Advisories
14 March 2022
We're in the process of migrating the Qwiet application domain from https://www.shiftleft.io to https://app.shiftleft.io. The Qwiet website, however, will remain at https://www.shiftleft.io.
With this change, we will be able to provide you with increased security and performance.
You can begin using https://app.shiftleft.io today. We will support the use of both domains through 1 August 2022; at that point, you must use https://app.shiftleft.io for Qwiet preZero.
What this change means for Qwiet users
Due to the updated domain name, you may need to make the following changes:
- Update any old
slbinaries that might be usinghttps://www.shiftleft.io - Update your firewalls; see our updated list of URLs that you should allowlist
- Update any scripts calling Qwiet URLs (e.g., scripts calling the Qwiet API, any Terraform modules you use to deploy Qwiet preZero)
- Update your SAML/SSO configuration
Please ensure that you've updated the domain name by 1 August 2022. We recommend that you implement any necessary changes and test before the changeover date.
25 October 2021
Our research team has learned that the ua-parser-js package has been compromised with malicious code by threat actors. The versions affected include:
pkg:npm/ua-parser-js@0.7.29pkg:npm/ua-parser-js@0.8.0pkg:npm/ua-parser-js@1.0.0
You can read more of our research in this article.
As of 25 October 2021, a review of dependencies used by active I-SCA customers shows that none of the applications scanned by Qwiet preZero are using affected versions of ua-parser-js.
Recommendations
- Avoid upgrading or rolling back to the affected versions of
ua-parser-js. - Scan your applications to generate a new SBoM and check for the versions listed above.