v1.0.4
The following new capabilities and improvements are available with IBM® Concert version 1.0.4.
- Support for Concert Workflows add-on for
on-premises Concert deployments.
Concert Workflows embeds workflow configuration and automation capabilities for remediation. Install Concert Workflows on an OCP cluster or virtual machine (VM). Then, choose from the more than 200 supported tools and services to define workflows and automate action. For example, you can use Concert Workflows to automatically renew expiring certificates. Learn more.Note: The Concert Workflows add-on is not supported on Concert SaaS deployments. - Integration with IBM Instana
Observability
Connect with an on-premises or SaaS version of Instana, and then configure ingestion jobs to pull in correlated application and environment data from Instana to Concert to build your application topology. Then, configure a CVE sensor in your Instana instance to send vulnerability assessment data based on uploaded CVE scans from Concert so you can view it in your Instana dashboards. Learn more.. - Support for Concert Data Apps add-on for on-premises
Concert deployments.
The embedded integration allows you to construct interactive, custom dashboards to view Concert data as well as data from external data sources.Note: The Concert Data Apps add-on is not supported on Concert SaaS deployments. - Ability to recompute CVE risk scores based on adjusted settings.
After adjusting your global CVE risk score settings, you can initiate a recalculation based on the modified parameters. Learn more. - Support for SonarQube vulnerability scan format for SAST exposures. Learn more.
- Improved ticketing capabilities for prioritized CVEs, including the ability to use labels and sync statuses across multiple tickets.
- New option when configuring automation rules for prioritized CVEs to only create a ticket if
the CVE has a known fix.
If enabled, CVEs impacting your applications that do not have a known fix will not trigger ticket creation by the automation rule. Learn more. - Support for multiple namespaces for a single certificate.
- Support for new compliance scan formats, including OpenShift Compliance Operator (OSCO), OpenScap, XCCDF. Learn more.
- Support for RHEL and OpenShift benchmarks for CIS compliance catalog 8.0. Learn more.
- Support for configuring automation rules to send Slack notifications. Learn more.
- (API only) New handler framework to support custom connections and integrations with external
systems.
Using the API, you can configure a custom handler to integrate with preferred services, such as using a custom generative AI model or ingesting data from a custom source. - Support for secure TLS connections with external systems that use self-signed certificates. By uploading root CAs to Concert, you can establish secure communication with third-party tools and services. This critical security feature validates the TLS certificate chain and prevents unauthorized access to sensitive information.
- Support for on-premises Concert deployment to an Amazon Elastic Kubernetes Service (EKS) cluster. Learn more.
- Support for on-premises Concert deployment to an OCP cluster without using CPFS. Learn more.
- Support for on-premises Concert deployment to a single-node OCP cluster. Learn more.
- Ability to bring your own data repositories (databases, object storage buckets) to store Concert data for VM deployments. Learn more.
- For SaaS deployments, added two new regions, Tokyo (AWS, IBM Cloud) and Frankfurt (IBM Cloud) to enhance existing coverage by Dallas (IBM Cloud) and Frankfurt and North Virginia (AWS).
- Updated role-based access for vulnerability data. Vulnerabilities associated with applications or environments can be viewed or modified only by users with the corresponding application and environment-level permissions.