On the SAST side, we’ve continued shipping improvements to our Java, C/C++, Go, and Python rules:

• Updated semgrep version to 1.14.0
• For Java, renamed 1 existing rule, updated and made significant detection improvements on 6 existing rules
• For C/C++, updated 4 existing rules
• For Python, updated 2 existing rules
• For Go, updated 3 existing rules

On the IaC side, we added 313 rules covering Terraform for all cloud providers, Ansible, Kubernetes, CloudFormation, Google Deployment Manager, Dockerfile, etc.

On the Secret side, we have shipped further improvements to reduce false positives, as well as secret validation with the provider endpoints:

• Added 28 new secret patterns
• Disabled 2 secret patterns
• Improved 40 existing secret patterns
• Updated to the latest semgrep version
• 200+ new patterns will be shipped soon

On the SCA side, we have migrated more languages to our dedicated SBOM engine and added more sources to check against.

Last but not least, we have also released our new documentation updates, which now include dedicated vulnerability classes containing helpful information for specific CWEs that we are covering. You can see an example of SQL injection here. In addition, we have also added a lot more rule-specific documentation, including new embedded videos and training links in partnership with Secure Code Warrior.

The post Security Update February appeared first on GuardRails.

*** This is a Security Bloggers Network syndicated blog from GuardRails authored by GuardRails. Read the original post at: https://blog.guardrails.io/security-update-february/