Skip to main content

Version 3.5

Multi-Tenant release date: January 21, 2024

New features and enhancements

SAST engine upgrade

The SAST engine in Checkmarx One has been upgraded to version 9.6.2. For complete Release Notes, click here.

Fast Scan for SAST scanner

The new SAST engine aims to find the perfect balance between thorough security tests and the need for quick and actionable results. There’s no need to choose between speed and security. Alongside the Base Preset, we are thrilled to announce a new scan mode designed to speed up the scan: Fast Scan mode.

Fast Scan mode decreases the scanning time of projects by up to 90%, making it faster to identify relevant vulnerabilities and enable continuous deployment while ensuring that security standards are followed. This will help developers tackle the most relevant vulnerabilities.

Warning

To expedite the results retrieval, the scanning process has been optimized to reduce the number of stages and flows involved in the scan. With this enhancement, the queries related to Fusion are not executed and results will not be generated when using the new mode.

You may also notice impact on the API Security scanner results.

For more information on Fast Scan, refer to this page. To learn how to configure Fast Scan in Checkmarx One, see here.

SCA risks recalculation

We've introduced a new feature that allows you to recalculate SCA risks without resubmitting your source code for scanning.

Checkmarx One leverages the dependencies identified in the previous scan of the project and re-assesses the risks affecting your project based on the current data (e.g., new vulnerabilities identified in the package, new Policies applied to the project, changes in risk states, etc.).

To trigger a scan recalculation, click the Recalculate button on the SCA results screen for the relevant project. Results from scan recalculation are shown as a separate scan.

Version field in Jira Feedback App

The Jira Feedback App now includes a custom field displaying the schema type version on Jira tickets.

Tabular data export in CSV format

Tabular data can now be exported in the form of CSV files. This functionality is accessible in the Projects list, Scans list, and Applications list.

Group sorting in Code Repository integration

With the latest update to the Code Repository Integration, groups in the integrated repositories are now sorted automatically, providing users with a structured and easily accessible view. The Search functionality allows users to quickly find the required group.

Resolved issues

  • IDE Plugin displaying only the first 10K Informational results.

  • The number of vulnerabilities on the Checkmarx One projects page (and others) for SCA does not align with the number of vulnerabilities found or match the reports.

  • Encountering a 500 - Internal server error when clicking on a project from one application.

  • CLI plugin failure with the error panic: runtime error: slice bounds out of range [1:0] when attempting to create a SARIF report.

  • In certain cases CSV report generation could fail.

  • Synchronization problem between the scan and SBOM.

  • Incorrect query severity persists after saving it.

  • Inability to edit query severity after creating or overriding a query per tenant.

CLI and Plugins Releases of January 2024

CLI Version 2.0.65

Status

Item

Description

NEW

AI Guided Remediation for SAST

We added AI Guided Remediation for SAST vulnerabilities. Use the chat sast command to submit details about a specific vulnerability instance to OpenAI and receive detailed remediation recommendations, including a code snippet that can be used for the remediation.

Warning

The command for AI Guided Remediation for IaC Security vulnerabilities has changed from chat to chat kics.

Warning

This feature needs to be enabled for your organization's account by a Checkmarx admin user.

UPDATED

Added supported file type

Added file extension *.cmp to the list of included files (when creating the zip archive for scanning).

CLI Version 2.0.64

Status

Item

Description

UPDATED

Contributor count

Added the uniqueConrtibutorEmail field to the response to contributor-count in debug mode. For GitHub and Azure DevOps, we now use email (as opposed to username) as the unique identifier for counting distinct users.

FIXED

Groups

Fixed issue that submitting --groups via CLI was interfering with project configuration (e.g., removing designation of primary branch).

FIXED

Sarif report

Fixed issue that sarif reports had been failing when no vulnerabilities were identified.

CI/CD Plugins

In December we released the following CI/CD plugin versions.

  • Azure DevOps - 2.0.30 (uses CLI v2.0.64)

  • GitHub Actions Plugin - 2.0.22 (uses CLI v2.0.64)

  • TeamCity Plugin - 2.0.21 (uses CLI v2.0.64)

Improvements and Bug Fixes

Status

Item

Platform

Description

FIXED

Groups

Azure DevOps, TeamCity, GitHub Action

Fixed issue that submitting --groups was interfering with project configuration (e.g., removing designation of primary branch).

FIXED

Sarif reports

Azure DevOps, TeamCity, GitHub Action

Fixed issue that sarif reports had been failing when no vulnerabilities were identified.

IDE Plugins

In January we released the following IDE plugin version:

  • Visual Studio Extension - 2.0.18 (uses CLI v2.0.64)

Improvements and Bug Fixes

Status

Item

Platform

Description

FIXED

KICS Auto Scanning

Visual Studio

Fixed issue that KICS Auto Scanning had been running even when the feature was disabled.

FIXED

Libraries update

Visual Studio

Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.

IDE Plugin Quick Links