- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Previous Multi-Tenant Releases
- Older Versions
- Releases of May 2023
Releases of May 2023
Multi-Tenant (May 2023)
API Security
Status | Description |
|---|---|
Version 2.85 (Released on May 14, 2023) | |
NEW | Identifying and monitoring Shadow APIs - Shadow APIs refer to undocumented APIs found in code that can pose a significant security risk if left unmonitored. Identifying Shadow APIs is crucial to ensure that all APIs are protected, not just the ones that are known and documented. This is where our solution comes in as a key differentiator in the industry. We specialize in finding Shadow APIs to ensure that they are properly secured and protected from potential vulnerabilities. Without proper identification and monitoring of Shadow APIs, any shift-right solution that only focuses on known APIs is ineffective. That's why we prioritize discovering and securing these hidden APIs, so that our customers can have complete protection and peace of mind. For more information, refer to this help topic. |
NEW | API Inventory - API Security is now able to scan Swagger files to identify all APIs available within an organization. This is a critical step in understanding the scope of APIs that exist in a system and identifying any potential security vulnerabilities. With an accurate and up-to-date API inventory, organizations can effectively manage their APIs and ensure they are properly secured. Additionally, an API inventory helps in identifying potential duplication or overlap of APIs, which can be optimized to improve efficiency and reduce maintenance costs. It is an essential tool for API governance and can be used to track changes and updates to APIs over time. For more information, see here. |
NEW | API documentation risks can be a serious concern for developers and organizations alike. One way to address this issue is by proactively scanning Swagger files to identify vulnerabilities and risks at an early stage, before they can cause significant problems. This can help ensure that the API documentation accurately reflects the intended functionality and reduces the likelihood of errors or misunderstandings down the line. In addition to improving the accuracy and completeness of the documentation, scanning Swagger files for potential risks can also improve the overall security of the API and prevent or mitigate potential security breaches. Refer to this page for more details. |
NEW | Identifying sensitive data discrepancies - API Security is now able to identify any discrepancies between the sensitive data parameters in code and those in the Swagger API documentation. This helps users discover any sensitive parameters they may not have been aware of before, allowing them to take action to fix and update their Swagger files. This ensures that the API documentation accurately reflects the current state of the codebase, reducing the risk of data breaches and other security incidents. For more information, see this page. |
NEW | Support for Flask Python queries - The incorporation of Flask Python queries into our API security scanning enables thorough analysis and identification of potential vulnerabilities within Python-based applications. With this expanded support, our customers can confidently ensure the integrity and resilience of their applications, safeguarding them against potential security risks. |
Checkmarx SCA
Notice
This section relates only to SCA releases that are relevant to users who consume SCA through the Checkmarx One platform. Release notes for the SCA standalone platform are available here.
SCA Resolver Releases
We released the following new versions of SCA Resolver:
Notice
The complete changelog, and links to download SCA Resolver are available here.
Version 2.2.2
Syft is now used automatically whenever the
--scan-containerflag is used. The--use-syftflag is no longer in use.Warning
This is a breaking change. If you have pipelines that use the
--use-syftflag, it needs to be removed.Notice
For syft to run on your scans, you need to have it installed on the machine that is running Resolver, see Prerequisites.
For PIP:
Added a new argument for including custom manifest files for resolution.
Improved detection of the Python version installed on the system.
For Gradle, dependencies that were ignored by the package manager are now ignored by Resolver.
For NPM, the problem with the decision to run commands for NPM6 or NPM7 has been fixed.
Fixed "out of memory" issues that were occurring in some edge cases.
Version 2.1.9
For Gradle, added support for dynamic submodule declaration.
ImageResolver updated to version 2.0.47.
CLI and Plugins Release of May 2023
Version 2.0.47
Status | Item | Description |
|---|---|---|
FIXED | KICS realtime | When a |
FIXED | BtiBucket contributor count | The contributor count for BitBucket now counts only contributors who have contributed in the past 90 days, as expected. |
IDE Plugins
In April we released the following IDE plugin version:
Improvements and Bug Fixes
Status | Item | Platform | Description |
|---|---|---|---|
NEW | Pre-release versions | VS Code, JetBrains | We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update automatically to the latest pre-release version or to update only when a new release version is published. To automatically install pre-release versions, see VS Code Automatic Updates and JetBrains Automatic Updates |
UPDATED | SCA Realtime | VS Code | For SCA Realtime scans that return incomplete results, we now show a Dependency resolution errors section which gives info about manifest files that weren't resolved and the reason for the error (e.g., relevant package managers not installed locally). |
UPDATED | Version support | Eclipse | Added support for eclipse version 2019-03 (4.11) and above. |
UPDATED | Product name | Eclipse | All references to AST (other than the name of the plugin) have been changed to use the new product name "Checkmarx One". |
FIXED | Additional parameters | Eclipse | Fixed tooltip for Additional parameters so that link points to new documentation portal. |
IDE Plugin Quick Links
Get Latest Version from Marketplace | Changelog | Documentation |
|---|---|---|