Release Notes 2024.11.0

New features and enhancements in Seeker 2024.11.0

General Improvements

Synopsys Software Integrity Group (SIG) is now Black Duck. As of Black Duck Seeker 2024.11.0, references to the Synopsys brand and resources such as technical support have been replaced with the updated information for Black Duck. No functionality has been removed as a result of this transition of ownership.

Agent deployment instructions have changed to reflect new Black Duck package names. Please check the Connect Agent Wizard in the Seeker Server UI for the updated instructions for your technology. Not all languages/configurations are affected. In all cases but one (Wildfly, see Breaking Changes below), deployment is backwards-compatible and existing scripts will continue to work.

Agents

Technologies Features
Node.js As of this release, Node.js 23 is supported.

Support for Node.js versions older than 18 has been removed.
Node.js Support has been added for graphql-http and @apollo/server GraphQLlibraries.
Node.js Support has been added for the pino logging library.
Node.js

As of this release, the syntax for defining custom sanitizers for Node.js has been extended to allow sanitizers that are defined inside wrapper objects.

For example:
1 // path/to/your/module.js
2 module.exports = {
3   utils: {
4     sanitizeSQL: function(){
5         // do SQL sanitization here
6     }
7   }
8 }
would be added as:
path/to/your/module::utils.sanitizeSQL()

Related information: Configure Sanitizers and Validators.

Checkers

The following vulnerability checkers have been added, enhanced, or changed:

Technologies Name New/Enhanced/Changed
Node.js Missing Authentication Check A new checker that reports when no valid authentication method is called when the application processes a request.

The valid authentication methods should be defined as validators for the AUTH risk under Advanced Settings for the Project or Project Template in use.

This checker is not enabled by default. To enable it, turn on the Authentication Validation feature at the Project or Project Template level.

Exclusions for Endpoints that are not expected to be authenticated can be configured under the Configuration option for the Authentication Validation feature.
Node.js Misconfigured X-XSS-Protection Header New
Node.js Misconfigured Referrer-Policy Header New
Node.js Sensitive Data Storge Unencrypted, Sensitive Data Storge Unencrypted (Second-Order) Enhanced to support the pino logging framework.
Node.js Insufficient Logging of Security Exceptions Enhanced to support the pino logging framework.

Breaking Changes

Java/Wildfly (Domain) Deployment Instructions

com.synopsys packages have been changed to com.seeker. Please see the Connect Agent Wizard in the Seeker Server UI for the updated installation instructions.