Skip to main content

Version 3.17 (Early Access)

Multi-Tenant release date: July 7, 2024


The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment, unless explicitly stated otherwise in the respective section's sub-heading.


Note for Chrome users:

Please clear your browser cache to avoid potential UI issues. Failure to do so may result in the Checkmarx One user interface not functioning correctly.

Maintenance releases


This table includes only the maintenance releases that addressed customer-facing issues. Maintenance releases that contained only internal enhancements are not listed.

Release number

Resolved issues


  • The Analytics page was very slow or unresponsive.

  • SCA scans were failing.

  • Links on the Project page did not work correctly.

New features and enhancements

Generate PDF reports with DAST scan results

GA: July 17, 2024

Users can now generate a detailed PDF report that encapsulates all findings from a specific DAST scan. These reports will include various key performance indicators (KPIs) such as aging, severity trends over time, and the top 5 categories of results.

Advanced filtering and sorting in Risk Data Management

GA: July 17, 2024

We have implemented robust filtering and sorting functionality in the risk management table, allowing you to filter data based on risk severity, status, type, and other relevant attributes.

With the new sorting options you can arrange risks by different parameters such as risk score, date detected, or project name.


Muting and snoozing packages

You can now change the state of a package to “muted” so that the vulnerabilities associated with that package won’t be shown as risks to your project.

You can also “snooze” a package so that it is muted for a fixed period of time after which it will automatically revert back to being a regular monitored package. This can help to reduce noise in you system when you feel that a certain package does not pose a threat or where there is no available fixed version of the package.

Risk Management (triage) enhancements

We have expanded the Risk Management (triage) capabilities for SCA vulnerabilities and Suspected Malware risks in Checkmarx One. You can now adjust the Severity level and/or the risk Score (in addition to existing support for changing the State). The following details that apply to State changes, also apply to Severity and Score changes.

  • Whenever you make a change, you are required to add a comment explaining the rationale behind the change.

  • Risk counters are only updated to reflect changes the next time that a scan or Recalculation is run on the project. Until then, a red dot in the UI indicates that a Recalculation is needed.

Resolved issues

  • Slowness when displaying the Severity Over time in the project view.

  • The Analytics page intermittently threw a Java RuntimeException.

  • In SCA scanner, detailed results type disappeared from Results by License Type when zooming in.

  • It was not possible to override Azure Resource Management queries in the Query Editor.

  • Failure when attempting to generate the report for a specific scan.

  • The Read More option was missing from SAST results in Applications > Risk Management tab.

  • When there was a large number of scans, the Severity Over Time graph took too long to load or did not display at all.

  • Error when creating queries on Query Editor.

  • A false negative SAST policy violation was encountered from the second scan onward.

  • [API] [QueryEditor] - Swagger failed to create a new Audit session.

  • Checkmarx One Git repo scan failed with an irrelevant message.

  • [API] QueryEditor] A session was deleted without proper validation.

  • Wrong data on vulnerabilities KPIs when the last scan had no results.

  • Unsanitized user parameters were sent to the database.

  • The PUT api/sca-policy-management/NUM/rules method returned Internal Server Error (500) in case the filter rule list contained more than 50 values.

  • SCA package severity filtering was not working as expected.

  • A project with the same name (but different camel case) deleted an older project and would not allow users to see results.

  • A JavaScript error occurred in Case SCA Scan > Risks.

  • Suspected malware could not be marked as Not Exploitable.

  • When scanning Ruby manifest files, both gemfile and Gemfile names were recognized as Ruby’s manifest files. However, only Gemfile produced results, which was wrong.

  • SCA Cloud scan failed after the dotnet 8 update.

  • The Manifest download button was available instead of being blocked.