The January 2023 SaaS Update Release includes the following changes with respect to the previous SaaS product release. Unless otherwise stated, all updates were made available on January 15.


TABLE OF CONTENTS


Supply Chain Security

Two new UI pages: Dependencies and Risks

  • Dependenciesdisplays the packages used in your application code in all code repositories; includes their details and a detailed analysis of the packages for the presence of security issues
  • Risks: displays the security risks (vulnerabilities, IaC misconfigurations, and sensitive data) detected in all code repositories added to Aqua


SAST checks

Aqua now performs Static Application Security Testing (SAST) checks of your application code and displays the security issues detected. For more information, refer to Code Repository Scan Detailed View > SAST tab.


Enhancements to Assurance Policies

  • You can configure an Assurance Policy to fail pull requests or builds if they are not compliant with the policy.
  • The following controls have been added to Assurance Policies:
  • Dependency Name
  • Pipeline Misconfiguration Severity
  • Specific Pipeline Misconfiguration Check
  • Specific Sensitive Data Check
  • Specific Vulnerability

For detailed information, refer to Assurance Policies.


Enhancements to the Suppression Rules page

  • The experience of creating a suppression rule has been enhanced.
  • The Suppression Rules list view page has been enhanced.

For detailed information, refer to Create Suppression Rules.


Workload Protection

"Exclude application scope(s)" specification for Runtime Policies and services

When defining a Container, Function, or Host Runtime Policy or an Aqua service, and you select the Global application scope, you can also select one or more application scopes to exclude from the policy or service. (RFE-37520)


Cleanup of incidents

You can configure Settings > Cleanup to remove incidents from the UI and database by setting the retention period in days. (This setting, which previously existed for audit events, has been extended to support incidents.)


Setting to enable/disable container engine audit event logging

In the Settings > Enforcer page:

  • The Audit Enforcer Connection and Disconnection section has been renamed to Enforcer Audit Event Settings.
  • A new checkbox, Log container engine lifecycle events (e.g., container start/stop), has been added to this section. This checkbox allows you to enable or disable the auto-reporting of the container engine's lifecycle audit logs. By default, this checkbox is disabled.

Workload Protection and Image Scanning

New v2 API endpoints

The following endpoints are available to add all images from the repository or tag structure to the scan queue:

  • /repositories/scanqueue
  • /repositories/scanqueue/status