Skip to main content

2025

April

Highlights: AutoFix enhancements, C/C++ support in Visual Studio Code, session timeout in Organization Settings, improved Secrets findings descriptions, Security Health Check, Apex and PL/SQL improvements, API Integration token role, Secrets settings

  • AutoFix enhancements
    • Notes produced by AutoFix agents are now displayed above the code snippets to make it easier for the user to access them.
    • Notes are now also available at the top level in pull requests descriptions. Also, the vulnerability Description, Attack Payloads, and Test Cases appear top-level (instead of inside Details).
    • For clarity, the recommended fix is now labeled as such, instead of using the agent's name.
    • Pull requests are no longer created automatically by default. This can be changed in Organization Settings.
  • C/C++ support in Visual Studio Code: the Qwiet preZero VS Code extension can now analyze code written in C/C++.
  • Session timeout in Organization Settings: administrators can now configure the expiration time for users' sessions in Organization Settings.
  • Improved Secret findings descriptions: Secrets findings now include an extended description that provides additional steps the user or organization can take to prevent or clean up a Secrets issue, beyond just removing the secret from the source code.
  • Security Health Check: Super Admins can now receive a weekly security health check email that provides a high-level overview of the organization vulnerability landscape. This newsletter can be enabled and configured in Organization Settings.
  • Apex and PL/SQL improvements: analysis of projects written in Apex or PL/SQL are now about three times faster.
  • API Integration token role: a new API Integration token role is now available for Integration Tokens. This role has access to all API endpoints, similar to a personal access token.
  • Secrets settings: several settings for Secrets, previously only available via environment variables, are now available in Organization Settings and Application Settings. Please see the Settings section in the Secrets v2 documentation page.

March

Highlights: Improved AutoFix results, AutoFix for Visual Studio Code, VCS URLs for findings for non-CPG analyses, Support for Go 1.24

  • Improved AutoFix results: the accuracy of AutoFix results (for all agents) has been improved by about twenty three percent. The number of errors has been drastically reduced, particularly for cases where the CPG context was too large for the large language model's context window.
  • AutoFix for Visual Studio Code: AutoFix is now available in the extension for Visual Studio Code (VS Code). Click on the wand that appears when hovering over a finding to launch the merge workflow. Compare existing code with the AutoFix suggestion and merge specific lines or all changes. A few other improvements were made to the extension to increase reliability and performance.
  • VCS URLs for findings for non-CPG analyses: VCS links to source code and specific lines of code are now available for results produced by non-CPG analyses (e.g. Terraform, Apex, PL/SQL).
  • Support for Go 1.24: preZero can now analyze applications written in Go 1.24 and earlier versions.

February

Highlights: AutoFix improvements, support for NuGet CPM, Jira integration improvements, Ruby (Beta) added to Workflow Setup, Secrets v2 entropy settings, adding apps to teams improvements

  • AutoFix improvements
    • AutoFix handling of pull requests for fix suggestions that include changes across multiple files has been improved.
    • The GitHub token expiration (date and time) is now available in the UI. This allows users to refresh a token ahead of its expiration in order to avoid disruptions to AutoFix Pull Requests.
    • GitHub credentials for AutoFix Pull Requests can now be configured at the application, team, and organization levels.
    • Several improvements to error handling to enhance the user experience.
  • Support for NuGet CPM: preZero can now better analyze applications that use the NuGet Central Package Management (CPM). Discovery of the packages manifest has also been improved.
  • Jira integration improvements: error handling has been improved for Jira. The user can now get more detailed error messages that can help troubleshoot configuration issues.
  • Ruby (Beta) added to Workflow Setup: Ruby (Beta) has been added to the Workflow Setup in the Add App page. Discovery of GitHub repositories has been improved.
  • Secrets v2 entropy settings: Secrets v2 entropy settings can now be set at the organization level in Organization Settings, under the Client-Side Secrets section.
  • Adding apps to teams improvements: when adding an app to a team from the applications page, teams are now searchable.

January

Highlights: AutoFix improvements, SBOM location, expanded finding details, archive applications, Apex (Beta) support, PL/SQL (Beta) support, Ruby (Beta) GitHub workflow demo

  • AutoFix improvements
    • AutoFix pull requests now provide richer content in the description, such as test cases, attack payloads, and more.
    • If the GitHub token has expired or is not valid, users will see a message in the AutoFix tab alerting them of the issue. The Settings page will also indicate whether or not a token is valid.
    • A second fix is now available as an option for the user in case the primary fix does not provide the expected result.
  • SBOM location: in the findings list (OSS only), users can now see the location or name of the application's package manifest that is importing or including the dependency.
  • Expanded finding details: when viewing a finding's details, users can now switch to a stacked column view. This allows a user to focus on one section at a time and make use of the entire width of the page to see, for example, AutoFix suggestions without needing to scroll horizontally.
  • Archive applications: preZero now allows the option to archive and restore applications. When an application is archived, results are not included in search results, summaries, reports, etc. Archived applications cannot be analyzed. A list of archived applications can be seen under the Archived tab in the Applications page.
  • Apex (Beta) support: Apex (from Salesforce) is now supported via a third party scanner. Results are aggregated and available on the preZero dashboard. The Qwiet AI Security Team continues to add rules to improve results.
  • PL/SQL (Beta) support: Qwiet preZero now supports the PL/SQL language via a third party scanner. Results are aggregated and available on the preZero dashboard. The Qwiet AI Security Team continues to add rules to improve results.
  • Ruby (Beta) GitHub workflow demo: Ruby is now available in the Workflow Setup as a demo.