- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Version 3.7
Version 3.7
Multi-Tenant release date: February 18, 2024
New features and enhancements
SAST engine update
The SAST engine in Checkmarx One has been updated to version 9.6.3.
Filtering by project or application
This version introduces enhanced filter design with dynamic options for projects and applications:
Separate drop-downs for Project & Applications, CX Scanners, and Date range filters, each with clear labeling and user-friendly interaction.
Projects & Applications filter with API integration, search, autocomplete, and pagination for streamlined project selection.
CX Scanners filter to enable data filtration based on scanner types.
Improved date range selection with an intuitive combined time and date picker.
Less frequently used filters are now consolidated into a single Other Filters dropdown.
Disabling updates for recurrent issues
Continuous integration and continuous deployment (CI/CD) projects may encounter recurrent issues multiple times daily, leading to excessive Jira updates. To reduce unnecessary notifications, we have introduced an option to disable updates for recurrent issues in Checkmarx One.
Automatic assignment of new project to application
It is now possible to create a project within the application, ensuring its automatic assignment to the respective application.
Executive Overview dashboard in Analytics
The Analytics module now features a new dashboard focused on widgets for the CISO and higher management.
Note
Currently available for early adopters only.
Resolved issues
Errors with Jira Priority Mapping causing issues to not flow to JIRA.
GitHub Integration App failing to create tickets in GitHub without admin-level permissions.
Inconsistent comments on pull request scans for forks.
JIRA Feedback App Setup encountering issues with Transition States data.
Vulnerability statuses not updating in the UI.
No results visible for multiple projects.
Checkmarx SCA unable to resolve go.mod with go version 1.21.
TypeError: Cannot read properties of undefined (reading
startsWith
)AST failing on KICS scan when scanning JSON files.
Swagger description for
sort
API parameter inconsistent with actual API execution.Issues with sast-results-filter for greater than/less than comparisons.
Improper status and message in
api/applications POST/{id}/project-rules
when adding existing rules.Incorrect vulnerability count in CSV report on Projects list page.
Error when opening Application with inaccessible projects.
Work items not listed for one project.
Predicate change in performance environment getting stuck.
Failed creation of Feedback app from issue type "Bug" due to required fields.
Backward compatibility issue in API (api/cx-audit).
Scans getting stuck or hanging in queue, including those in Redis "Running" queue.
Unable to change status of supply chains only (Checkmarx One and CxSCA).
Unstable Scan Management\Preset page (Error 502 bad gateway).
Download Logs option missing when viewing projects at the application level.
SCA Resolver Version 2.6.1 (Feb 12, 2024)
We released a new version of the SCA Resolver tool which includes the following improvements:
Added a flag
--ignore-test-dependencies
for ignoring test dependencies.For Nuget, added support for VB.NET projects.
Fixed exception during the FolderAnalyzer step.
For Ivy, fixed a bug when build.xml does not have a target node.
Download the new version here.
CLI and Plugins Releases of February 2024
CLI Version 2.0.69
Status |
Item |
Description |
---|---|---|
NEW |
Policy violations |
Added policy violations to PR/MR decoration shown in GitHub Actions. |
FIXED |
Credentials encoding |
We now encode the Client ID and Secret. |
CLI Version 2.0.68
Status |
Item |
Description |
---|---|---|
UPDATED |
AI remediation |
Improved the presentation of the AI Guided Remediation response. |
FIXED |
Scan log |
Removed sca option from the |
CLI Version 2.0.67
Status |
Item |
Description |
---|---|---|
FIXED |
Vulnerability remediation |
Remediated vulnerabilities that we identified in our project. |
CLI Version 2.0.66
Status |
Item |
Description |
---|---|---|
NEW |
Vulnerability redundancy |
We added a new feature that identifies vulnerabilities with matching sub-flows, which enables prioritization of fixes that will resolve multiple vulnerabilities with a single fix. In order to retrieve this data, you need to add the |
FIXED |
Sarif output |
Fixed issue that sarif output had been failing when there were no SAST results. |
CI/CD Plugins
In February we released the following CI/CD plugin versions.
