Skip to main content

Checkmarx SCA Release Notes January 2024

Notice

These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated on July 7. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API well in advance of the July 7 deadline.

Warning

For the SCA JFro plugin, version 1.1.9 and below will stop working on Feb. 29. To continue using this plugin, make sure to upgrade to version 1.1.10 before that date.

For the SCA Nexus plugin, version 1.1.5 and below will stop working on Feb. 29. To continue using this plugin, make sure to upgrade to version 1.1.6 before that date.

Improvements and Bug Fixes

Status

Item

Description

UPDATE

FIXED

Link from All Packages tab

Clicking on the Vulnerabilities widget on a Scan Results > Package Details page now opens the Risks tab, filtered for the specific package.

SCA Resolver Version 2.5.15

We released a new version of SCA Resolver with the following improvements:

  • For Gradle, the processing of wildcards on Gradle multi-module scans has been improved.

  • For Python, pip is no longer presented as a dependency for all Python projects.

Download the new version here.