notice file
It is now possible to generate the notice file as a pre-version without approval. TrustSource now automatically sets all obligations that are slain with the notice file to “completed” and refers to the notice file. This saves a lot of maintenance work.
Interoperability: Support for all CycloneDX SBOMs
We have included CycloneDX. Both in the core for manual uploads of modules or 3rd party software, and via API. This means that in addition to SPDX, CycloneDX is now also fully possible via both channels, which enables integration with almost all scanners. In the course of this, an import API for SPDX (v2.2+) was also created.
Dependencies are displayed using a SunBurst diagram for greater clarity.
CMake integration: With the help of this new scanner, C-Make built projects can be easily scanned and transferred to the platform for further analysis.

Attack vector representation has been equalised and made more readable.
Since the addition of additional sources, the deep link to the NVD was impractical, so we have provided an internal representation. This will also change slightly in the coming weeks.
Loading times of larger scans optimised and shortened
Vulnerability Alert mails now contain appropriate deep links so that the new information can be jumped to directly.
Internal optimisations in the area of Vulnerability Assignments.
Changes in the framework no longer only affect the analysis and the results, the notice file is now also adapted.
New intro for new users.
Improvements for the administration of components (Component Manager)
ts-node-client updated to work with newer node versions.
Tagging capabilities improved, especially for components, projects and modules, to simplify filtering.
Improved sorting capabilities in CompDB
Added chronicle of legal settings. This means that older states can also be retrieved.