Skip to main content

2025

February

Highlights: AutoFix improvements, support for NuGet CPM, Jira integration improvements, Ruby (Beta) added to Workflow Setup, Secrets v2 entropy settings, adding apps to teams improvements

  • AutoFix improvements
    • AutoFix handling of pull requests for fix suggestions that include changes across multiple files has been improved.
    • The GitHub token expiration (date and time) is now available in the UI. This allows users to refresh a token ahead of its expiration in order to avoid disruptions to AutoFix Pull Requests.
    • GitHub credentials for AutoFix Pull Requests can now be configured at the application, team, and organization levels.
    • Several improvements to error handling to enhance the user experience.
  • Support for NuGet CPM: preZero can now better analyze applications that use the NuGet Central Package Management (CPM). Discovery of the packages manifest has also been improved.
  • Jira integration improvements: error handling has been improved for Jira. The user can now get more detailed error messages that can help troubleshoot configuration issues.
  • Ruby (Beta) added to Workflow Setup: Ruby (Beta) has been added to the Workflow Setup in the Add App page. Discovery of GitHub repositories has been improved.
  • Secrets v2 entropy settings: Secrets v2 entropy settings can now be set at the organization level in Organization Settings, under the Client-Side Secrets section.
  • Adding apps to teams improvements: when adding an app to a team from the applications page, teams are now searchable.

January

Highlights: AutoFix improvements, SBOM location, expanded finding details, archive applications, Apex (Beta) support, PL/SQL (Beta) support, Ruby (Beta) GitHub workflow demo

  • AutoFix improvements
    • AutoFix pull requests now provide richer content in the description, such as test cases, attack payloads, and more.
    • If the GitHub token has expired or is not valid, users will see a message in the AutoFix tab alerting them of the issue. The Settings page will also indicate whether or not a token is valid.
    • A second fix is now available as an option for the user in case the primary fix does not provide the expected result.
  • SBOM location: in the findings list (OSS only), users can now see the location or name of the application's package manifest that is importing or including the dependency.
  • Expanded finding details: when viewing a finding's details, users can now switch to a stacked column view. This allows a user to focus on one section at a time and make use of the entire width of the page to see, for example, AutoFix suggestions without needing to scroll horizontally.
  • Archive applications: preZero now allows the option to archive and restore applications. When an application is archived, results are not included in search results, summaries, reports, etc. Archived applications cannot be analyzed. A list of archived applications can be seen under the Archived tab in the Applications page.
  • Apex (Beta) support: Apex (from Salesforce) is now supported via a third party scanner. Results are aggregated and available on the preZero dashboard. The Qwiet AI Security Team continues to add rules to improve results.
  • PL/SQL (Beta) support: Qwiet preZero now supports the PL/SQL language via a third party scanner. Results are aggregated and available on the preZero dashboard. The Qwiet AI Security Team continues to add rules to improve results.
  • Ruby (Beta) GitHub workflow demo: Ruby is now available in the Workflow Setup as a demo.