We just released our major Winter22 release! I’m excited to share all of the features that we have added and improved in S4 for Salesforce. This release really focuses on giving S4 users powerful tools to prioritize their vulnerabilities and brings several powerful integrations that continue to make shifting left, DevSecOps, easier and easier for development teams.
We have significantly upgraded both the front-end user interface and the back-end data reporting for the Vulnerability Finding Reports generated by each scan. The most impactful new capability of S4 is to generate executive reports for specific compliance frameworks, like HIPAA, SOX, APPI, ISO-27001, GDPR, and PCI-DSS. These reports indicate which compliance requirements are impacted by each of S4’s vulnerability findings. In addition to the generated executive reports, our vulnerability findings index screen now lets you filter findings by compliance framework and each vulnerability detail screen will indicate which compliance reporting requirement is violated by a finding.
This compliance reporting can really empower teams to prioritize their development efforts based on compliance and security requirements, while giving executive leadership a clear picture of both their security posture and compliance for Salesforce.
Furthermore, we have added the capability for teams to add custom tags to vulnerability findings and to filter on those tags. Every team is unique and we believe this is another great mechanism that lets S4 be flexible and accommodating to fit into their flow. Likewise, we’ve also added another dimension to our filtering that traces the type of scan that identified the vulnerability. If you want to find only the vulnerabilities discovered from the Config scans, it is now possible. We also offer filters for Interactive Runtime Testing (IAST), Software Composition Analysis (SCA), and Static Source Code Analysis (SAST).
Focusing on integrations, this release really pushes in a number of directions. On December 7th, we announced our partnership with Copado and have put our integration for Copado DevOps platform into General Release. Copado currently offers the leading DevOps platform and this integration brings S4 findings directly into Copado pipelines and can be used as part of automatic validation steps. We’re also excited to note that S4 also integrates with Copado Essentials for customers that haven’t yet adopted the full Copado product.
For teams that rely on Single Sign-On to centralize authentication management across multiple services, S4 now offers integrations with Okta, OneLogin, Azure Active Directory, Google OAuth and dynamic SAML integrations. It’s easier than ever to onboard your whole team to S4, particularly since our pricing model does not constrain the number of users accessing the platform. Additionally, we’re giving administrators the capability to increase the security of their S4 accounts by enabling 2 factor authentication tied to a user’s email account.
Building upon our recently released VS Code extension that brings the power of S4 into developers’ favorite IDE, Winter22 now introduces SARIF support for GitHub repositories. Developers can quickly run scans against both their source and target branches, so they can more quickly identify when they’ve introduced and remediated vulnerabilities in their code.
Finally, every release includes minor bug fixes and improvements. We don’t enumerate them all in these Release Notes, but I’m going to highlight a small one that many users will appreciate. Our Scan Progress Completion Bar now polls the scanning system, meaning users are no longer required to refresh the webpage to get an update on completion.