Announcements

A 5-post collection

New Year, New Appcanary Features

We’ve been hard at work the past few months on lots of features touching every aspect of our product, and to ring in the new year, we’re going to announce them all at once.

Search our vulnerabilities

You can now browse and search every vulnerability Appcanary knows about! It’s pretty snazzy:

browse our vulnerabilities

Automatically upgrade packages

We’ve had this feature for Ubuntu, and now we’re adding it for CentOS.

If you have the appcanary agent installed, you can run appcanary upgrade, and we’ll automatically upgrade all of your vulnerable packages to the lowest version that fixes all the vulnerabilities we know about.

Resolve vulnerabilities

There’s now a “marked resolved” button that lets us know that you don’t want to be notified about a vulnerability. This is used if a vulnerability doesn’t affect you, or if you are accepting the risk based on some other mitigation’s (i.e. you’re not using the vulnerable feature of the package, the port in question is blocked by a firewall, etc). We give you the opportunity to record your reasoning and provide a full audit trail of every vulnerability you mark as resolved:

audit log

Brand new dashboard

We just pushed a brand new UX for our dashboard. You can sort and search and sort all of your servers and monitors. Check it out.

new dashboard

The Appcanary rubygem

We released the Appcanary gem. This gives us tighter integration with ruby projects, you can either check your ruby project for vulnerabilities as a one-time check, or set up a monitor with notifications. You can see the source here.

Our gem is still very early, so we very much want your feedback. Please let us know what you think at hello@appcanary.com

CentOS 6 support

Last but not lease, we fully support CentOS 6 along with CentOS 7.

Making Appcanary easier to use

I’m excited to announce that we’ve added two features that make Appcanary a heck of a lot easier to use!

Add monitors by uploading a file

Our Monitor API is great if you want to track a set of Linux packages or your Gemfile. We give you a dashboard showing which packages are vulnerable, and email you whenever new vulnerabilities that affect you come out. However, there’s always a bunch of setup to get a new API going.

With that in mind, we made the interface a lot more user friendly! You can now upload a file to watch directly through the website. Just go to add monitors to be able to upload a file directly. Monitors support Ruby’s Gemfile.lock, /var/lib/dpkg/status for Ubuntu and Debian, and the output of rpm -qa for Centos and Amazon Linux!

Automatically upgrade vulnerable packages

A few of our customers told us that knowing about vulnerabilities is nice, but you know what would be great? If we could somehow patch them automatically. We thought about it and said, sure, why not!

If you have the Appcanary agent installed on an Ubuntu server, and you’re running the latest version, you can run

appcanary upgrade

in order to install updates for any packages we know to be vulnerable.

You can also run

appcanary upgrade -dry-run

in order to see what the agent will do, without it actually touching your system.

Now you can manage vulnerabilities, learn about new ones that affect you, and apply patches, all through Appcanary!

If you haven’t tried us yet

Stay on top of the security vulnerabilities that affect you, today.

Appcanary, monitors your apps and servers, and notifies you whenever a new vulnerability is discovered in a package you rely on. And now it will help you patch vulnerable packages as well.

Sign up today!

Appcanary now supports Debian!

I’m excited to announce that Appcanary now fully supports Debian. If you install our agent on a Debian server, we will email you notifications whenever any package you have installed on your system has a known vulnerability. We track over 24,000 vulnerabilities already!

You can also use our Check API to verify if your Debian server has any vulnerable packages, and our Monitor API to register to receive notifications if a set of Debian packages ever has new vulnerabilities.

If you’re not a current user and want to try out Appcanary for Debian, you can sign up!

You can always let us know what you think at hello@appcanary.com.

Two new APIs from Appcanary

After the success of our check API, we found that our users told us:

“I love your API so much! But can I use it register the packages my app uses and get emailed if new vulnerabilities that affect me come out? Oh, and it would be nice if I could pragmatically query the servers I have agents running on too!”

So we went ahead and built both.

The Monitor API

The “Monitor” API lets you register a Gemfile or an Ubuntu/CentOS package list to be emailed when new vulnerabilities are discovered. It like what our agent does, but in situations where it doesn’t make sense like when you use Docker or deploy on a PaaS like Heroku.

