May 2025 Edition of Kodem Kernels

This release, we introduced a range of enhancements designed to empower the way developers and security teams approach application security.

Our latest updates include enhancing workflow automation capabilities with support for workflows-based on multiple actions, issue labeling, automatic dismissing and reopening dismissed issues.

Additionally, we have integrated Opengrep technology into the Kodem Extension for Visual Studio Code, enabling faster vulnerability detection and real-time security analysis directly within developers' workflow. Additionally, we've enhanced the Kodem CLI for efficient local scanning of code and containers, expanded our source control integrations to Azure Repos support and launched our Public API, built with enterprise-grade authentication security and maintainable versioning for long-term stability.

These advancements underscore our dedication to providing comprehensive, user-friendly tools that empower teams to manage projects with unparalleled clarity and control.

Enhanced Workflows: Multiple Actions, Labels, Dismiss

Our enhanced Workflows feature delivers greater automation capabilities with flexibility and customization options to streamline your AppSec processes.

With Workflows, you can:

• Execute multiple actions within a single workflow, eliminating the previous limitation of one action per workflow and enabling sophisticated automation sequences.
• Apply automatic labeling to categorize and organize security findings, creating a more structured approach to issue management. Combine multiple actions in powerful ways—for example, automatically labeling critical issues the are open and in runtime, while simultaneously sending webhook notifications to your team.
• Automatically dismiss low-priority issues based on customizable conditions, reducing noise and helping your team focus on what truly matters.
• Leverage issue recovery that automatically reopens previously dismissed vulnerabilities when risk factors change, such as when:
  • Severity increases.
  • Exploitability scores or EPSS ratings rise.
  • The issue is detected in runtime environments.
  • A previously low-severity issue becomes high-priority.

Kodem Extension for VS Code, Powered by Opengrep

The IDE extension provides on-demand security scanning directly to your IDE.

With this extension, you can:

• Identify security risks such as exposed secrets and code weaknesses (SAST) by initiating scans on-demand within your IDE, ensuring a seamless integration with your development workflow.
• View detected issues with severity classification, CWE references, file locations, fix suggestions and more, providing comprehensive guidance for remediation.
• Leverage support for multiple programming languages and frameworks, ensuring wide coverage and adaptability to your project's tech stack.
• Navigate security findings directly within your code using inline annotations.

Kodem CLI

The Kodem CLI is a command-line interface that empowers you to scan your code repositories and container images for security issues directly from your local machine.

With the CLI, you can:

• Identify open-source vulnerabilities and code weaknesses in your repositories, ensuring that your codebase is secure before it reaches production.
• Compare different versions of repositories to detect new security risks, enabling you to track and address vulnerabilities throughout the development lifecycle
• Validate CI Protection and Suppression policies when scanning matching repositories, ensuring compliance with your organization's security standards
• Identify open-source vulnerabilities in container images, providing a comprehensive view of your application's security posture
• Compare new and old images to highlight newly introduced vulnerabilities, allowing you to quickly identify and address potential risks
• Ensure compliance with CI Protection and Suppression policies for container images, maintaining a consistent security stance across your containerized applications.

Azure Repos Integration

The integration, enabling seamless connectivity between Azure DevOps repositories and Kodem for Malicious Packages, Package Vulnerabilities, Exposed Secrets and Code Weaknesses scanning. This integration streamlines your security workflow, allowing you to identify and address potential risks directly within your Azure DevOps environment.

With the integration, you can:

• Quickly set up Azure Repos connection through the Kodem UI, enabling you to start scanning your repositories with just a few clicks
• Automatically trigger scans with every push event in Azure Repos, ensuring continuous security coverage throughout your development process
• Gain visibility into dependency hierarchies with transitive remediation recommendations, runtime correlation to reduce noise, and code weaknesses fix suggestions, providing actionable insights to help you prioritize and address security issues effectively.

Kodem Public API

The RESTful API ensures endpoint updates and additions are delivered in a controlled manner without breaking changes, providing you with a stable and reliable foundation for integrating Kodem into your existing security workflows and integrations ecosystem.

With the API, you can:

• Benefit from better API maintainability with enhancements that help prevent breaking changes and improve long-term stability, ensuring a consistent and reliable experience
• Leverage multiple API versions for flexibility as the API evolves, allowing you to adopt new features and functionality at your own pace
• Stay up to date with all API changes in a structured and transparent way through our API Changelog, ensuring that you're always informed about the latest updates and improvements

This release, we introduced a range of enhancements designed to empower the way developers and security teams approach application security.

Our latest updates include enhanced dependency management with new DevDependency visibility features for JavaScript projects, helping teams prioritize real runtime risks.

• Kodem Remediation & Fix Versions
• GitHub Comments for Policies
• GitLab Comments and Policy support
• Package license support (code repository scanning not just image scanning) for CI, API and supported languages, package managers and frameworks - Source Code Scanning Support (SAST & SCA)
• Scan History
• Reports

Dev Dependency Visibility

The new Dev Dependency visibility feature helps you better prioritize security efforts in JavaScript projects by distinguishing between production dependencies and development-only packages.

With this feature you can:

• Our intuitive visual indicators and dedicated filters clearly highlight which packages are used only during development, helping you prioritize remediation efforts on vulnerabilities that actually impact your production environment.
• The new Is-Dev-Dependency search filter works across the platform, enabling security teams to precisely quantify risk exposure and reduce alert fatigue by filtering out development-only and runtime-relevant security risks.
• For teams building custom workflows and integrations, we've extended this intelligence to our API layer and exports across Packages (SBOM), Issues and Webhook payloads, enabling you to incorporate dev dependency context into your existing security orchestration tools and reports.
• This initial JavaScript support is just the beginning. Our roadmap includes expanding to additional ecosystems, integrating dev dependency intelligence into Kodem Score for (reductions!) and even smarter risk prioritization, as well as enabling automated policy