- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Previous Releases
- Releases of April 2023
- Single-Tenant (April 2023)
Single-Tenant (April 2023)
Checkmarx SCA
Notice
This section relates only to SCA releases that are relevant to users who consume SCA through the Checkmarx One platform. Release notes for the SCA standalone platform are available here.
Support for Unity Package Manager
We added support for Unity package manager.
Languages/Frameworks: Unity Repository: Unity Technologies, Needle-mirror, Open UPM File Types: none | ||||
Supported Package Managers | Exploitable Path | Supply Chain Security (SCS) | Manifest Files (Packages marked with are required) | |
none | manifest.json, packages.json |
SCA Resolver Releases
We released the following new versions of SCA Resolver:
Notice
The complete changelog, and links to download SCA Resolver are available here.
Version 2.1.5
Added support for Unity package manager. For more information, see Unity Package Manager Dependency Resolver.
For Bower, fixed issue that dependency resolution was failing when latest version ("*") was specified.
For Ivy, fixed issue that unused versions were being resolved despite the fact that a newer version had been specified in the manifest file.
ImageResolver updated to version 2.0.43.
Version 2.1.2
Added support for authentication via Master Access Control, see Master Access Control Authentication for Checkmarx SCA Resolver.
For Sbt, stack overflow is fixed when building the dependency tree.
For Gradle, when a submodule is duplicated in a project we now resolve the package only once.
ImageResolver was updated to version 2.0.41.
CLI and Plugins Release of April 2023
Version 2.0.46
Status | Item | Description |
---|---|---|
UPDATED | SCA Realtime errors | Added error handling for SCA Realtime scanner. |
Version 2.0.45
Status | Item | Description |
---|---|---|
NEW | Environment variables | We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable. NoticeWe still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications. |
UPDATED | Branches | We increased the number of branches returned using the |
Version 2.0.44
Status | Item | Description |
---|---|---|
NEW | Private packages | You can now designate a scan as a "Private Package" and assign a package version to it using the |
NEW | Flags | We added the We also added a flag WarningThe |
NEW | File extensions | Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning). |
UPDATED | Memory usage | Improved memory usage when uploading zip files. |
FIXED | Contributors count | Fixed issue that was causing index out of range errors for the |
FIXED | Sarif reports | Fixed issue that SCA results weren't being included in sarif reports. |
CI/CD Plugins
In April we released the following CI/CD plugin versions.
Jenkins Plugin - 2.0.11-415.vde4f199d0f33 (uses CLI v2.0.41)
GitHub Actions Plugin - 2.0.18 (uses CLI v2.0.44)
TeamCity Plugin - 2.0.18 (uses CLI v2.0.45)
Azure DevOps - 2.0.21 (uses CLI v2.0.44)
Improvements and Bug Fixes
Status | Item | Platform | Description |
---|---|---|---|
NEW | Proxy environment variables | TeamCity | We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable. NoticeWe still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications. |
NEW | Private packages | TeamCity, GitHub Actions, Azure DevOps | You can now designate a scan as a "Private Package" and assign a package version to it using the Additonal parameters options. Once a private package has been scanned, info about the risks affecting that package will be identified by SCA when that package version is used in any of your projects. You can download an article about private packages here. |
NEW | Exploitable Path | TeamCity, GitHub Actions, Azure DevOps | We added the We also added a flag WarningThe |
NEW | File extensions | TeamCity, GitHub Actions, Azure DevOps | Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning). |
UPDATED | Memory usage | TeamCity, GitHub Actions, Azure DevOps | Improved memory usage when uploading zip files. |
FIXED | Additional parameters | TeamCity | Fixed issue that spaces in additional params values had been causing errors. |
Plugin | Marketplace | Code Repository | Documentation | Changelog |
---|---|---|---|---|
Azure DevOps | https://marketplace.visualstudio.com/items?itemName=checkmarx.checkmarx-ast-azure-plugin | |||
GitHub Action | https://github.com/marketplace/actions/checkmarx-ast-github-action | |||
TeamCity | https://github.com/CheckmarxDev/checkmarx-ast-teamcity-plugin | |||
Jenkins |
IDE Plugins
In April we released the following IDE plugin version:
Improvements and Bug Fixes
Status | Item | Platform | Description |
---|---|---|---|
NEW | Proxy environment variable | Visual Studio | We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable. NoticeWe still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications. |
UPDATED | Create Scan button | VS Code | Improved visibility of the Create Scan button by moving it to the header bar of the Checkmarx pane. |
UPDATED | Version support | Visual Studio | Added support for earlier versions of Visual Studio 2022. We now support SDK version 17.0 and above. |
UPDATED | Memory usage | Visual Studio | Improved memory usage when uploading zip files. |
UPDATED | Product name | JetBrains | All references to AST (other than the name of the plugin) have been changed to use the new product name "Checkmarx One". |
FIXED | Additional Knowledge link | JetBrains | Fixed issue that SCA Additional Knowledge link had been causing errors when no link was available. |
FIXED | Create Scan button | VS Code | Fixed issue that the Create Scan button had been disabled after unexpected shutdown. |
FIXED | SCA Realtime results | VS Code | Fixed issue that SCA Realtime wasn't yielding results for users that didn't enter account credentials. TipThis is a free tool that does not require a Checkmarx account. |
FIXED | Filters | VS Code | Fixed issue that filters hadn't been functioning properly. |
FIXED | Additional parameters | Visual Studio, JetBrains | Fixed tooltip for Additional parameters so that link points to new documentation portal. |
IDE Plugin Quick Links
Get Latest Version from Marketplace | Changelog | Documentation |
---|---|---|