Coana Services

Coana Services

Changes to non-CLI services including the dashboard and integrations are described on this page. All changes to the Coana CLI are described on the Coana CLI page. Minor changes and bug fixes are not necessarily included in this changelog.

Jul 16. 2024

Use the terminology 'undeterminable reachability' instead of 'always affected' to display vulnerabilities Coana's reachability analysis does not scan for. This is typically the case for vulnerabilities affecting CLI tools or other packages that aren't imported directly in the code.

Jun 21. 2024

Fixed an issue where dismissed vulnerabilities were not always properly dismissed when computing project summaries and notifications.

Jun 20. 2024

Updated the projects list to link to the latest report instead of the project page. Additionally, the latest report preview has been removed from the project page.

Jun 19. 2024

Added the ability to filter vulnerabilities by ecosystem, severity, and fix availability on the report page.

Jun 18. 2024

Fixed a bug when using deep links where the page would scroll to the wrong position on the page.

Jun 7. 2024

Fixed a bug where not all members of an organization were shown in the members list.

Jun 6. 2024

Added project name, repository link and project settings button to the top of the report page.

May 24. 2024

Fixes are now computed after submitting a scan report rather and thus are no longer included in the report. This means that fixes may not show up in the dashboard immediately after a report is submitted. The fixes will be computed in the background and will be visible in the dashboard once the computation is done.

May 9. 2024

You can now use the CLI to apply fixes to vulnerabilities in your project. Details are available in the Dashboard documentation.

Apr 22. 2024

Improved reports UI with the ability to deep-link to specific vulnerabilities, vulnerability details and analysis details.

Mar 27. 2024

For admins: you can now see the MFA status of each member in the organization. The Vanta integration has been updated to sync the least privileged authentication method for each user.

Mar 25. 2024

Added support for connecting to Slack channels using manually typed channel IDs.

Mar 22. 2024

Project IDs are now UUIDs instead of integers. Old URLs, e.g., from bookmarks, pointing to specific projects have to be updated.

Mar 18. 2024

Added multichannel support for the Slack integration. In addition to a default channel, you can now configure specific projects to send notifications to other Slack channels with individual settings for topics. More info in the Slack integration documentation.

Mar 14. 2024

Add an option to the Vanta integrations, which allows you to disable Vanta synchronization for vulnerabilities that only have development dependencies.

Mar 13. 2024

Heavily updated the documentation with more content about the reachability analysis and the various dashboard features.

Mar 7. 2024

Added the ability to dismiss vulnerabilities. Under a vulnerability in the reports, you will now find an actions menu with a 'Dismiss' button. This feature allows you to mark the vulnerability as irrelevant. Dismissed vulnerabilities will not sync with Vanta, and they will not appear in the reports view unless you explicitly enable 'Show dismissed vulnerabilities' in (opens in a new tab). You can remove dismissals here (opens in a new tab).

Mar 6. 2024

Add the ability to bulk dismiss unreachable vulnerability alerts in Dependabot.

Feb 29. 2024

Fixed issues related to editing and deleting of projects in the dashboard.

Feb 26. 2024

Enabled the Vanta integration.

Feb 22. 2024

Improved the visualization of 'Affected Application Code Locations' in Java projects.

Feb 21. 2024

Stores some user settings in the database rather than using local storage.

Feb 6. 2024

Added possibility to sort projects list view by vulnerability count and last report date.

Feb 5. 2024

Added documentation for using the Coana GitHub application (see docs). Fix an issue where Dependabot synchronization did not always work for Dependabot alerts affecting multiple packages.

Feb 2. 2024

Fixed a problem where the search field on the projects page (opens in a new tab) didn't include the descriptions field.

Feb 1. 2024

Fixed an issue where dashboard sorting didn't work for projects with many large projects. Added documentation for setting up and managing the Slack integration (see docs).

Jan 30. 2024

Introduce projects list view with latest report summary. Added the GitHub Dependabot and Slack integrations.