- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
Engine Pack Versions and Delivery Model
In the Checkmarx Engine Pack delivery model, we will release a new Engine Pack every two months rather than a full Checkmarx SAST release. An Engine Pack is a minor-release and will be tagged 9.4.x, for example, 9.4.1, 9.4.2, or 9.4.3. With the new Engine Packs, you will receive the following:
Updates on Languages and Frameworks
Queries (like Content Packs)
Core engine changes
Notice
An Engine Pack only updates the above items. The application, portal, and manager are not updated when installing a new Engine Pack. However, the Engine Pack must also be installed on the CxManager host to update the SQL database.
The Windows package includes
An installer that includes only the engine changes, such as changes to the engine service and the agent.
A queries updater similar to the Content Pack updating mechanism, without the configuration section.
The Linux package includes a new Docker image.
Important Notes
Engine Packs are cumulative.
The upgrade path is only through Checkmarx SAST 9.4 and up.
Engine Packs can be rolled back to the previous Engine Pack release.
Engine configurations will be merged into the new Engine Pack installation.
In distributed environments, besides installing the Engine Packs on the CxEngine or CxAudit host, the Engine Packs must also be installed on the CxManager host to update the SQL database. For details, see
For information on how to install an Engine Pack, refer to Installing CxSAST Engine Packs.
For information about a particular Engine Pack, refer to one of the following pages.
Notice
In addition to the regular Engine Packs, starting from 9.4.5, we will deliver Engine Pack patches using the following numbering convention: engine_pack_number.revision_number. (For example, 9.4.5.1007.) Patches do not have a pre-determined cadence but are released as needed for bug fixing. Engine Pack patches are cumulative.