Roadmap | Fluid Attacks Help

Roadmap

We’re excited to share our priorities and upcoming features, designed to enhance security, simplify workflows, and empower you with greater efficiency and transparency.

Expanding automatic detection coverage (done)

We are working to expand the coverage of supported languages and technologies in our vulnerability scanning tool. Specifically, augmenting the supported languages and frameworks for SAST and the languages in which Reachability is possible. The goal is to support the following by this Q1:
  1. 13 programming languages
  2. 8 infrastructure as code (IaC) languages
  3. 22 frameworks
  4. reachability in 13 programming languages (i.e., reporting vulnerabilities in libraries effectively called by clients' code)
To see how we are doing on this goal, check our changelog, specifically, the entries marked with '(SAST)' and '(Reachability)'.

Expanding fix availability (in progress)

We are working on making fixes available for 21 programming languages and IaC from our extension (via Autofix and Custom fix) and our documentation.
To see how we are doing on these goals, check the entries marked with '(IDE)' in our changelog.

Audit logs availability (in progress)

Very soon, our customers will be able to access their audit logs directly from the platform, tracking actions performed in their groups—whether through the platform, API, or available integrations.
Check the entries marked with '(ASPM)' in our changelog to see how we are doing on this goal. 

Moving SCA findings to the corresponding vulnerability type (done)

Previously, we grouped together findings related to the use of third-party libraries, irrespective of the kinds of vulnerabilities in question. Further, we reported each vulnerable library version only once even when they presented multiple CVEs. Now, we are working on reporting those CVEs separately and under the corresponding vulnerability type. This has led to changes in the historical remediation rates of our clients. If their policy was, or has been, to remediate inherited vulnerabilities (reported by SCA), their remediation rates increased. Otherwise, they decreased.
Look among entries marked with 'SCA' in our changelog to identify our progress on this goal.

Enabling SCA scanning in VS Code plugin (in progress)

We want to shift further left and provide early feedback to developers. That’s why we are working on reducing rework caused by the use of vulnerable libraries by enabling our scanner directly in the IDE.
Stay tuned to entries marked with 'IDE' in our changelog to identify our progress on this goal.

Columns, tables and filters (in progress)

User experience with tables in the platform has been improved, allowing each user to customize their columns of interest. Now we are working on the following:
  1. enhanced filters for key sections
  2. an improved UI for all users
  3. standardizing table buttons
To see how we are doing on these goals, check the entries marked with '(ASPM)' in our changelog.

Say goodbye to CVSS 3.1 soon (done)

Starting April 4, the platform, reports, and CI Agent will only display severity in CVSS v4.0 scores. The CVSS v3.1 scores will remain available through the API until October 4.


Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.