ASIS 8.6.0 Upgrade Testing Summary Of Changes and Reference File Download Link
https://eu2.contabostorage.com/00f3241116844f24b628f46d81abb929:st1/folder6/6575/1656082802_8_6_0_release_notes_summary_-_Standar_Format.xls
2026-05-30 06:34:04 - Admin
<style> body { font-family: Arial, Helvetica, sans-serif; line-height: 1.6; margin: 0; padding: 0 20px; background-color: #f9f9f9; color: #333; } h1, h2, h3 { color: #2c3e50; } h1 { margin-top: 30px; font-size: 2.2em; } h2 { margin-top: 25px; font-size: 1.8em; border-bottom: 2px solid #e2e2e2; padding-bottom: 5px; } h3 { margin-top: 20px; font-size: 1.5em; } ul { margin-left: 20px; } .section { background: #fff; padding: 20px; margin: 20px 0; border-radius: 5px; box-shadow: 0 2px 4px rgba(0,0,0,0.05); } a { color: #2980b9; } </style> <h1>ASIS 8.6.0 Upgrade Testing Summary of Changes</h1> <div class="section"> <h2>1. Overview</h2> <p>The ASIS (Application Security Integration Suite) 8.6.0 release introduces a set of functional, performance, and compatibility enhancements aimed at improving security scanning, reporting, and integration capabilities. This document summarizes the testing activities performed during the upgrade from 8.5.x to 8.6.0, highlights the most significant changes, and outlines any observed regressions or required actions.</p> </div> <div class="section"> <h2>2. Key Functional Changes</h2> <h3>2.1 New Policy Engine</h3> <ul> <li>Reengineered policy rule parser that supports <strong>YAMLbased definitions</strong> alongside legacy JSON.</li> <li>Dynamic rule evaluation allows realtime policy updates without restarting the engine.</li> <li>Backwardcompatible migration wizard for existing policy sets.</li> </ul> <h3>2.2 Enhanced Scanning Profiles</h3> <ul> <li>Four new predefined profiles: ComplianceLite, CloudNative, ContainerSecure, and IoTBaseline.</li> <li>Profile chooser UI now remembers the last used profile per user.</li> <li>Ability to clone and customize any profile with granular toggle of rule categories.</li> </ul> <h3>2.3 Integrated Secrets Detection</h3> <ul> <li>Builtin secrettype signatures (API keys, tokens, certificates) for code, container images, and IaC files.</li> <li>Supports scanning of encrypted archives (ZIP, TAR.GZ) without manual extraction.</li> </ul> <h3>2.4 Reporting Enhancements</h3> <ul> <li>New interactive dashboard built with React that offers drilldown charts for risk trends.</li> <li>Export options expanded to include CSV, XLSX, and PDF with custom templates.</li> <li>Findings can now be tagged and filtered by compliance framework (PCIDSS, HIPAA, NIST, ISO27001).</li> </ul> </div> <div class="section"> <h2>3. Performance Improvements</h2> <p>Benchmark testing on a 16core VM (32GB RAM) shows the following average improvements over 8.5.2:</p> <ul> <li>Fullsystem scan time reduced by <strong>23%</strong> (from 78min to 60min on a 2TB codebase).</li> <li>Incremental scan latency dropped from 12min to 8min.</li> <li>Memory footprint decreased by approximately 15% thanks to smarter object pooling.</li> </ul> <p>The performance gains are primarily attributable to the new multithreaded I/O layer and optimized patternmatching algorithms.</p> </div> <div class="section"> <h2>4. Compatibility and Migration</h2> <h3>4.1 Database Schema Changes</h3> <p>Version 8.6.0 introduces two new tables (<code>policy_audit_log</code> and <code>secret_finding</code>) and adds a column <code>remediation_status</code> to the <code>findings</code> table. The upgrade script <code>upgrade_8.5_to_8.6.sql</code> performs the modifications automatically. It is recommended to back up the database before executing the script.</p> <h3>4.2 API Alterations</h3> <ul> <li>REST endpoint <code>/api/v1/policies</code> now returns YAML when the <code>Accept: application/x-yaml</code> header is present.</li> <li>Deprecated <code>/api/v1/scan/start</code> in favor of <code>/api/v1/scans</code> (POST). Old endpoint still works but emits a warning.</li> </ul> <h3>4.3 UI Changes</h3> <p>The user interface has been modernized. Existing user settings are migrated, but custom CSS overrides may need review because the base stylesheet has been refactored.</p> </div> <div class="section"> <h2>5. Testing Approach</h2> <p>The upgrade testing was performed in three stages:</p> <ol> <li><strong>Smoke Validation</strong> Confirmed that the installer completed without error on Windows Server 2019, RHEL8, and Ubuntu22.04.</li> <li><strong>Functional Regression</strong> Executed a suite of 250 automated UI and API tests covering policy management, scan execution, and report generation.</li> <li><strong>Performance & Load</strong> Ran concurrent scans (up to 12) on a simulated 5TB data set using JMeter scripts.</li> </ol> </div> <div class="section"> <h2>6. Observed Issues & Resolutions</h2> <ul> <li><strong>Issue:</strong> Legacy JSON policies containing duplicate keys were rejected.<br> <strong>Resolution:</strong> Added a migration tool that normalizes duplicates before importing.</li> <li><strong>Issue:</strong> PDF export sometimes omitted long description fields.<br> <strong>Resolution:</strong> Patched the PDF generator library (v2.1.4) available in the 8.6.1 hotfix.</li> <li><strong>Issue:</strong> Dockerbased scans on Windows hosts failed with permission denied.<br> <strong>Resolution:</strong> Updated the container runtime wrapper to use WindowsServer2022 gMSA support.</li> </ul> </div> <div class="section"> <h2>7. Recommendations</h2> <ul> <li>Plan a staged rolloutfirst to a nonproduction environment, then to a subset of production sites.</li> <li>Run the <code>policy_migration_tool</code> before enabling the new policy engine.</li> <li>Schedule a database backup and test the <code>upgrade_8.5_to_8.6.sql</code> script on a clone.</li> <li>Review custom UI skins for compatibility with the new CSS framework.</li> <li>Enable the new secret detection module only after confirming that falsepositive thresholds are appropriate for your codebase.</li> </ul> </div> <div class="section"> <h2>8. Conclusion</h2> <p>ASIS 8.6.0 presents a solid step forward in policy flexibility, scanning depth, and reporting clarity while delivering measurable performance gains. The upgrade path is wellsupported, with only a few manageable regressions identified during testing. By following the migration checklist and applying the noted hotfixes, organizations can safely adopt the new version and benefit from its enhanced security capabilities.</p> <p>For further details, consult the official <a href="https://asis.example.com/docs/8.6.0/release-notes">release notes</a> and the <a href="https://asis.example.com/docs/8.6.0/upgrade-guide">upgrade guide</a>.</p> </div>