Checkmarx SCA Release Notes August 2022
We are excited to announce important improvements in our Checkmarx SCA web application…
Key improvements
New Supported Languages and Package Managers
Ruby
We added support for Ruby projects, using RubyGems package manager to resolve Gemfile and Gemfile.lock manifest files.
Poetry
We added support for Poetry package manager for Python projects. Resolution is done using pyproject.toml (mandatory) and poetry.lock (optional) files.
C++
We now do file analysis (fingerprints) for C++ files (.cpp, .c, .h, .hpp, .a, .o, .so) hosted in GitHub or Conan Central.
Risk Management
We have updated the Risk Management capabilities for Checkmarx SCA. Users can now change the state of risks (To Verify, Not Exploitable, Proposed not Exploitable, Confirmed or Urgent) and also add comments.
While viewing the Risk Details page for a specific risk, you can open a side panel with tabs for New Action (i.e. making changes) and for viewing History of changes made.
 |
Notice
Only users with the manage-risk role (e.g. Admin, SCA Manager) are able to change the state of a Risk and add Comments.
Viewing Change History
Comments and state changes are shown in the All Risks table. Not Exploitable risks are marked with a strikethrough line. Hover over the comment icon to view the comment.
In addition, a detailed history of all changes is shown in the Management of Risk panel > History tab. For each change that was made, the name of the user who made the change and the time of the change are shown. In addition, for state changes, the new state is shown alongside the previous state.
 |
For more information about managing risk, see Risk Management.
Improvements and Bug Fixes
Status | Item | Description |
|---|---|---|
UPDATE | Private packages | Improved handling of private packages for Maven and Nuget. |