Sigrid release notes

SIG uses continuous delivery, meaning that every change to Sigrid or the underlying analysis is released once our development pipeline has completed. On average, we release somewhere between 10 and 20 times per day. This page therefore doesn’t list every single change, since that would quickly lead to an excessively long list of small changes. Instead, this page lists Sigrid and analysis changes that we consider noteworthy for the typical Sigrid user.

November 20, 2023

Dashboard: It is now possible to view progress towards your portfolio objectives in two ways: Via the overall Sigrid portfolio dashboard (which already existed), and via the newly added “objectives” page. The latter gives you a more high-level overview of your overall objectives, without diving into the specifics regarding teams or systems. You can find more information in the portfolio objectives documentation.
Open Source Health: Sigrid is now able to import SBOM (Software Bill Of Materials) produced by other tools. The SBOM standard is emerging as the de-facto standard for software supply chains. Sigrid was already able to export SBOM information, but it is now also able to import SBOMs. Instructions are available on how to import SBOMs into Sigrid.

November 6, 2023

Architecture Quality: Architecture Quality is now part of the Sigrid base license! Don’t miss our Ask Me Anything session on November 23, which we’ll use to answer questions about this new capability.
Architecture Quality: Architecture Quality now includes an optional tree view. This can be used as a secondary way of navigating your architecture, in addition to the main architecture visualization.
Architecture Quality: Architecture Quality now has a search option. This allows you to quickly find system elements within your architecture, such as components, files, end points, or databases.

Architecture Quality: The metric detail panel now includes the option to export the measurement results to Excel.
Open Source Health: Sigrid can now identify the Reciprocal Public License. For commercial organizations using open source software, this license is seen as high risk due to its requirements.

October 23, 2023

On-boarding: It is now possible for all users to on-board additional systems to Sigrid. However, you might not be able to access the analysis results for your system in Sigrid until you have been given permission by your Sigrid administrator.
Technology support: Added support for the Elixir programming language.
Maintainability: The maintainability overview page now shows system volume in lines of code, in addition to the system volume in person years that was already displayed. Person years is easier to interpret by non-technical users, but technical users asked to also show the lines of code as they find it easier to interpret this number.
Architecture Quality: The configuration options for grouping now support regular expressions for more advanced/powerful configuration.

October 9, 2023

Sigrid CI: The Sigrid CI output for GitHub has been significantly improved:
- First, Sigrid CI will now pass as long as your code improved towards your quality objectives. Previously, you had to meet your quality objectives for every single change. The old behavior can lead to frustration when you’re maintaining legacy code and are trying to improve it: you can make significant improvements, but Sigrid CI would nevertheless fail your changes for not improving them enough. In retrospect this behavior is a bit too strict, especially in situations where the legacy code has significant technical debt but the quality objectives are very ambitious. The new behavior is much more encouraging in this type of situation, and the focus on incremental improvement also combines very well with an agile mindset.
- We also changed the structure of the Sigrid CI feedback. The feedback now follows the structure of an agile retrospective; we first focus on what went well, then on what could be better. This means more focus on the actual changes, and less focus on previously existing technical debt. We have discussed and validated this with many developers and they found this way of communicating feedback to be more fair.
- Finally, Sigrid CI feedback can now be displayed directly in the GitHub pull request, removing the need for additional clicks.
- Refer to the GitHub integration documentation for more information on how to integrate the new output in your pipeline.
- These improvements are initially provided for the Sigrid CI GitHub integration since it’s the most used. Over the coming months, we will work towards bringing similar improvements to Sigrid CI integrations for other development platforms, prioritizing by usage.

Technology support: We have improved dependency detection for Kotlin. This means you might notice more dependencies for your Kotlin systems in Maintainability, Architecture Quality, and Code Explorer.
Architecture Quality: The terminology for the Knowledge Distribution metric has been changed, to make it more clear what is actually measured and how these numbers should be interpreted.

September 25, 2023

Security: Added “External Integrations” category. Moved OSH and REST API pages there. Added SAST (static analysis tooling) explanation page. Specifically added separate pages for integration with Checkmarx and Fortify.
Security: Large additions in the system security page, e.g. filtering security results and prioritizing findings. Also, a new section clarifying the way that CVSS scores are calculated in Sigrid and how they can be interpreted.
Security: Clarified and added third party findings options in the scoping configuration page. Clarifications in the technology support page, e.g. added a third party findings analyzer technology support table.
Architecture Quality: New architecture quality options added, e.g. grouping and annotating components.
Documentation: Fixed unclarities in the self-service configuration page regarding component definitions and mapping test code when components are defined manually.

