Welcome to Lucent Sky AVM version 2003 MR, the second Minor Release of 2020. This release includes major updates to binary and source code analysis engines. It also brings support for the newly released CWE v4.0. To learn more about this release, visit Lucent Sky AVM version 2003 release notes.

New features in 2003


  • Custom Java runtimes can now be set to replace the built-in Java runtimes and be used for the build process
  • The Java build engine has been updated to improve performance


Binary analysis

  • The secondary binary analysis engine for Java has been updated

Source code analysis

  • The source code analysis engines for .NET, C/C++, Java, and Python has been updated

Weakness policies

  • Weakness policies and the built-in rule package have been expanded to cover additional vulnerability categories and is now compatible with CWE v4.0
  • CWE-3 has been removed as part of the update to CWE v4.0


  • Performance and stability improvements to the Web UI
  • The CLI has new methods and improved error handling
  • The Visual Studio extension and Eclipse plug-in have been updated to support the expanded weakness policies and CWE v4.0

Issues fixed in 2003 MR

  • We fixed an issue where the timestamps for custom rule packages and runtimes have incorrect time zone.
  • We fixed an issue where certain JSP files with JSTL tags failed to compile.
  • We fixed an issue where a .ear or .war file can be specified as the target of direct binary analysis.
  • We fixed an issue where files skipped during Python source code analysis is not logged.
  • We fixed an issue where Maven logs is not being properly written.

If you are using Lucent Sky AVM Enterprise or Standard Edition (either on-premise or cloud) and have an active subscription, you can update to 2003 MR immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to 2003 MR in the next few days.