- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Previous Multi-Tenant Releases
- Older Versions
- Version 3.18
Version 3.18
Multi-Tenant release date: July 21, 2024
Warning
The content and dates of these Release Notes are provisional and subject to change.
All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment, unless explicitly stated otherwise in the respective section's sub-heading.
New features and enhancements
Container Security
Early access availability: July 21, 2024
We are excited to announce a major update to Checkmarx One with our new Container Security solution. This update brings powerful features to enhance your container security efforts.
Key features and capabilities:
Dedicated new module: Improved visibility on container image risks.
Enhanced API and CLI commands: Streamlined container scanning.
Docker desktop extension: Free image scanning, visualization, and package inspection.
Base image remediation: Comprehensive risk assessment and remediation.
Runtime integration support: Deeper insights into package and image runtime status.
Enhanced triage capabilities: Better prioritization and risk management.
Improved scan risk reports: Detailed analysis and actionable insights.
For comprehensive details, refer to our documentation portal.
Cloud Insights
General availability: July 31, 2024
Checkmarx One Cloud Insights provides actionable insights by correlating data across the SDLC and runtime environments. This integration allows developers to focus on the riskiest issues which matter the most to their business.
Combining Checkmarx One scanners with Cloud Insights' runtime data gives organizations visibility and control over their cloud-native applications. This approach enables security and development teams to identify and prioritize vulnerabilities based on runtime exposure, ensuring critical issues are promptly and effectively addressed.
For comprehensive details, refer to our documentation portal.
Analytics | Vulnerabilities Drill-Down
General availability: July 31, 2024
Enhance actionable insights with our vulnerabilities KPIs. Directly access vulnerabilities details view with one click, speeding up the remediation process, reducing exposure, and bridging the gap between AppSec and development teams.
Explore the new feature and enhance your security operations!
Support ticket creation enhancements
General availability: July 31, 2024
To streamline the support ticket creation process, Checkmarx One now leverages data directly accessible from the user and automate the population of such fields as region, time zone, tenant ID, tenant location, and more. This automation simplifies the ticket creation process, ensuring that essential information is included from the outset.
Results summary statistics enhancement
General availability: July 31, 2024
We have enhanced the results summary statistics on each project's Scan History page. When changing a result’s severity, it will update up to 50 of the latest scans for results with the same Similarity ID. This applies to other projects within the same application if results labels are shared.
Changes for the latest scan and the actual scan modified by the user are done in real-time, while updates for the rest of the scans occur in the background.
Managing self-hosted code repositories
General availability: July 21, 2024
We have expanded support for managing integrations with self-hosted code repositories. This will allow for greater flexibility and efficiency in handling diverse codebases, improving productivity and streamlining development workflows.
Checkmarx One customers can now edit the configuration of existing self-hosted code repository integrations in GitLab and GitHub. This is in addition to the existing capability to do so for ADO and Bitbucket.
Checkmarx One customers can now create distinct code repository integrations for multiple self-hosted code repositories.
License page redesign
General availability: July 31, 2024
The license page has been redesigned to provide a modern and user-friendly experience.
Criticality level tooltip enhancement
General availability: July 21, 2024
The tooltip for an application's criticality level has been updated for clarity. It now explains that the criticality level directly influences the application's overall risk score in Application Risk Management and helps determine the top 10 most critical applications within a tenant.
SCA
Identifying Framework dependencies
We now identify packages that are included in the Framework installation. We label these packages as Framework
, and enable filtering the results to exclude these packages. This eliminates unnecessary noise, since these packages can't be remediated without updating the version of the overall framework.
Note
This feature is currently supported only for .NET projects.
CLI and Plugins Releases of July 2024
CLI Version 2.2.1
Status | Item | Description |
---|---|---|
NEW | GitLab integration | Added support for generating SCA reports in |
UPDATED | State filter | Added the option to the set the "state" filter as |
FIXED | Symbolic link | Fixed error that was occurring when a symbolic link points to a folder and shares a common path with the folder it points to. |
CI/CD Plugins
In June we released the following CI/CD plugin versions:
Improvements and Bug Fixes
Status | Item | Platform | Description |
---|---|---|---|
NEW | General | GitHub Actions, Azure DevOps | General improvements and bug fixes. |
Plugin | Marketplace | Code Repository | Documentation | Changelog |
---|---|---|---|---|
Azure DevOps | https://marketplace.visualstudio.com/items?itemName=checkmarx.checkmarx-ast-azure-plugin | |||
GitHub Action | https://github.com/marketplace/actions/checkmarx-ast-github-action | |||
TeamCity | https://github.com/CheckmarxDev/checkmarx-ast-teamcity-plugin | |||
Jenkins |
IDE Plugins
In June we released the following IDE plugin versions:
Improvements and Bug Fixes
Status | Item | Platform | Description |
---|---|---|---|
UPDATED | Plugin name change | VS Code | Changed the name of the extension from Checkmarx to Checkmarx One. |
IDE Plugin Quick Links
Get Latest Version from Marketplace | Changelog | Documentation |
---|---|---|
IAM (Version 3.18.1)
This version includes the following IAM-related resolved issues:
SAML attribute to Groups Mapper in Force Sync mode ignored all other Group Mappers.
Service Users were erroneously able to toggle on and off the Enable Downloading Source Code option.
Resolved issues
An error message occurred when creating an OAuth client if the user who created it had
manage-clients
credentials but not themanage-users
option.An attempt to create a Feedback App for an IT Azure project resulted in an error.
Policy Management: False positive IaC policy violations were reported that did not appear in the Incident tab.
It was not possible to create an application through API with the related project ID in the rules.
Scan report configuration was ignored when generating reports.
The “SRC Deleted on Data Retention” message appeared when the code could not be accessed.
Users with special characters in their first or last name encountered sporadic error 500 messages.
Issues with GitLab merge request decoration.
Migration API or Import API for ADO cloud failed while trying to trigger a scan.
The documentation link to VS Code Plugin on the Integrations page was incorrect.
The "Audit Scan" error was encountered in SAST and IaC when the SCA scanner failed.
Slack feedback profile did not work.
In certain scenarios it was impossible to generate a PDF report.
Issues with exporting report on Global Inventory & Risk.
Dependencies that were only present in Dev and/or Test scopes were not properly indicated.
The Back button in the SCA result viewer was not working.
The isViolatingPolicy column was incorrectly shown in Global Inventory reports in the Checkmarx One UI.
A scan failed due to inability to extract a zip file.
The
UsageType
parameter had different predefined values in theExportService
andRiskManagement
API endpoints.Contributing Developers reports failed with a 500 HTTP error when the number of contributors exceeded 4500.
The SAML attribute in the Group Mapper in force Sync Mode ignored all other Group Mappers.
Policy Management incorrectly failed a build due to an exception caused by a gRPC message exceeding the maximum size limit.
The SAST Policy Manager Rule was malfunctioning: even if only one condition did not fail, the rule still failed.
In Policy API, a net new policy was not labeled as
passed
.