Back to blog
Release
6 minutes read

Purplemet Cloud 1.23.0 New Features

Purplemet Product

September 9, 2024

Updates and new features

Purplemet Cloud 1.23.0 is now available! This new version features several updates and enhancements compared to the previous version, as described hereafter.

Latest version for branches

In addition to the latest version of a technology, Purplemet now provides the latest version of the technology branch used by the web application. This is because a technology may have several active branches, the latest of which may offer additional functionality compared to previous branches, but may not be required by the customer if there are no security issues.

The list of technologies for a web application will therefore show the latest version of the technology, if available, and the latest version of the branch used by the customer.

Purplemet Cloud Latest Branch Version

The technology details page has been redesigned to show the latest versions available for each technology and to provide clear text information on whether the technology in use needs to be updated if vulnerabilities have been identified for that version.

Purplemet Cloud Latest Branch Version Details

Nuclei templates integration

The Nuclei scanner is part of the ProjectDiscovery open source project, and can be used to scan for a disclosed vulnerability, as well as to facilitate the work of hackers to check for vulnerabilities in potential targets.

Purplemet now indicates whether a Nuclei template exists for each reported issue, with a direct link to the Nuclei project's GitHub repository. With this integration, you know there is a potential exploit for the vulnerability, and then you can use the Nuclei scanner on your site to check if the vulnerability can be exploited.

Purplemet Cloud Nuclei Templates Integration

CVSSv4 support

As CVSSv4 is now made available by NIST and CISA for each new CVE, Purplemet makes this version available to users in addition to the versions already known for each issue.

Purplemet has also taken the opportunity to add a CVSS rating for web security issues that were not previously assigned a CVSS rating because they were not linked to a CVE.

Purplemet Cloud CVSSv4 Support

The new columns display the score and vector corresponding to the latest CVSS version available for the issue, which is the version used to calculate the severity of the result. All CVSS scores and vectors can be viewed on the result details page, in the CVSS block.

Purplemet Cloud CVSSv4 Column

Issue comment

You can now add comments to the issues detected in your web applications. Once a comment has been added, the user can modify or delete the comment using the actions available for each comment.

Purplemet Cloud Issue Comment

Users import

It is now possible for users with an administrator profile to import a list of users to add from a CSV file.

Purplemet Cloud Users Import

Tags import

It is now possible for users with an administrator profile to import a list of tags to add.

Purplemet Cloud Tags Import

Time zone support

Each user can now select the time zone used to display dates within the user interface. The entire user interface has been updated to show the time zone used to display each date and time, both in the data lists and on the details pages.

Purplemet Cloud Time Zone Support

IP addresses geolocation

For each IP address, the name of the country, its continent, its capital and its flag are now displayed. This information is available in the IP addresses section and on the IP address details page.

Purplemet Cloud Time Geolocation

API updates

  • API Tokens - Publish new properties to Token schema: tags, tagCnt, connectedAt
  • Users - Publish new properties to User schema: tagCnt, enableCriticalNotifications, enableCertificateNotifications
  • Web Applications - Publish new properties to Site schema: tagCnt, enableNotification
  • Technologies - Publish new property branchLatestVersion to Technology schema
  • Issues - New API GET /issue/:id/comment to list comments posted on an issue
  • Issues - New API GET /issue/:id/comment/count to count comments posted on an issue
  • Issues - New API POST /issue/:id/comment to post a new comment on an issue
  • Issues - New API PUT /issue/:id/comment/:commentId to update contents of a comment posted on an issue
  • Issues - New API DELETE /issue/:id/comment/:commentId to delete a comment posted on an issue
  • Issues - Publish new property to Issue schema: commentCnt

Additional updates

  • The content of the notifications tab has been improved to provide a clearer interface that is consistent with the security tab.
  • It is now possible to use the tagCnt search criterion in data lists for web applications, users and API tokens.
  • Purplemet can now detect when users try to add machine names as domains.
  • A new SSO enablement section is now available within the online documentation, providing users with the help they need to set up SSO between Purplemet and their Identity Provider SSO solution. Untegration guides for each SSO IdP solution tested by the Purplemet team are included.

Up Next