1.0.29 March 2025 | Added support for API Security, 2MS (Secret Detection), and OSSF Scorecard scanners. Expanded SNOW compatibility to include Yokohama. Updated scanner selection UI on the Configuration Page
| Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, Xanadu, and Yokohama. |
1.0.26 February 2025 | | Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, Xanadu, and Yokohama. |
1.0.24 January 2025 | | Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, and Xanadu. |
1.0.23 December 2024 | Filter to Exclude SCA Dev and Test Dependency will be available on the Configuration page. The Latest Scan From Each Branch option in the Scan Synchronization field in the Configuration Page imports each branch's latest scan result and reflects it in the AVIT table. The vulnerability description of findings from CxOne will be mapped to the Vulnerability Explanation field of the AVIT table.
| Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, and Xanadu. |
1.0.22 October 2024 | If an exploitable path is found in an SCA scan, it will be recorded in the Source Notes column of the AVIT table. The Configuration Page now has a Scan Synchronization field that allows you to filter the latest scan of each branch, the primary branch, or all branches. You can filter imported scan results by the Result States on the Configuration Page. You can filter imported scans by Scan Type on the Configuration Page. The Delta API will compare the old scanID in ServiceNow with the project's latest scanID to find fixed issues in SAST and SCA scans. The Save and Test Credentials button on the Configuration Page will check if the required permissions are valid.
| Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, Utah, and Xanadu |
1.0.21 June 2024 | The SCA deltas result API has been added. Risks that have been closed or marked as Not Exploitable in the CxOne SCA result will appear as Closed in ServiceNow. Checkmarx One Application List Integration will import
projects created on CxOne after the start time provided in execution. Projects can be filtered by ID or Name on the
configuration page. Scan Origin, Scan Type, and Scan Source Information from CxOne is mapped to the Scan Submitted By column of the sn_vul_app_vul_scan_summary
table. There is a checkbox to filter a primary branch. When marked and there is a primary branch, the branch's latest scan and vulnerabilities synchronize with SNOW. If there isn't a primary branch in the project, the project's latest scan and vulnerabilities synchronize with SNOW. Fix for high disk growth by the sys_update_version table.
| Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, Utah, and Tokyo |
1.0.20 March 2024 | Branch info has been mapped to the Project Branch field on the AVIT table. Primary Branch info is mapped to the Source Additional Info field on the Discovered Application table with Application ID. If Sync Only Primary Branch is enabled from the configuration page, only the projects, scans, and vulnerabilities performed for the primary branch will be imported into the respective integrations and tables. For SAST scanner findings, the Source AVIT of the AVIT table has been changed into a combination of the Similarity ID and the Result Hash from CxOne to receive the unique AVITs. Washington DC support has been added to this version.
| Supported CxOne Version: All SNOW Compatibility: Washington DC, Vancouver, Utah, and Tokyo |
1.0.19 March 2024 | | Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.18 February 2024 | The Project tags information from CxOne will be mapped to the Source APM ID of the Discovered Application Table of SNOW. If a scanID has been deleted, the plugin will bypass it without causing any failure.
| Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.17 December 2023 | | Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.16 December 2023 | | Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.15 December 2023 | | Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.14 | Addition of new Scanner type IaC from Checkmarx One on the Configuration Page , which will bring up IaC scans and results Addition of a new field List of Project IDs on the Configuration Page to filter out only entered Projects Addition of a SAST Delta result API, which compares the last two scans from the given Start Date in Integration Run and presents the latest changes.
| Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.13 | | Supported CxOne Version: All SNOW Compatibility: Vancouver, Utah, and Tokyo |
1.0.12 | The Scan Summary Name column will have sca- or sast- as prefixes and scanId and Last scan date in the AVIT table. Addition of Application ID from Checkmarx One to Snow, In the Application Release table, it is mapped to the Source additional Info column, and in the Application Vulnerability Item Table, it is mapped to the Source additional Info column Added OWSAP Top 10 and SANS 25 information for SAST vulnerabilities in OWASP and Short Description column of the Application Vulnerability Entry Table (sn_vul_app_vul_entry.LIST)
| Supported CxOne Version: All SNOW Compatibility: San Diego, Utah, and Tokyo |