- Checkmarx Documentation
- Checkmarx SCA
- Checkmarx SCA Release Notes
- Checkmarx SCA Release Notes May 2024
Checkmarx SCA Release Notes May 2024
Notice
These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.
Warning
The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.
Caution
Versions of SCA Resolver prior to 2.5.15 are no longer supported. Older versions will no longer be able to run Container scans. Download links for newer versions are available here.
We recommend always keeping up to date with the latest version of SCA Resolver, in order to benefit from the latest features as well as ongoing performance improvements and bug fixes.
Scan Reports
We made the following improvements in the SCA scan reports:
Reports generated via the web application are now generated in the background so that the user can continue working. When the report is ready, the user is prompted to download the report.
We improved the content of the scan reports for all formats (PDF, CSV, XML, JSON). The reports now include all relevant data that is available via the web portal, including exploitability indicators and the transitive package paths.
You can now generate reports from the Global Inventory screen and filter the report data based on the filters that are applied to the Global Inventory.
Support for .NET 8
Added support for .NET 8 for the SCA scanner
Changed Name of "Supply Chain" Risks
The category of risks that had been referred to as "Supply Chain" are now referred to as "Suspected Malware", which more accurately expresses the nature of the risk. This is reflected in the section title and icon on the All Risks page as well as in all places that the category name is used.
In addition the package metrics that had been titled "Supply Chain Analysis" are now titled "Package Reliability Indicators".
SCA Resolver Version 2.7.4 (May 13, 2024)
Added support for the Cpan package manager for Perl projects. For more information, see here.
For Maven, added support for omitted package versions.
For Go, fixed an issue that Go packages weren't being scanned when executing on Windows.
Download the new version here.