Security + Compliance
Enhanced Token Generation
We’ve updated our token generation process to provide increased control over project analyses. Now, you can create two types of tokens—Project Analysis Tokens and User Tokens.
Project Analysis Tokens permit analyses to be run specifically for the projects they were created for. In contrast, User Tokens have all the permissions of the user who issued them, enabling more comprehensive rights to an instance.
Plus, to enhance security, you can now choose an expiration for your tokens or opt for no expiration. And don’t worry about forgetting—you’ll get an email reminder a week before your token’s expiry date.
Quality Gate Permissions
The latest update introduces a ‘Permissions’ section in the Quality Gates page. This feature empowers users with the global ‘Administer quality gates’ permission to assign specific permissions to individuals or user groups for managing a particular quality gate.
Editing Quality Gates
To ensure only intended changes are made, users must now use the ‘Unlock editing’ feature to modify existing conditions or add new ones for quality gates. This additional step provides an added layer of control and accuracy.
CodeScan’s new MuleSoft scanner tool analyzes the security settings of sensitive configuration files to ensure vulnerabilities aren’t introduced to the system. For example, this tool can check if the credentials for a third-party database access are properly encrypted.