09/04/2024
Binarly Transparency Platform v2.5 adds Binary Reachability Analysis to prioritize reachable vulnerable code (no source), plus custom rules, expanded hardening checks, richer crypto/CBOM for PQ planning, and improved secrets & Docker risk scanning.
Features
- Binary Reachability Analysis (patent-pending): prioritizes findings by whether vulnerable code is actually reachable in compiled binaries, with direct/exported/referenced/undetermined levels.
- Custom semantic detection rules: define org-specific rules (incl. non-CVE issues) with reachability baked in and pseudo-code evidence.
- Expanded “Weak Binaries” hardening checks: more mitigation tests across code, executables, and the Linux kernel; flags risky C/C++ usage (e.g., CWE-477/676).
- Enhanced cryptographic discovery & CBOM: deeper detection of crypto assets/algorithms to support post-quantum migration planning.
- Secrets discovery & better Docker container risk detection: finds exposed items like OAuth credentials, JWTs, encryption keys, and API tokens.