Skip to main content

Version 2.94

Multi-Tenant release date: September 27, 2023

New features and enhancements

Code Repository integration enhancement

The integration with the Code Repository now allows a user to initiate a new integration project scan and designate the project with a private package, adding an extra layer of security and privacy to the project.

Pagination in GitHub

A pagination feature is now applicable to both GitHub Cloud and GitHub self-hosted instances, enabling users to better navigate through their organization listings. There is no longer any limitation on the number of organizations, and a search bar is available to help you locate a specific organization.

Ability to manually create branches during ZIP upload

Checkmarx One now allows you to manually create a branch within a project when uploading a ZIP file for scanning.

This addition provides the ability to identify which branch was scanned in the project history as well as differentiate and manage changes between the same ZIP uploads. This facilitates the development of bug fixes, the addition of new features, and the integration of new versions after thorough testing in an isolated environment.

Access Management Updates

API Key and OAuth Client Expiration Management

A tenant admin user can now configure settings that effect the expiration time for API Keys and OAuth Clients created in the tenant account. The settings are available on the General Settings screen of the Identity and Access management platform.

The admin can set the default expiration time for API Keys and OAuth Clients as any value between 30 to 365 days. In addition, the admin can activate enforcement of the specified expiration period, so that users won't be able to adjust the expiration time when they create a new API Key or OAuth Client.

IaC Updates

  • We have implemented a significant change in our Access Management system. Now, you are able to assign entities (Users and Groups) directly to resources (Tenant, Application, Project, and all associated elements like scans and results).

    This update renders obsolete the previous access restrictions based on Groups assigned to Projects.

  • This version introduces three new Ansible queries to cover the following scenarios:

    • Identify hosts within your Ansible inventory that are accessible from the internet.

    • Check if your Ansible configuration settings permit unsafe lookups.

    • Identify Ansible playbooks or tasks that use HTTP for communication.

  • Starting with this release, IaC Security is able to run queries against GitHub workflows.

DAST Updates

  • A new feature enables users to search the environment table by the environment ID. A new column was added in order to filter by the environment ID.

  • Users are now able to incorporate scripting into their DAST scans. This allows them to customize attacks and login methods, providing greater flexibility and precision in securing their applications.

SCA Updates

SCA Results Viewer

The SCA results viewer is now fully integrated with the Checkmarx One platform. When you open the SCA Results page for a project, the Checkmarx One navigation pane remains visible on the left side of the screen and a back button is shown at the left side of the header bar. This makes it easy to navigate between SCA Results and other Checkmarx One elements.

Container Scanning

We have improved the process for identifying packages and vulnerabilities in containers, when running SCA scans in the cloud (this had previously been supported only when using SCA Resolver). We now use Syft to scan the image created by the container, yielding up to 4 times the number of results, while significantly decreasing scan time.

SCA Resolver Version 2.4.5

We released a new version of SCA Resolver with the following improvements:

  • Improved parsing support for CLI custom arguments.

Download the new version here.

CLI and Plugins Release of September 2023

CLI Version 2.0.57





Async scans

Fixed issue with async scans.

CLI Version 2.0.56





GO version

Updated code to GO version 1.21.1 in order to remediate a vulnerability.


Unlimited results

We now return an unlimited number of results in the results summary (had been limited to 10k).


Contributor count

Fixed issue regarding incomplete contributor count results for BitBucket, Azure DevOps, GitHub and GitLab. This was accomplished using retires and timeout flags to overcome rate limits. We also added pagination for Azure DevOps.

CLI Version 2.0.55





Ignore proxy

Added global flag --ignore-proxy for ignoring proxies, so that all Checkmarx One CLI commands run directly from the local machine. Alternatively, this can be done by setting the environment variable "CX_IGNORE_PROXY" as true.


Policy Violation header

Fixed issue that contributors count for Azure DevOps hadn't been returning complete results.

CI/CD Plugins

In September we released the following CI/CD plugin versions.

  • Azure DevOps - 2.0.26 (uses CLI v2.0.57)

Improvements and Bug Fixes






Ignore Proxies

Azure DevOps

Added an environment variable, "CX_IGNORE_PROXY", for ignoring proxies. Mark the variable as true to ensure that all Checkmarx One CLI commands run directly from the local machine.


Included files

Azure DevOps

Added Podfile and Podfile.lock to the list of included files (when creating the zip archive for scanning).


CLI version

Azure DevOps

Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.