Skip to main content

Checkmarx SCA Release Notes December 2023

Notice

These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated on July 7. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API well in advance of the July 7 deadline.

Warning

For the SCA JFro plugin, version 1.1.9 and below will stop working on Feb. 29. To continue using this plugin, make sure to upgrade to version 1.1.10 before that date.

For the SCA Nexus plugin, version 1.1.5 and below will stop working on Feb. 29. To continue using this plugin, make sure to upgrade to version 1.1.6 before that date.

Malicious Packages in Container Scans

We now identify malicious packages in container scans. This is done by checking the container packages against our proprietary database of know malicious packages.

Warning

We currently identify malicious packages only among non-OS related packages.

A new column was added to the Container Packages screen indicating whether or not the package is malicious. For unsupported package types, "Unknown" is shown in the "Malicious" column.

Image_043.png

Also, for vulnerabilities associated with malicious packages, the Container Vulnerabilities screen shows "Malicious" as a "Risk Factor".

SCA Resolver Version 2.5.15

We released a new version of SCA Resolver with the following improvements:

  • For Gradle, the processing of wildcards on Gradle multi-module scans has been improved.

  • For Python, pip is no longer presented as a dependency for all Python projects.

Download the new version here.

In this section: