Completed: We built an AI-powered SAST scanner that automates vulnerability detection previously requiring manual analysis. It identifies SQL injections and XSS, with over 90% precision at automation speed. 

Current Focus: We are enhancing detection accuracy (precision and recall) and expanding CWE coverage to support a broader range of vulnerability types.

To see how we are doing on these goals, check the entries marked with '(AI-SAST)' in our changelog.

Fluid Attacks' Peer Reviewer Assistant (in progress)

Overview: A complementary security approach that provides AI-powered comments on your pull requests to help prevent vulnerability injection before code is merged. This functionality will be exclusively available on the Advanced plan.

Current Focus: Currently in development with upcoming availability for Azure DevOps and GitLab integrations for SAST and SCA techniques. 

To see how we are doing on these goals, check the entries marked with '(Smells)' in our changelog.

Scope Management Improvements (in progress)

Completed: Enhanced mobile application environment registration workflow for better usability.

Current Focus: Implementing table filters for environments and files to improve navigation and management.

Roadmap: Group creation redesign to make it clear that groups require both repository and environment registration.

Completed: Custom Fix and reattack features now available.

Current Focus: Building Autofix capability for enhanced remediation flexibility.

Stay tuned to entries marked with 'IDE Plugins' in our changelog to identify our progress on this goal.

SCA Fix Recommendations (in progress)

Completed: CVE fix information is now available in db.fluidattacks.com and the platform, providing developers with immediate remediation guidance for vulnerable dependencies.

Current Focus: Enhancing fix recommendations with three alternatives: (1) minimum version that fixes the CVE but may introduce new vulnerabilities, (2) minimum version that fixes without introducing new issues, and (3) nearest package version with no vulnerabilities. Rolling out these enhanced recommendations to VS Code, Cursor, and IntelliJ plugins.

Stay tuned to entries marked with 'fixes' in our changelog to identify our progress on this goal.

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.