Release Notes – Highlight October 2017
We’re very proud to announce the next release of CAST Highlight which will be available at the end of October. This new version introduces major features that will help you to continuously monitor the health and security of your applications, whether from your CI/CD pipeline or your favorite EA/APM solution.
Identify frameworks security hotspots
Have you heard recently about what happened to Equifax with Struts? Highlight helps you identify security issues that your applications may have before black hats get their hands on it. This version verifies if the frameworks and third-party libraries contain CVEs (Common Vulnerabilities & Exposures) across 100K+ vulnerabilities referenced by MITRE and NIST.
Automate Highlight code scans
within your favorite CI/CD pipeline
Highlight analyzers can now be run through a configurable command line, in order to automate source code scans and uploads (optionally). Want to get fresh analytics after each sprint or release, or even nightly build? It only takes minutes!
Highlight now works with MEGA Hopex
We’re thrilled to announced that the next versions of MEGA Hopex will integrate with Highlight out of the box. If you’re familiar with this key player in Enterprise Architecture and Application Portfolio Management areas, you’ll be able to deploy an application portfolio, launch an assessment campaign and view results directly in Hopex with just a few clicks.
Extensions for Microsoft Visual Studio Team Services
Do you want to continuously scan source code and track Highlight analytics on your Microsoft VSTS projects? This new version comes with two extensions for VSTS that leverage the automated scan capability (command line) and the API. You’ll just need to install them from the Visual Studio Marketplace, configure once and enjoy a continuous monitoring of your projects.
New CloudReady patterns
We have implemented 20+ new code patterns to detect roadblocks that your application may encounter when moving to the Cloud. Using http protocol instead of https, hardcoded IP addresses, or stateful sessions can now be detected during the code scan, along with new patterns that detect your application already implements some PaaS services.
In case you’re more comfortable with Highlight dashboards in Chinese, we added this language to the SaaS portal, as well as to the Local Agent. Refer to the Getting Started Guide to switch from a language to another.
Platform robustness improvements
It is not necessarily visible for small portfolios, but the core SaaS platform and the way application results are aggregated have been thoroughly revisited to make it more robust, in order to support very large portfolios and high-frequency scans (i.e. more than 2,000 applications within the same portfolio).