Released: December 8, 2020
Ignore Rules Enhancements
Time-based Ignore Rule
Time-based ignore rule enables you to set an expiration date for an Ignore Rule in which the violation will be ignored until the Ignore Rule expires. Once that period expires, the Ignore Rule will be deleted automatically, and if the violation occurs again it will not be ignored moving forward. For more information, see Ignore Rules. This feature is also supported through REST API, as described in the IGNORE RULES REST API.
Ignored Violations Stored in the DB
All ignored violations are now stored in the DB which enables you to view all ignored violations on the artifact, build, and Release Bundle level.
The UI now provides more information about an ignored violation in the different screens, including in the violations list for an artifact, build, and Release Bundle.
Requires Artifactory 7.12.0 and above
Some of the Ignore Rules enhancements require Artifactory 7.12.0 and above. Artifactory 7.12.0 is not available yet, and will be soon.
Export Components Details API Enhancement
include_ignored_violations parameter to the Export Component Details REST API. This will return the ignore rule ID per matched policy.
The resolved issues now contain the associated JIRA number to help you keep track of your issues that were fixed in the release.
Fixed an issue, whereby adding a custom license to packages with empty archive packages was failing.
Fixed an issue, whereby when the severity level of a vulnerability was updated, and a violation was created out of it, Xray created a new violation instead of updating the existing one.
Fixed an issue, whereby Xray failed to index corrupted
Improved performance in many cases where the component graph is required for the process. For example, processing vulnerabilities update from the central database.
Improved performance of the license analysis process when, in some cases, a database update is not necessary.
Fixed an issue whereby, in some cases, the Xray data tabs are taking a while to load.