Release Notes – Highlight October 2017

We’re very proud to announce the next release of CAST Highlight which will be available at the end of October. This new version introduces major features that will help you to continuously monitor the health and security of your applications, whether from your CI/CD pipeline or your favorite EA/APM solution.


Identify frameworks security hotspots

Have you heard recently about what happened to Equifax with Struts? Highlight helps you identify security issues that your applications may have before black hats get their hands on it. This version verifies if the frameworks and third-party libraries contain CVEs (Common Vulnerabilities & Exposures) across 100K+ vulnerabilities referenced by MITRE and NIST.


Automate Highlight code scans
within your favorite CI/CD pipeline

Highlight analyzers can now be run through a configurable command line, in order to automate source code scans and uploads (optionally). Want to get fresh analytics after each sprint or release, or even nightly build? It only takes minutes!


Integrate Highlight metrics into your favorite tools using our public API

Highlight key metrics (e.g. health factor scores, lines of code, total cloud roadblocks, etc.) can be extracted from the platform to be integrated wherever it will make sense for your organization, using our public REST API.


Highlight now works with MEGA Hopex

We’re thrilled to announced that the next versions of MEGA Hopex will integrate with Highlight out of the box. If you’re familiar with this key player in Enterprise Architecture and Application Portfolio Management areas, you’ll be able to deploy an application portfolio, launch an assessment campaign and view results directly in Hopex with just a few clicks.


Extensions for Microsoft Visual Studio Team Services

Do you want to continuously scan source code and track Highlight analytics on your Microsoft VSTS projects? This new version comes with two extensions for VSTS that leverage the automated scan capability (command line) and the API. You’ll just need to install them from the Visual Studio Marketplace, configure once and enjoy a continuous monitoring of your projects.


New CloudReady patterns

We have implemented 20+ new code patterns to detect roadblocks that your application may encounter when moving to the Cloud. Using http protocol instead of https, hardcoded IP addresses, or stateful sessions can now be detected during the code scan, along with new patterns that detect your application already implements some PaaS services.


现在有中文 !

In case you’re more comfortable with Highlight dashboards in Chinese, we added this language to the SaaS portal, as well as to the Local Agent. Refer to the Getting Started Guide to switch from a language to another.


Platform robustness improvements

It is not necessarily visible for small portfolios, but the core SaaS platform and the way application results are aggregated have been thoroughly revisited to make it more robust, in order to support very large portfolios and high-frequency scans (i.e. more than 2,000 applications within the same portfolio).