Roadmap | Fluid Attacks Help

Roadmap

See where we are going together:

Reachability

We're introducing a new feature to our automated tool that provides deeper insights into the actual risks of vulnerabilities within your software supply chain. The reachability module will analyze the components and dependencies listed in the Supply Chain section to determine if any reported vulnerabilities directly impact your application. Since vulnerabilities only become a threat when certain functionalities are utilized in your code, this analysis will help prioritize issues that require immediate attention.

Scope:

Direct dependencies

Language Support:

Languages
- Javascript
- Typescript
- Python

Supply Chain module

Support for package manager extensions

Languages and extensions

C++

  • conan.lock (supported)

  • conanfile.py (coming soon)

  • conanfile.txt (coming soon)

.NET

  • .csproj (supported)

  • .exe.config (coming soon)

  • packages.config (supported)

Java

  • .gradle (supported)

  • build.gradle.kts (supported)

  • .xml (maven pom.xml) (supported)

  • gradle-wrapper.properties (coming soon)

  • build.sbt (coming soon)

Python

  • .txt (pip requirements) (supported)

  • Pipfile (supported)

  • Pipfile.lock (supported)

  • pyproject.toml (supported)

JavaScript

  • package-lock.json (supported)

  • package.json (supported)

  • pnpm-lock.yaml (supported)

  • yarn.lock (supported)

Ruby

  • Gemfile (supported)

  • Gemfile.lock (supported)

  • gems.locked (supported)

Go

  • go.mod (coming soon)

Rust

  • Cargo.lock (supported)

  • Cargo.toml (supported)

PHP

  • composer.json (supported)

  • composer.lock (supported)

Swift

  • Package.resolved (supported)

Dart

  • pubspec.yaml (supported)

Elixir

  • mix.exs (coming soon)

  • mix.lock (supported)

HTML

  • .html (script tags) (supported)

SBOM (Software Bill of Materials)

  • .json (SPDX/CycloneDX) (coming soon)

  • .xml  (SPDX/CycloneDX) (coming soon)


Support for Package Manager Extensions

This feature enables integration with various package managers, enhancing functionality and user experience.

Report on Malware Dependencies

Report malicious OS dependencies. It's crucial to identify these vulnerabilities, as they can pose significant risks to system security and integrity.

SBOM for Docker Images

Generate SBOMs for registered Docker images, including their dependencies and OS. This provides transparency and traceability, essential for managing security risks effectively.

Add End-of-Life (EoL) Status in Supply Chain

Incorporate End-of-Life (EoL) status into the supply chain management process. EoL indicates when a product is no longer supported or maintained, making it vital to have this information readily available to mitigate security risks.

Report on Development Dependencies

List development dependencies within the environment. Even though these dependencies may not be part of the production code, they can still introduce risks if they contain vulnerabilities (CVEs).

Differentiate Between Direct and Transitive Dependencies

Clearly show the distinction between direct and transitive dependencies. This differentiation helps in understanding the dependency tree and assessing potential risks more accurately.

Centralized Download Center for Reports

We’re introducing a centralized Download Center in the platform, giving users easy access to all their reports in one place. With this feature, users can download any necessary files directly from the platform, eliminating mixed delivery methods and providing a streamlined experience for accessing important documentation.
You will find downloads for technical reports, executive summaries, SBOMs, DevSecOps reports, and more.

Columns for related events in roots and environments within the scope.

When an event occurs in any of your roots or environments—such as a cloning failure, credential error, or any associated issue—you will be able to access it from the column in the scope view. This allows you to address the issue promptly and ensure continuous service availability.

Centralization of organization-wide policies

All policies for groups associated with an organization are now available in one centralized location for easier management. This enhances visibility, allowing you to view and oversee the policy landscape for each group effectively.

Migrate environment URLs and all associated resources between roots and groups.

You now have the ability to move environments and all their associated resources between roots or groups with a single action, streamlining the process and improving efficiency. This feature enhances flexibility, allowing you to reorganize resources as your operational needs evolve.