A new year, a new release of Nucleus! We hope everyone had a great break and a happy new year and are as excited as we are to see what 2021 brings. It can’t get worse than 2020, right?
The first release of this year is packed full of goodies - it has something for everyone. We’re also trying a new format for our release notes. See below to find out more!
The asset management and asset details pages have had a face-lift, bringing with it specialised views for some of our asset types, and a clearer visibility of container instances and images:
If you’re ingesting container images with tag data or source code repositories with branch information, Nucleus now intelligently matches container images from the same repository and branches from the same application so that you can easily swap between them:
In addition to Additional Metadata being front and center in our new asset details page, we’ve started ingesting and populating this section of our assets with the scan/tool metadata from each available source. We’ve adopted a standard dot style naming convention so that you’re always aware of where the metadata came from:
Coupled with an update to our Asset Processing rules in the December release which allows you to trigger a rule based on the value in Additional Metadata, you can increasingly build more and more powerful automations for your Nucleus projects.
This release includes additional metadata from Checkmarx, Veracode, Rapid7 InsightVM and Microsoft Defender for Endpoint. We’ll also slowly be updating our other connectors over the coming months to include more metadata from them too.
This release we’re introducing support for Microsoft Defender for Endpoint (previously known as Microsoft Defender ATP). This connector has been one of the most requested integrations to date, so true to our word of building for our customers, we’ve built a connector that integrates with the Threat and Vulnerability Management module to ingest identified CVE’s in to Nucleus in an automated way. To find out more, check out the help article.
Shifting left means getting feedback as early as possible in the development lifecycle, and for many that means scanning code as soon as it’s branched. Now that Nucleus makes it easier to view the different branches of applications, we’ve updated two of our most used connectors to also be branch aware.
By using custom fields that are set up in these tools, you can now import the application name, branch, git repository URL and commit hash of a scan directly in to Nucleus. If you’re using Checkmarx, you can also optionally set a delimiter in the connector setup. This means that you can pull the branch name directly out of the project name.
We’ve also updated these connectors to give you even more flexibility with how you create asset groups. Now when assets are imported from these scanning tools, you have the option to create unique asset groups, create groups that match with imports from other apps, or to do nothing at all!
Vulnerability ingestion for Veracode has also improved as we’re now matching each vulnerabilities status to its corresponding counterpart in Nucleus.
Similar to Checkmarx and Veracode, we’ve also updated our Rapid7 InsightVM connector to give you more metadata and more choices when importing assets. Not only do you have the same asset group import options as Checkmarx and Veracode, but we are also ingesting all criticality, owner, location and custom tags as additional metadata that you can use when creating automation rules.
Sometimes even though we have the best of intentions, things just don’t go the way we planned, and we’re left to pick up the pieces and figure out what went wrong. In this release, we’ve made it easier to be notified and investigate when a connector ingestion job didn’t complete successfully.
In the newly renamed Data Ingest section (previously known as Scans), you can now view all connector activity for a specific project including a log of previous jobs and any upcoming jobs.
We’ve also made it possible to be notified when a scan ingestion fails. Navigating to Project Administration > Edit Project Info will allow you to set an email address for daily or weekly digest emails to be sent to when a scan fails. These emails will only be sent if a scan ingest fails!
This release comes with some optimizations that make Nucleus even faster than it already is. Page loads should be up to 2x faster across the application.