Release 1.31

January 11, 2024

What’s New?

Creating Custom Secret Detectors

Starting this release, you can now create, edit, delete custom (non-system) type secret detectors.

You cannot create System type Secret Detector. However, you can edit the Severity, and Status of a System Secret Detector.

In the Configurations > Secret Detection tab, you can see the New Secret Detector button to create a new secret detector. 

Fill in the required details for the new secret detector and save the secret detector form. The new Secret Detector will be visible in the Secret Detector's list.

Wild card characters are disabled for the Regex field of a Secret Detector. A query search requires the exact matching of the string (non-wildcard entry) to avoid identification of the redundant entries.

Regex field does not support “\” backlash character as it can give false-positive search results later.


Controlled Access for the Sub-users

With this release, Admins can restrict sub-users access to certain assets. They can achieve this control using a set of tags. Now, all sub-users can only see the assets which are in their scope. Any asset which is beyond their scope will not be visible to them. These assets include images and containers. To understand how to enable the access control, refer to the Online Help. 

Customized Landing Page for Assets

Earlier, Hosts page was treated as the default landing page for the ASSETS tab. Now, Images tab is treated as the default option. Also, you can choose the default landing page for your ASSETS tab. The following options are available for the ASSETS default landing page – Hosts, Images, Container, and Registries.

To choose the default landing page, go to Configuration > General > Miscellaneous Settings > Default Asset Landing Page.

Showing "Unknown" Status for the Deleted Scan Jobs under Registries

Earlier, if all scan jobs created under a registry are deleted, the status shown was "-". With this release, for registries without any scan jobs, the status shown will be "unknown".

For example, in the image below, the status of "Sub_domain_jfrog" registry - which does not possess any job - shows as "Unknown".

Improved Secret Detector Security

With this release, the Match column from the Detected Secrets window is removed to add extra security to the existing secrets. Now, only the Line Number column is displayed. Bo doing so, we are avoiding unnecessary exposure to the matched secrets.
To access the Detected Secrets window, go to Assets > Images with secrets > Image Details > Secrets.

Issues Addressed

The following issues have been fixed with this release:

Category Issue
Registery Backend The Repository page showed the wrong image sha count for the same images which are scanned using registry sensor.
CMS On Demand/Automatic Scan jobs of some registries failed with this error – “Unexpected error occurred. Contact Qualys support”.
CMS-API For vulnerabilities.status:<string value> token search, the Images and Containers tab did not show any record even when both assets had suitable matches for the given search token.
CMS-Processor Last scanned field in the Image Summary page failed to get updated for Registry Force rescan by Tag using regex.
CS Online Help Supported OS versions gave an error when a user tried to access it. 
(UI Path: CONFIGURATIONS > Sensors > Download Sensor > General (Host) > CLUSTER > Kubernetes > System Requirements & Troubleshooting > Supported OS versions).
CMS-Processor Container Security page under an Asset Details, showed unavailability of the sensor even when a sensor was assigned to that asset.