Azure DevOps - 2.0.31 (uses CLI v2.0.67)
GitHub Actions Plugin - 2.0.23 (uses CLI v2.0.66)
Jenkins Plugin - 2.0.12-529.v940316ea_19da_ (uses CLI v2.0.67)
Improvements and Bug Fixes
Status |
Item |
Platform |
Description |
---|---|---|---|
NEW |
Nightly versions |
Jenkins |
We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update to the latest pre-release version or to update only when a new release version is published. |
NEW |
Ignore proxies |
Jenkins |
Added an environment variable, "CX_IGNORE_PROXY", for ignoring proxies. Mark the variable as true to ensure that all Checkmarx One CLI commands run directly from the local machine. |
NEW |
Podfile |
Jenkins |
Added |
NEW |
SBOM reports |
Jenkins |
Added the ability to generate SBOM reports. SBOMs can be generated using CycloneDX or SPDX format. SPDX reports are output in JSON format, and CycloneDX can be output as JSON or xml. This can be done using the |
NEW |
Proxy designation |
Jenkins |
We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable. NoticeWe still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications. |
UPDATED |
Results summary |
Azure DevOps |
Improved the "Results Summary" shown in the CLI output. The summary now shows vulnerabilities by severity level for each scanner separately, in addition to the overall totals. |
UPDATED |
Output log |
Jenkins |
The output log is now stored to a variable |
UPDATED |
CLI code |
Jenkins |
Updated CLI code to GO version 1.21.1 in order to remediate a vulnerability. |
UPDATED |
Results limit |
Jenkins |
We now return an unlimited number of results in the results summary (had been limited to 10k). |
UPDATED |
Policy violation |
Jenkins |
Added information about violated policies to the scan summary output. For policies that are configured to "break build", when the policy is violated the scan will fail. (The |
UPDATED |
Projects limit |
Jenkins |
Increased the default limit for projects returned using the |
FIXED |
Vulnerability remediation |
Azure DevOps, Jenkins |
Remediated vulnerabilities that we identified in our project. |
FIXED |
Vulnerability remediation |
Azure DevOps, Jenkins |
Uses CLI version in which vulnerabilities affecting that project have been remediated. |
FIXED |
Sarif output |
GitHub Actions |
Fixed issue that sarif output had been failing when there were no SAST results. |
FIXED |
Scan ID |
Jenkins |
Fixed issue obtaining scan ID from logs. |
FIXED |
Groups |
Jenkins |
Fixed issue that submitting |
Plugin | Marketplace | Code Repository | Documentation | Changelog |
---|---|---|---|---|
Azure DevOps | https://marketplace.visualstudio.com/items?itemName=checkmarx.checkmarx-ast-azure-plugin | |||
GitHub Action | https://github.com/marketplace/actions/checkmarx-ast-github-action | |||
TeamCity | https://github.com/CheckmarxDev/checkmarx-ast-teamcity-plugin | |||
Jenkins |
IDE Plugins
In February we released the following IDE plugin version:
VS Code - 2.6.0 (uses CLI v2.0.64)
Improvements and Bug Fixes
Status |
Item |
Platform |
Description |
---|---|---|---|
NEW |
AI Guided Remediation for SAST |
VS Code |
We added AI Guided Remediation for SAST vulnerabilities (in addition to existing support for IaC Security vulnerabilities). We send the Checkmarx scan results file to OpenAI together with code snippets around each node of the Attack Vector for the specified vulnerability. We also submit a pre-configured series of instructions to OpenAI, which generates a response that includes the following sections: Confidence, Explanation and Proposed Remediation sections. You can follow up with additional questions. For more information see AI Guided Remediation WarningThis feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings > Settings > Plugins in the Checkmarx One web portal. |
IDE Plugin Quick Links
Get Latest Version from Marketplace |
Changelog |
Documentation |
---|---|---|