Releases: ThalesGroup/security-risk-assessment-tool
Releases · ThalesGroup/security-risk-assessment-tool
v1.2.0
Changelog
Improvements
- Added red text color to the invalid risks in ISRA Report and additional validations when saving (Issue #84)
- Added keeping focus of the last risk abd vulnerability selected while navigating (Issue #189)
- Added and updated UX to highlight the invalid / empty mandatory fields (Issue #216)
- Disabled navigation and buttons while data is loading (Issue #239)
- Added a shortcut to switch panels (Ctrl + Tab) (Issue #262)
- Added a sticky navigation bar (Issue #266)
Noteworthy bug fixes
- Fixed issue with disappearing text in 'Risk Mitigation' security control description (Issue #191)
- Fixed issue with weird display of security control description in 'Risk Mitigation' when quickly adding mitigations (Issue #207)
- Fixed issue with locked navigation and freezing when an array had no item (Issue #225)
- Fixed possibility to select a supporting asset without any business asset selected for a risk (Issue #234)
- Fixed issue with changes in business asset security property value ranking not reflected on the associated risks score (Issue #257)
- Fixed overflowing Business Asset Name's text box when resizing (Issue #88)
- Fixed display of tooltip for CVE Score (Issue #97)
- Fixed issue with deleted vulnerabilities contained in attack paths doesn't trigger errors (Issue #133)
- Fixed display of revision and iteration display in Report panel (Issue #170)
- Fixed opening of .sra file with help of file association (Issue #176)
- Fixed value of reference inputs not set to default after deleting the referenced item (Issue #177)
Miscellaneous changes
- Updated some dependencies to address security vulnerabilities
- Updated test cases to reflect changes
Full Changelog: 1.1.0...1.2.0
v1.1.0
Changelog
Improvements
- Added selective import of data from other ISRAs (Issue #38)
- Added bar charts to summarize risks in ISRA Report tab and PDF report and saving it as an image (Issue #94)
- Added dedicated file extension for ISRA files, the .sra extension (Issue #147)
- Added support to open .json, .xml and .sra files with the SRA tool (Issue #108)
- Added windows installer that is associated with .sra and .xml files (Issue #111)
- URLs now open via external browser instead of internal browser window (Issue #137)
- Removed nested riskName field in ISRA data format (Issue #113)
- Updated data format for risk attack path (Issue #138)
- Added schema version field in ISRA metadata for improved version control (Issue #149)
Noteworthy bug fixes
- Fixed issue where vulnerability without the current risk's supporting asset can be added into the attack path (Issue #91)
- Fixed issue with the error handling of opening invalid ISRA files (Issue #136)
- Fixed issue with the display of existing URLs in text box (Issue #142)
Miscellaneous changes
- Table tooltips are now displayed on column headers (#83)
- Updated some dependencies to address security vulnerabilities
- Updated icons for attachments
Full Changelog: 1.0.3...1.1
v1.0.3
Changelog
Improvements
- Added data validation for mandatory fields when importing ISRA (Issue #90)
- Added more descriptive errors when importing and saving ISRA (Issue #93)
Noteworthy bug fixes
- Fixed issue with configured classification not updating imported ISRA's classification (Issue #62)
- Fixed incorrect project iteration displayed in ISRA Report tab (Issue #59)
- Fixed issue with a field in risk likelihood resetting (Issue #122)
- Fixed issue with rich text fields data resetting (Issue #124)
Miscellaneous changes
- Updated some dependencies to address security vulnerabilities
- Updated test cases to reflect changes
Full Changelog: 1.0.2...1.0.3
v1.0.2
Changelog
Critical bug fixes
- Fixed issue causing business asset and supporting asset of risks to reset (#102)
Miscellaneous changes
- Updated issues template
Full Changelog: 1.0.1...1.0.2
v1.0.1
Changelog
Noteworthy bug fixes
- Prevent import to fail when date format is incorrect (Issue #70)
- Fixed auto-selection issue with attack path selection (Issue #61)
- Fixed issue with vulnerability scoring on XML import (Issue #61)
- Fixed issue with disappearing text fields on reload and tab refresh (Issue #31)
- Fixed issue with setting vulnerability score to 10 (Issue #74)
Miscellaneous changes
- Removed loading dialog pop-up (Issue #71)
- Added CI/CD pipeline for OSS Scorecard
- Updated READme
- Added Contributing notes
- Updated test plan to reflect changes
- Updated packaging configurations
Full Changelog: 1.0.1-alpha01...1.0.1
v1.0.1-alpha01
Implemented some bug fixes
What's Changed
- Bump xml2js from 0.4.23 to 0.5.0 in /lib by @dependabot in #27
- Prevent ignoring dialog box and user inputs when dialog box is active by @AlvinAtThales in #29
- 26 empty supporting assets should not be displayed in other locations by @AlvinAtThales in #34
- Added app icon by @AlvinAtThales in #53
- Improved performance of adding risks and vulnerabilities data to table by @AlvinAtThales in #47
- 35 application not able to handle large file attachments by @AlvinAtThales in #44
- Fixed issue with disappearing supporting assets by @AlvinAtThales in #46
- Update classification field in schema and how it is being retrieved when rendering it on the UI by @AlvinAtThales in #50
- Revert removal of attachment pattern due to issue on initial launch o… by @AlvinAtThales in #57
- Updated project organization options by @AlvinAtThales in #52
- Schema fix by @AlvinAtThales in #33
- Added loading dialog box for most tabs by @AlvinAtThales in #45
- Bump minimatch and electron-builder in /app by @dependabot in #30
- Update classification and Project Organizations to be configurable by @AlvinAtThales in #58
- Update manual test plan to account for new bugs by @AlvinAtThales in #49
Full Changelog: 1.0.0...1.0.1-alpha01
Contributors
dependabot and AlvinAtThales
Assets 5
v1.0.0
Initial revision of security risk assessment tool for win64, MacOS intel and MacOS arm64.