Recent Updates

  • Home
  • Recent Updates

New levels of control with Role-Based Access Control

Security and access management is more critical than ever. We’ve just added support for Role-Based Access Control (RBAC) which allows you to manage users' access to Bytesafe Firewalls, Registries and Repositories.

By applying the principle of least privilege, you can now limit who is allowed to do what action in your Bytesafe Workspace using both built-in and custom roles.

Why Role-Based Access Control is great for security-aware organizations? Read more to learn about a few example use cases.

Read more

Firewall registries

We’ve added a new type of registries to Bytesafe. Firewall registries let you centralize security for your organization.

This feature allows you to centrally manage a set of security policies, including quarantine, and will automatically impact all downstream registries.

Read more

Software Composition Analysis + SBOM for Git Repositories

This release expands the Software Composition Analysis capabilities of Bytesafe with Source repository scanning.

Source repositories allow users to link their Git repositories to Bytesafe for continuous dependency analysis. Get insight into your dependencies and export SBOMs for individual components or whole repositories.

Read more

Added support for NuGet and .NET

This release adds support for the .NET ecosystem and NuGet packages. Make sure every developer and application has access to secure dependencies with Bytesafe private NuGet registries.

With Bytesafe fully managed NuGet registries users can continue using their regular tools like Visual Studio and the nuget CLI to access public dependencies by proxying nuget.org (or other external feeds). The Bytesafe Dependency Firewall makes sure all NuGet dependencies are secure and comply with your business requirements.

Read more

Added support for more ecosystems - Maven repositories (Java / Kotlin / Scala - Maven / Gradle)

We have now added support for Maven repositories so that you can apply the same supply chain security to your Java, Kotlin or Scala applications using build tools like Maven and Gradle.

Make sure all your application dependencies from Maven central, or other public repositories, are secure and comply with your business requirements.

Our goal has always been to make the JavaScript ecosystem a safer place. Now we’re proud to announce that we are broadening our mission with support for more ecosystems.

Using Bytesafe adds significant security to an organizations supply chain - while at the same time being transparent and easy to use for developers that can continue to use the tools they are used to, such as mvn and gradle.

Read more

Added Delay Upstream - only allow new packages after a safety period

The Delay Upstream policy prevents newly published packages from being added to a Bytesafe registry until a set delay (in days) has passed. Until then such a new version will not be allowed from external upstream like npmjs or maven central.

It’s common to automatically pull the latest versions of packages from public upstreams, regardless of version maturity, especially in automated environments like CI/CD pipelines. But with popular packages often being targets for attacks, there is every reason to be cautious and only allow new packages after a set safety period.

Read more

Unlimited read-only users included in premium plans

The features included in our premium plans has been extended with unlimited read-only users. Read-only users gives free access to key metrics, security and license issues for other stakeholders within your organization - without worrying about cost.

Send an invite directly or have users request invites on their own from any Bytesafe link.

Read more

License Compliance - detailed control over open source licenses

With this release License Compliance in Bytesafe has been reworked and greatly improved, offering fine-grained control over allowed open source licenses for your dependencies.

In fast changing environments, continuous compliance is the only way to make sure you don’t depend on packages with non-compliant licenses. Create license policies to match your unique needs, preventing or allowing open source licenses at every action - according to your list of license rules. Stay in control with in-depth license scanning and prevent use of packages with in-compatible licenses altogether with package quarantine.

Read more

Added GitHub bot: Link Bytesafe Issues to GitHub issues and pull requests

The existing Bytesafe GitHub integration has been extended to support linking of Bytesafe Issues to GitHub issues and pull requests.

You can link issues on mentions from both Bytesafe and GitHub Issues:

  • GitHub: include the full URL to a Bytesafe issue in a comment (or pull request).
  • Bytesafe: include the URL of a GitHub issue in a comment.

Read more

Added Issue tracking and Quarantine of unwanted packages

Big release that adds Issue tracking and automatic Quarantine of packages surpassing defined threshold levels.

Bytesafe automatically identifies and creates issues with a unique identifier. This improves traceability and visibility of where your attention is required. This is crucial to maintain your registries to understand, evaluate risks and identify remediation actions. Issues in Bytesafe help you get a holistic overview of what issues exist in your registries and which potentially can result negative impact for your applications and business.

Additionally, packages can automatically be quarantined based on your defined rules, protecting applications from exposure from potentially threatening events. Quarantine helps you protect your teams from using bad packages that contain known vulnerabilities, don’t comply with your license compliance or packages that have been deprecated.

Read more

Added Workspace Notifications

This release adds email and in-app notifications features for the Bytesafe Workspace.

Notifications help users to stay up to date on the latest updates in a workspace such as changes to the users, subscriptions or the account. Users can also be notified of any open issues in Bytesafe.

