Releases: faloker/purify
v1.2.0
v1.1.3
v1.1.2
v1.1.1
🚀 New features
- api.adorable is dead, so it was replaced with avatars.dicebear.com, enjoy new avatars
- added ability to change avatar
- oneshots are back, read about them https://faloker.gitbook.io/purify/getting-started/upload-report#oneshot
🐛 Bug fixes
- fix bug when comparison might be wrong due to special characters
v1.1.0
v1.0.1
v1.0.0
👀 Pre-amble
Before continuing, please take a moment read the following:
The goal of this project is to make it easy to manage the results of your toolbox no matter what tools you use. But with great concept, Purify really lacked many of the must-have features for real-world use.
Since the last release, I have made many changes to Purify's architecture and user interface to create a robust and extensible system that covers most of the management needs in terms of security findings. If the concept and purpose remain the same, everything around it has changed a lot.
Some features from version 0.x.x are not preserved, for example, Active Directory authentication is no longer supported. Others, not yet carried over due to all the architecture changes, for example, "Oneshots" are disabled for now.
There will be a few minor releases that will clean up all of this and introduce some small changes, but the most important thing is to get any feedback on the new look and feel and what features you'd like to see in Purify. Thanks!
💥 Release Introduction
Welcome to the official 1.0.0 release! After several month I'm proud to bring the next version of the Purify. This release contains uncountable number of changes including bug fixes, performance improvements, awesome features and tremendous UI and UX changes. Under the hood, the entire codebase has been successfully ported to TypeScript, and the Vue.js frontend has been rewritten to support the upcoming release of Vue 3 and vue-composition-api, which means Purify is ready to keep up with all future changes with virtually zero effort.
If you have any problems upgrading to version 1.0.0 (in fact, it is quite possible) or questions, please use the official Discord channel. The list of issues is for bug reporting and feature requests only.
I hope that you enjoy the 🎊 v1.0.0 release and thank you for using Purify!
⚡ New Components & Features
The next version of Purify is chalked full of new features, improvements, and bug fixes. Below is a summary of the more prominent changes.
👥 User management and access control
The old way to manage access via registration was removed, now all users accounts should be provisioned by the Owner. But who is the Owner? Well, this is a person who can do anything, like create other users. With upgrade to 1.0.0 the initial Owner account [email protected] will be created with password secret
.
All existing users will become Admins. Owners can create, edit and delete users. Also, Owners can reset passwords for users. Below the quick breakdown of roles:
switch (roleModel.value) {
case 'Owner':
return 'Has access to all features, can edit all projects, and can make changes to user accounts.';
case 'Admin':
return 'Can invite new users and create units for specific projects.';
case 'User':
return 'Can edit issues, create templates and upload reports for specific projects.';
case 'Observer':
return 'Can view data for specific projects.';
}
Now you can control access not only to Purify itself, but also to projects!
Also, now users can change their passwords if you use a local authentication or if a user has SSO Bypass flag set.
🔔 Activity feed
In order to keep up-to-date with changes and work inside Purify, events were introduced. With events you will have a clear understanding of who did what and when. Right now it supports the following events:
'project_created'
'project_deleted'
'user_created'
'user_deleted'
'ticket_created'
'issue_resolved'
'comment_created'
🔑 API Access Keys
Previously, to get access to the API you have to use CLI and it was poor UX to be honest. In the new version your can manage your API Access Keys in the convenient way via UI. Moreover, you can see when the particular token was used, from what IP address and what User-Agent this request had. Now you have a complete control over API Access Keys.
🐛 Issues / Findings
Here we have several changes, most of them aimed to improve your UX of managing incoming findings. The first thing, on the overview page, near activity feed there is a new view to display the recent findings. What is the recent findings? It is findings which were uploaded in the last 24 hours. Now you have an ability be fast and jump into new finding right away!
The second thing is about the Issue review process. The old UI was simple and not very informative, with the new version the Issue appearance changed significantly. Check it out!
And more thing, now each issue has a link, so it can be referenced directly. Caution, for now it will work only for open issues. Consider it as WIP, but it's already usable.
📊 Metrics
The old metrics, aka Dashboard were lame, that’s they were removed. To replace them and be cool, metrics become a part of a project information. Now when you're visiting project page you will be welcomed by fresh metrics for this project. You can change display metrics for particular unit or change a time range from a list of predefined values. Currently, the following metrics are available:
- Created VS Resolved
- Reports Volume
- Risk Chart
- Templates Chart
If you know any other kind of chart that can be useful, let me know.
⚡ Fast navigation
With new features it's become clear, that the old way to show the projects page first does not make sense anymore. In order to overcome it, the first page after login is Overview. This page handles the recent information which can be helpful to navigate you.
But what about projects? Now you have the "Project Picker". With this component you can access a particular project at any page at any time!
For the project management a new page was introduced - "Projects". On this page you can edit, create, delete projects and manage permissions.
📃 Reports
Before this release the only way to upload reports was through the CLI. But now you can upload reports via UI as well. The new button resides on Reports page.