SD Elements 2024.3 is now generally available as of October 12, 2024. With this latest release, Security Compass introduces several enhancements that help security and engineering teams scale their efforts and reduce risks in their products and applications.
Key enhancements in SD Elements 2024.3 include:
- Import diagrams as a new way to generate security requirements, in addition to surveys and repository scans
- New API capabilities to customize countermeasures
- The ability to update the Common Weakness Enumeration (CWE) mappings for weaknesses in the SD Elements library
- Additional content added to the SD Element library, including guidance for complying with the EU Cyber Resilience Act
- Scan GitLab repositories to quickly model applications in SD Elements (coming in a maintenance release later in the quarter)
Import Diagrams to Generate Security Requirements
Security Compass is now releasing a new feature for SD Elements that allows users to import diagrams to generate security requirements. This feature complements existing methods such as surveys and repository scans.
Users can upload diagrams, including system architecture diagrams or flowcharts, into SD Elements. The software analyzes these diagrams to identify key components, interactions, and data flows and automatically generates relevant security requirements based on this analysis.
New API Capabilities to Customize Countermeasures
The 2024.3 release introduces new API capabilities that simplify the customization of countermeasures. This allows users to tailor security controls to their specific needs and better address relevant threats and vulnerabilities.
The update includes enhanced GET functionality, new APIs for Post/Patch/Del of countermeasures, additional requirements, and How-Tos.
Update CWE mappings
Many companies use the Common Weakness Enumeration (CWE) system to categorize security weaknesses in their software.
With the 2024.3 release, users can now adjust CWE mappings for weaknesses in the SD Elements library through the user interface and API. This helps align the mappings more closely with their security policies.
Additional Content Added to the Library
Organizations have many tools and technologies that need to be secured. The 2024.3 release of SD Elements introduces over 20 new components, covering cloud technologies, CI/CD pipelines, and SaaS tools. Some examples are AWS CodePipeline, AWS Elasticache, CircleCI, PodMan, Salesforce, GCP Vertex AI, Azure Static Web Apps, and many more.
These additions enable users to better identify weaknesses and countermeasures across a broader scope of their environment.
Support for the EU Cyber Resilience Act
The EU Cyber Resilience Act will take effect in late 2024, with a grace period for organizations to comply.
The 2024.3 release adds new countermeasures, compliance reports, and survey responses to help organizations effectively address these requirements. This update streamlines the compliance process, minimizes the risk of penalties, and ensures that security measures are up to date with the latest standards.
Scan GitLab Repositories
In an earlier release, we introduced a time-saving feature for SD Elements users to generate security requirements by scanning their GitHub repositories. With this 2024.3 release, customers can now scan their GitLab repositories to model their applications in SD Elements quickly and efficiently and generate security and compliance requirements.
Note: This enhancement won’t be available in the initial 2024.3 release. Instead, it’ll be made available in a maintenance release later in the quarter. Stay tuned for a separate announcement.
Learn More
Security Compass enables you to deliver secure and compliant software by design.
By taking a proactive approach to threat modeling and secure development, SD Elements improves software security at scale, reduces operational costs, and helps organizations achieve compliance. Application Security Training from Security Compass covers all your team’s compliance, secure coding, and deployment needs.
For existing SD Elements customers, please contact your Customer Success Manager for further information about the release.
New to SD Elements? Request a demo to explore how the solution can transform your software security landscape.