Read more

Added Internal flag for packages and registries

Prevent internal packages from being fetched from external upstreams by mistake. Packages flagged as internal will automatically be protected from dependency confusion.

  • Registries are by default flagged as internal
  • Package versions published, pushed or uploaded to an internal registry will automatically be flagged as internal
  • Fetching new versions of internal packages from upstream sources, will only consider upstreams containing internal versions of the same package

Read more

Added License Block Policy

Update: License Block plugin has been deprecated and replaced with License Compliance.

Read more

Extended package license information

The open source licenses information available for packages in Bytesafe has been extended, with:

  • Identification and support for custom or proprietary licenses from package.json metadata
  • Validation of standardized SPDX licenses
  • License issues now provide information on the issue origin on hover

Read more

Bytesafe Dashboards with metrics and completely new design

Big release that adds Dashboards in Bytesafe. All security issues, license issues and other relevant metrics from your registries in one place.

Bytesafe has also been completely redesigned to greatly improve the user experience across all devices.

Read more

Added package license analysis

The package license information available for packages stored in Bytesafe registries has been extended with package license analysis.

In addition to the licenses defined in package.json, Bytesafe will now scan packages and identify licenses information in other package files as well.

Read more

Added Block and Allow-only policies

Two new policies have been added to Bytesafe: Block and Allow-only. Both policies are used to enforce control over what packages or package versions are allowed in a registry.

The Block policy prevents specific packages from being added to a registry. Just the opposite, the Allow-only policy is used to only allow specific packages in a registry.

Read more

Added License scanner plugin

The License scanner plugin scans all packages in a registry and flags potential license issues.

Issues flagged by the scanner are displayed in Bytesafe and notifications will be sent to the configured Slack channels.

Read more

Bytesafe registries now support Git repository upstreams

Bytesafe now offers support for integration with Git repositories as upstreams to your registries.

This feature allows users to connect private and public Git repositories to Bytesafe as package sources. For the developer this means that node modules can be installed regardless if they are sourced from your private registry, an external npm registry or Git repository.

Bytesafe plugins and policies can also be applied on modules sourced from Git repositories.

Read more

Bytesafe documentation site is now live!

Bytesafe’s documentation site is now live! This is our resource for technical documentation on how to use Bytesafe.

The documentation will be the default resource to visit for users that have questions on how to use the Bytesafe product and will complement the blog.

Read more

Added support for read-only tokens

Bytesafe now supports read-only tokens. For example, these can be used in CI/CD pipelines where you only require read access or similar use cases.

Read more

Added support for the Teams subscription plan

The Teams plan enables teams management, basic access control, Slack integration and full access to all our plugins and policies.

Read more

Security Scanning features + Slack Integration

The release brings Security Scanning features to Bytesafe registries, by adding a Vulnerability Scanner plugin and three security related policies.

We are also releasing a Slack integration which allows you to be notified when new vulnerabilities are found in your workspace.

Read more

Release management features: Promote package and Autoincrement Plugin

Two main features of the release related to release management: Promote functionality for package versions as well as Version auto increment plugin has been added.

Promote package, lets you select a existing package version and promote it to a new version (and possible new target registry), removing the need to re-publish from your project and running the risk of including unplanned changes.

Read more

Deprecated package versions

The npm deprecate command is now supported with Bytesafe registries.

Additionally, deprecate information linked to the package version is now available as output when using npm install and bytesafe push / pull.

Information regarding deprecated package versions is also available in the Bytesafe web application.

Read more

Windows CLI

Main feature added by the release is a Bytesafe CLI for the Windows OS. Bytesafe CLI is available for download from the CLI page of the Bytesafe documentation.

Release notes:

  • Added Bytesafe CLI for Windows OS
  • Added support for npm whoami, ping, audit, logout, token commands
  • Added support for most common yarn commands
  • Improved output messages for recursive actions
  • Extended web user session expire time to improve user experience
  • Added “how-to” hint to web app for CI/CD tokens

Read more

Policy & Plugins

We are happy to introduce Policies & Plugins for Bytesafe registries:

  • Initial support for Policy: Freeze
  • Initial support for Policy: Immutable Versions
  • Initial support for Plugin: Forward
  • Added support for additional npm commands
  • multiple bug fixes and UI improvements

Read more

Initial release

The main feature of the initial release is to provide private registry functionality, including:

  • Support for most common npm commands (for developers)
  • Support for multiple private registries
  • Support for upstreams, single or multiple
  • Teams functionality, invite your team members to collaborate
  • Upstreams supported: The public npm registry, other Bytesafe registries or other URL to an npm compatible registry
  • Support for Bytesafe CLI to manage registries

Read more