Coana Services
Changes to non-CLI services including the dashboard and integrations are described on this page. All changes to the Coana CLI are described on the Coana CLI page. Minor changes and bug fixes are not necessarily included in this changelog.
Sep 5. 2024
Updated dismiss vulnerability dialog to also include handling of related Dependabot alerts.
Sep 4. 2024
Added filter option for vulnerabilities with or without issue tracking tickets to the report page.
Sep 3. 2024
Added option to auto-dismiss Dependabot alerts when new reports are submitted to the project settings.
Aug 14. 2024
Added link to affected code locations when the repository url is available when viewing analysis details.
Aug 12. 2024
Added new filter option for undeterminable reachablities to the report page.
Aug 9. 2024
Added search to the report page.
Aug 8. 2024
Fixed a mismatch between numbers in project summary and report tabs.
Aug 1. 2024
Introduce demo login for dashboard.
Jul 23. 2024
Introduce "Coana's comment' to help Coana's users understand and triage vulnerabilities.
Jul 17. 2024
Better information about phantom dependencies.
Jul 16. 2024
Use the terminology 'undeterminable reachability' instead of 'always affected' to display vulnerabilities Coana's reachability analysis does not scan for. This is typically the case for vulnerabilities affecting CLI tools or other packages that aren't imported directly in the code.
Jun 21. 2024
Fixed an issue where dismissed vulnerabilities were not always properly dismissed when computing project summaries and notifications.
Jun 20. 2024
Updated the projects list to link to the latest report instead of the project page. Additionally, the latest report preview has been removed from the project page.
Jun 19. 2024
Added the ability to filter vulnerabilities by ecosystem, severity, and fix availability on the report page.
Jun 18. 2024
Fixed a bug when using deep links where the page would scroll to the wrong position on the page.
Jun 7. 2024
Fixed a bug where not all members of an organization were shown in the members list.
Jun 6. 2024
Added project name, repository link and project settings button to the top of the report page.
May 24. 2024
Fixes are now computed after submitting a scan report rather and thus are no longer included in the report. This means that fixes may not show up in the dashboard immediately after a report is submitted. The fixes will be computed in the background and will be visible in the dashboard once the computation is done.
May 9. 2024
You can now use the CLI to apply fixes to vulnerabilities in your project. Details are available in the Dashboard documentation.
Apr 22. 2024
Improved reports UI with the ability to deep-link to specific vulnerabilities, vulnerability details and analysis details.
Mar 27. 2024
For admins: you can now see the MFA status of each member in the organization. The Vanta integration has been updated to sync the least privileged authentication method for each user.
Mar 25. 2024
Added support for connecting to Slack channels using manually typed channel IDs.
Mar 22. 2024
Project IDs are now UUIDs instead of integers. Old URLs, e.g., from bookmarks, pointing to specific projects have to be updated.
Mar 18. 2024
Added multichannel support for the Slack integration. In addition to a default channel, you can now configure specific projects to send notifications to other Slack channels with individual settings for topics. More info in the Slack integration documentation.
Mar 14. 2024
Add an option to the Vanta integrations, which allows you to disable Vanta synchronization for vulnerabilities that only have development dependencies.
Mar 13. 2024
Heavily updated the documentation with more content about the reachability analysis and the various dashboard features.
Mar 7. 2024
Added the ability to dismiss vulnerabilities. Under a vulnerability in the reports, you will now find an actions menu with a 'Dismiss' button. This feature allows you to mark the vulnerability as irrelevant. Dismissed vulnerabilities will not sync with Vanta, and they will not appear in the reports view unless you explicitly enable 'Show dismissed vulnerabilities' in https://app.coana.tech/dashboard/settings/display (opens in a new tab). You can remove dismissals here https://app.coana.tech/dashboard/settings/dismissed-vulnerabilities (opens in a new tab).
Mar 6. 2024
Add the ability to bulk dismiss unreachable vulnerability alerts in Dependabot.
Feb 29. 2024
Fixed issues related to editing and deleting of projects in the dashboard.
Feb 26. 2024
Enabled the Vanta integration.
Feb 22. 2024
Improved the visualization of 'Affected Application Code Locations' in Java projects.
Feb 21. 2024
Stores some user settings in the database rather than using local storage.
Feb 6. 2024
Added possibility to sort projects list view by vulnerability count and last report date.
Feb 5. 2024
Added documentation for using the Coana GitHub application (see docs). Fix an issue where Dependabot synchronization did not always work for Dependabot alerts affecting multiple packages.
Feb 2. 2024
Fixed a problem where the search field on the projects page (opens in a new tab) didn't include the descriptions field.
Feb 1. 2024
Fixed an issue where dashboard sorting didn't work for projects with many large projects. Added documentation for setting up and managing the Slack integration (see docs).
Jan 30. 2024
Introduce projects list view with latest report summary. Added the GitHub Dependabot and Slack integrations.