You can register a new monitor by:

curl -H "Authorization: Token YOURTOKENHERE" \
     -X POST -F file=@./Gemfile.lock \
     https://appcanary.com/api/v2/monitors/my-great-app?platform=ruby

and you’ll get a response like:

{
  "data": {
    "type": "monitor",
    "attributes": {
      "name": "my-server",
      "uuid": "56eac124-35c2-49bd-ab02-45de56c03ef4",
      "vulnerable": true
    }
  }
}

And, you’ll be emailed about any vulnerabilities that affect your app as soon as we find out about them!

You can also list, inspect, or delete monitors via the API. More information here.

The Server API

The “Server” API allows you to navigate the servers you have the Appcanary agent running on via API, and list any vulnerabilities that affect them!

I can see the servers I have agents running on with: bash curl -H "Authorization: Token YOURTOKENHERE" \ https://appcanary.com/api/v2/servers

and you’ll get a response like:

{
  "data": [
    {
      "type": "server",
      "attributes": {
        "name": "server1",
        "uuid": "55a5baeb-2ad4-4787-8784-a062d254900e",
        "hostname": "server1",
        "last-heartbeat-at": "2016-03-27T03:33:02.185Z",
        "vulnerable": true,
        "apps": [
          {
            "type": "app",
            "attributes": {
              "name": "",
              "path": "/var/lib/dpkg/status",
              "uuid": "55a5baec-3e5c-4cca-832c-06aaa36418f6",
              "vulnerable": true
            }
          },
          {
            "type": "app",
            "attributes": {
              "name": "",
              "path": "/var/www/myapp/current/Gemfile.lock",
              "uuid": "55a5baec-027d-4618-b8de-12638281f34c",
              "vulnerable": true
            }
          }
        ]
      }
    },
    {
      "type": "server",
      "attributes": {
        "name": "server2",
        "uuid": "560b0e75-1317-481c-98bb-15e6ae5978b6",
        "hostname": "database",
        "last-heartbeat-at": "2016-03-08T00:21:31.105Z",
        "vulnerable": true,
        "apps": [
          {
            "type": "app",
            "attributes": {
              "name": "",
              "path": "/var/lib/dpkg/status",
              "uuid": "560b0e77-0a26-41fd-bc35-38b5aac33709",
              "vulnerable": true
            }
          }
        ]
      }
    }
  ]
}

You can also inspect or delete any server with an agent on it via the API.

Our API fully supports Ruby, Ubuntu, and CentOS 7! Learn more about how to use it by visiting the docs page.

You can sign up for Appcanary to use our APIs today!

Hello, new Appcanary API and CentOS support!

A lot of our users have told us,

“Gosh, I love knowing exactly which packages I have to update in order to keep my apps and servers secure. Have you thought about an API?”

We listened carefully to that feedback, and it is with pride and pleasure that we’re announcing our new beta! We’re still busy improving it, so we won’t charge you for it for now.

Once you sign up, all you have to do is issue a curl:

curl -H "Authorization: Token YOURTOKENHERE" \
     -X POST -F file=@./Gemfile.lock \
     https://appcanary.com/api/v2/check/ruby

and you’ll get a response like:

{
  "vulnerable": true,
  "data": [
    {
      "type": "artifact-version",
      "attributes": {
        "name": "rack",
        "kind": "rubygem",
        "number": "1.6.0",
        "vulnerabilities": [
          {
            "title": "Potential Denial of Service Vulnerability in Rack",
            "description": "Carefully crafted requests can cause a `SystemStackError` and potentially \ncause a denial of service attack. \n\nAll users running an affected release should upgrade.",
            "criticality": "high",
            "cve": [
              "CVE-2015-3225"
            ],
            "osvdb": [],
            "patched-versions": [
              "~< 1.5.4",
              "~< 1.4.6",
              ">= 1.6.2"
            ],
            "unaffected-versions": [],
            "uuid": "55807540-053f-40f0-9266-a3d1ca6a5838",
            "upgrade-to": [
              ">= 1.6.2"
            ]
          }
        ]
      }
    }
  ]
}

Our API fully supports Ruby, Ubuntu, and CentOS 7! You can learn more about how to use it by visiting the docs page.

Which reminds us,

We now support CentOS 7!

Appcanary now fully supports CentoOS 7. If you install our agent on a CentOS 7 server, we will email you notifications whenever any rpm package you have installed on your system has a known vulnerability.

If you’re not a current user and want to try out Appcanary’s API and/or use us to monitor your CentOS 7 servers, you can sign up!

You can always let us know what you think at hello@appcanary.com.