December 2021 Platform Releases
Language Libraries (non-OS packages) are now scanned by default - This will affect the following:
Creating new registry integrations: The Non-OS Package Support option is now enabled by default in the Optional Settings.
Existing registry integrations: The Non-OS Package Support option in the Optional Settings page is now enabled even if it was previously disabled. This includes registry integrations created when the option wasn't available (prior to v4.20).
Proxy scanners will now scan non-OS packages by default. The
scan_non_os_packagesfield has been removed and replaced with
disable_non_os_package_scanning. See the
disable_non_os_package_scanningsection for more information on its usage.
The v0.2.4 inline scanner release (and future releases) will now scan non-OS packages by default. See the Upgrades section for guidance on default configuration behavior after upgrading.
Disabling scanning of Language Libraries
If you wish to disable this feature, see the Disabling Language Libraries Support section.
New CIS Benchmark Reports for Azure - New reports have been added for Azure: NIST 800-171 rev2 and NIST 800-53 rev5. See Azure Report Types for all available reports.
New CIS Benchmark Reports for GCP - New reports have been added for GCP: NIST 800-171 rev2, NIST 800-53 rev4, and NIST CSF. See GCP Report Types for all available reports.
Container scanning support for Red Hat UBI - Red Hat Universal Base Images are now supported for container vulnerability scanning.
Host vulnerability - update to Public Facing filter - The Public Facing filter on the Host vulnerability page (Group by Host view) has been updated to match the Machine Dossier - List of External Facing Server Machines definition.
- Non-SSL JFrog Cloud registry integrations are not successful - Due to a formatting issue in the JFrog API, non-SSL (
http://) integrations will not work for JFrog Cloud registries.
- Separate Counts for Enterprise Agents vs Standard Agents - The Usage Summary page categorizes Standard agents and Enterprise agents differently, and gives a separate count of each type.
- Registry notifications Available for GitLab On Prem - Lacework now supports registry notifications for GitLab on prem container registry integrations. Registry notifications were previously available on GitLab cloud only.
- Vulnerability Management - KPIs, Trendline, and CVE filters - The Container and Host Vulnerability pages now display active filters that are influencing the charts and statistics displayed. When viewing a Host or Image assessment, the CVE tab now has an interactive filter to adjust the table of vulnerabilities displayed for the selected host/image.
- The container vulnerability documentation has been redesigned with additional content. This includes a restructuring of the container integration guides.