Skip to main content

Checkmarx SCA Release Notes July 2024


These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.


The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated on July 7. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API well in advance of the July 7 deadline.

Identifying "Framework" Dependencies

We now identify packages that are installed as part of the Framework installation. We label these packages as "Framework", and enable filtering the results to exclude these packages. This eliminates unnecesary noise, since these packages can't be remediated without updating the version of the overall framework. This feature is currently supported only for .NET projects.

General Improvements

  • Updated the version of Gradle used in SCA Cloud from 7.5.1 to 8.8, in order to improve our security posture.