Smithy V1 components

Smithy V1 components released. Support for authenticated DAST. Several orchestrator fixes to enable rapid development.

Spyros Gasteratos
Author
Spyros Gasteratos
Published on
Release

v1.1

Changes in this release

Support for

  1. authenticated elasticsearch
  2. pip-audit
  3. bandit
  4. codeql with automatic langugage detection
  5. gosec
  6. nancy
  7. semgrep
  8. trivy
  9. trufflehog
  10. ZAP both with form authentication and baseline
  • Also Smithy can now work with registries via the image-get target. This allows for downloading images from remote registries for scanning and reachability analysis.
  • The reachability enricher now supports SAST findings. You can automatically ignore SAST findings that aren’t reachable from outside the binary/internet. (e.g. tests, internal libraries, utilities)