Skip to main content

Version 3.4

Multi-tenant version released on: January 8, 2024

Single-tenant version released on: January 5, 2024

Risk Management performance improvement

Checkmarx One offers a comprehensive Risk Management feature that allows you to prioritize and understand the risks associated with your applications. This centralized tool consolidates results from multiple scanners (currently, SAST and SCA)  , and provides valuable insights for resource or team managers, especially AppSec teams. With this feature, you can proactively pinpoint vulnerabilities that require attention and address them before the development process begins.

Resolved issues

  • Access Management: Unable to navigate to project settings from the Application tab.

  • Reimport issue for users identified as an organization in GitHub.

  • Unable to refresh repository permissions for Bitbucket OnPrem.

  • Jira integration not reporting all issues.

  • Inability to add or update a Jira Integration when Assignee is required.

  • Failed to upload zip to URL http://ast-platform-minio:9000

  • Over 20 scans stuck due to the SCA worker failing to run.

  • Project displaying as Never Scanned despite scans being visible in Scan History.

  • A mandatory role default-roles can be manually removed by a customer.

  • Features dependent on the composite role ast-risk-manager.

  • Error encountered when reaching the Risk Management tab.

  • view-risk-management permission not functioning properly.

  • Import getting stuck in the Pending state.

  • Triggered scan after approval with suggestions pull request.

  • Scan can be deleted via direct API call while still running, causing zombie scans and blocking new scans from running.

  • Discrepant vulnerability counts for SCA scan reports.

  • Usage of the old Bitbucket URL after pushing code from Bitbucket On-Prem.

  • Existing application users can change the username on SAML merge if using username mapper.

  • Title display issue under the Risk tab in Checkmarx SCA.

  • WebAudit does not validate syntax after deleting queries, causing WebAudit to become stuck.

  • Empty custom queries in WebAudit.

  • Duplicated swagger (or API's) files in the same repo cause the scan to fail.

  • Request in AppSec fails with timeout.

  • It is not possible to view a list of vulnerabilities from the detailed package view (the link is not clickable).

  • Scan type = full is not always printed upon running the command scan list --filter project-id=.

  • Failure to "Refresh repository permission" for a project with spaces or () in the project  name.