August 28, 2023

Architecture Quality: Sigrid can now identify and visualize dependencies that are considered undesirable. You can specify these dependencies in the Sigrid configuration.
Configuration: The React versus JavaScript configuration has been simplified, so that Sigrid’s React analysis is now a superset of the JavaScript analysis. If you are using self-service configuration these improvements are applied automatically, and there is no need to manually update the configuration.
- Note: In case you formerly had both React and JavaScript in scope of Sigrid measurements and they were configured as separate technologies, then now you only the code together as part of JavaScript technology. This may have two effects for your maintainability metrics:
  - JavaScript volume in Person Months may have somewhat grown because different productivity factors between React and JavaScript are now equalized. The impact depends on the volume ratio React:JavaScript.
  - Call dependencies between React and JavaScript are now more accurate. Therefore you may seem more dependencies and this may result in a (slightly) lower module coupling score.
Command line options: --include is added to the command line options of sigridci.py. --exclude already allowed you to remove specific folders / files from the upload. With the addition of --include you can now narrow down the uploaded folders / files even more by specifying the set of folders / files to include.

August 9, 2023

Objectives: It is now possible to define objectives for all Sigrid capabilities, not just for Maintainability and Open Source Health. To do this, navigate to your system’s dashboard, locate your objectives, and hit the edit button.
Technology support: Added support for the Dart programming language, which is commonly used for creating apps in Google’s Flutter framework.

July 31, 2023

Scope configuration: The sigrid.yaml configuration file format has been registered with SchemaStore.org. This means that IDEs such as Visual Studio Code or JetBrains IDEs will now provide content assist and indicate errors when you edit Sigrid configuration files. This both gives a productivity boost and reduces errors, since you can act on thise feedback right away when editing these files.
User management: It is now possible to copy another user’s permissions when creating a new users. This is generally more convenient than having to create existing permissions for the new user.
Documentation: In this documentation, every section now has a “link” icon. Clicking this icon will copy the link to that particular section to your clipboard. This allows you to quickly share or store deeplinks to the documentation.

July 24, 2023

Scope configuration: It is now possible to use self-service scope configuration in combination with multi-repo systems. Previously you could use one of these features or the other, but not both. Refer to the configuration documentation on how to manage this configuration.
Open Source Health: Sigrid can now scan Maven dependency report files in addition to POM files. Refer to the Open Source Health documentation for more information on how and when this can be used.
Technology support: Sigrid now supports X++ for Dynamics 365.

July 3, 2023

Open Source Health: The Python Poetry dependency management tool is now supported by Sigrid. Refer to the Open Source Health upload instructions for more information.
Open Source Health: When using Yarn, multiple versions for the same dependency would sometimes be reported. This has been changed so that only the version defined in package.json is reported by Sigrid.
User management: Non-administrator users can now use the User Management page to see who “their” administrator is, which is helpful if they were not quite sure who to contact on their side (which is sometimes the case for very large portfolios).
Sigrid API: It is now possible to deactivate systems via the Sigrid API. Previously, this could only be done via the user interface.

June 5, 2023

Architecture Quality: Sigrid’s Architecture Quality now matches technology support for maintainability, meaning that all 300+ technologies are now supported. You can find more information in our technology support page.
On-boarding: If Sigrid cannot detect the technologies during on-boarding, it would previously silently fail. This detection has been improved, so that these systems still appear in Sigrid.

May 16, 2023

Security: Sigrid now links to opencre.org, which is a content linking platform founded and built with a team at OWASP. Based on a Sigrid security finding, the user is taken to more information about the risk, about how to fix it, how to test for it, how to configure test tools, etc.
Code Explorer: The Code Explorer is now always visible, even if there are no findings in the system. This is because many people use the Code Explorer to navigate the codebase, and this navigation is useful even without looking at findings.

May 9, 2023

Portfolio dashboard: System information has been added to the new dashboard, adding some more detail on top of the basic information displayed at the top of the page.
User management: Sigrid users can now reset their own password. Previously, they had to ask either their administrator or someone at SIG support.

May 2, 2023

Metadata: In addition to the existing “division” and “supplier” metadata, a new “team” field has been introduced. This is useful for our largest clients, as this allows them to provide a team dashboard.
Upload Unpacker: Self-service on-boarding is now also supported for clients that use SFTP uploads. Previously, self-service was only possible for clients using Sigrid CI. This will help to further streamline our on-boarding process for clients that are unable to use Sigrid CI due to technical limitations or security restrictions on their side.

April 24, 2023

Sigrid API: The new Sigrid goals can also be retrieved using the API.
Siemens Polarion integration: We now support SBOM integration between Sigrid and Siemens Polarion. This applies to both the components/libraries/dependencies and the associated vulnerabilities.

April 17, 2023

Portfolio/system dashboard: The dashboards now display an indicator to show whether systems are using Sigrid CI. This information is also added to the filtering options, so you can easily determine which systems in your portfolio aren’t using Sigrid CI yet.
Portfolio/system dashboard: Similar to the above, an icon is shown if you use self-service scoping for the system (as opposed to using the standard configuration or a SIG-managed configuration).

Contact and support

Feel free to contact SIG’s support department for any questions or issues you may have after reading this document, or when using Sigrid or Sigrid CI. Users in Europe can also contact us by phone at +31 20 314 0953.