🎉 CodeClarity Update - v0.0.25-alpha is Here! 🎉

CodeClarity v0.0.25-alpha adds GCVE support and archive uploads, while delivering significant improvements to analysis accuracy and performance. This release expands how vulnerabilities are identified and how projects can be imported into the platform.

GCVE Support (Early)

CodeClarity now integrates with the Global CVE (GCVE) allocation system, a decentralized approach to vulnerability identification operated by CIRCL (Computer Incident Response Center Luxembourg). The platform pulls vulnerability data from the cvelistv5 repository hosted by CIRCL.

GCVE is a community-driven, decentralized alternative to the traditional CVE numbering system. It offers more flexibility and reduces dependency on a single central authority for vulnerability identification. This is an early integration, and GCVE support will be expanded in future releases.

Archive Upload

Projects can now be imported from .zip archives instead of only from git repositories. This makes it easy to analyze codebases that aren't version-controlled or when you need to scan a release artifact directly.

Whether it's a vendor deliverable, a legacy project, or a build output, archive upload removes the git requirement and opens CodeClarity to a wider range of use cases.

Improved Vulnerability Detection

The vulnerability finder has been refined to produce fewer false positives, resulting in more accurate and actionable results. Teams spend less time triaging noise and more time addressing real threats.

Multi-Language Analysis

Projects that use multiple programming languages can now be scanned in a single run. There's no longer a need to run separate scans per language. CodeClarity handles the full project in one pass.

Performance Improvements

Analysis speed has been improved through optimized internal messaging and database queries. Scans complete faster, especially on larger projects.

UX Improvements

Result pages have been redesigned for better clarity and usability, making it easier to navigate findings and understand the security posture of your projects.

Migration Guide

In the deployment folder, run git pull to get the latest docker compose files. Then run make pull to fetch the latest docker images. Finally, run make up to start the containers. Migration files will be automatically applied by the API container. Check the logs to verify they ran correctly.

What's Next

We're continuing work on a VSCode extension for vulnerability detection directly in your IDE. Beyond that, the next major milestone is stabilizing the platform for a beta release.

Community & Support

Quick Setup: curl -O https://raw.githubusercontent.com/CodeClarityCE/codeclarity-dev/main/setup.sh && sh setup.sh

Documentation: doc.codeclarity.io

GitHub: github.com/CodeClarityCE/codeclarity-dev

We welcome contributions! Check our CONTRIBUTING.md for guidelines. We'd especially love feedback on the archive upload workflow and what you'd like to see as we expand GCVE support.

License: AGPL-3.0-or-later. Open source with commercial use allowed under AGPL terms.
 

CodeClarity v0.0.25-alpha strengthens the platform's core capabilities: better detection, broader input support, and a step toward decentralized vulnerability identification with GCVE. We're getting closer to beta.