Skip to main content

Version 3.18

Multi-Tenant release date: July 21, 2024

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment, unless explicitly stated otherwise in the respective section's sub-heading.

New features and enhancements

Container Security

Early access availability: July 21, 2024

We are excited to announce a major update to Checkmarx One with our new Container Security solution. This update brings powerful features to enhance your container security efforts.

Key features and capabilities:

  • Dedicated new module: Improved visibility on container image risks.

  • Enhanced API and CLI commands: Streamlined container scanning.

  • Docker desktop extension: Free image scanning, visualization, and package inspection.

  • Base image remediation: Comprehensive risk assessment and remediation.

  • Runtime integration support: Deeper insights into package and image runtime status.

  • Enhanced triage capabilities: Better prioritization and risk management.

  • Improved scan risk reports: Detailed analysis and actionable insights.

For comprehensive details, refer to our documentation portal.

Cloud Insights

General availability: July 31, 2024

Checkmarx One Cloud Insights provides actionable insights by correlating data across the SDLC and runtime environments. This integration allows developers to focus on the riskiest issues which matter the most to their business.

Combining Checkmarx One scanners with Cloud Insights' runtime data gives organizations visibility and control over their cloud-native applications. This approach enables security and development teams to identify and prioritize vulnerabilities based on runtime exposure, ensuring critical issues are promptly and effectively addressed.

For comprehensive details, refer to our documentation portal.

Analytics | Vulnerabilities Drill-Down

General availability: July 31, 2024

Enhance actionable insights with our vulnerabilities KPIs. Directly access vulnerabilities details view with one click, speeding up the remediation process, reducing exposure, and bridging the gap between AppSec and development teams.

Explore the new feature and enhance your security operations!

Support ticket creation enhancements

General availability: July 31, 2024

To streamline the support ticket creation process, Checkmarx One now leverages data directly accessible from the user and automate the population of such fields as region, time zone, tenant ID, tenant location, and more. This automation simplifies the ticket creation process, ensuring that essential information is included from the outset.

Results summary statistics enhancement

General availability: July 31, 2024

We have enhanced the results summary statistics on each project's Scan History page. When changing a result’s severity, it will update up to 50 of the latest scans for results with the same Similarity ID. This applies to other projects within the same application if results labels are shared.

Changes for the latest scan and the actual scan modified by the user are done in real-time, while updates for the rest of the scans occur in the background.

Managing self-hosted code repositories

General availability: July 21, 2024

We have expanded support for managing integrations with self-hosted code repositories. This will allow for greater flexibility and efficiency in handling diverse codebases, improving productivity and streamlining development workflows.

  • Checkmarx One customers can now edit the configuration of existing self-hosted code repository integrations in GitLab and GitHub. This is in addition to the existing capability to do so for ADO and Bitbucket.

  • Checkmarx One customers can now create distinct code repository integrations for multiple self-hosted code repositories.

License page redesign

General availability: July 31, 2024

The license page has been redesigned to provide a modern and user-friendly experience.

Criticality level tooltip enhancement

General availability: July 21, 2024

The tooltip for an application's criticality level has been updated for clarity. It now explains that the criticality level directly influences the application's overall risk score in Application Risk Management and helps determine the top 10 most critical applications within a tenant.

SCA

Identifying Framework dependencies

We now identify packages that are included in the Framework installation. We label these packages as Framework, and enable filtering the results to exclude these packages. This eliminates unnecessary noise, since these packages can't be remediated without updating the version of the overall framework.

Note

This feature is currently supported only for .NET projects.

CLI and Plugins Releases of July 2024

CLI Version 2.2.1

Status

Item

Description

NEW

GitLab integration

Added support for generating SCA reports in gl-sca format for display in Security Dashboard (in addition to existing support for gl-sast). For more details about the GitLab integration, see Checkmarx One GitLab Integration.

UPDATED

State filter

Added the option to the set the "state" filter as exclude_not_exploitable, in order to show all states other than not_exploitable. This filter can be used with the results show command as well as with scan create.

FIXED

Symbolic link

Fixed error that was occurring when a symbolic link points to a folder and shares a common path with the folder it points to.

CI/CD Plugins

In June we released the following CI/CD plugin versions:

  • GitHub Actions Plugin - 2.0.31 (uses CLI v2.2.1)

  • Azure DevOps - 2.0.37 (uses CLI v2.2.0)

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

General

GitHub Actions, Azure DevOps

General improvements and bug fixes.

IDE Plugins

In June we released the following IDE plugin versions:

  • Visual Studio - 2.0.57 (uses CLI v2.2.0)

  • VS Code - 2.17.0 (uses CLI v2.2.0)

Improvements and Bug Fixes

Status

Item

Platform

Description

UPDATED

Plugin name change

VS Code

Changed the name of the extension from Checkmarx to Checkmarx One.

IDE Plugin Quick Links

IAM (Version 3.18.1)

This version includes the following IAM-related resolved issues:

  • SAML attribute to Groups Mapper in Force Sync mode ignored all other Group Mappers.

  • Service Users were erroneously able to toggle on and off the Enable Downloading Source Code option.

Resolved issues

  • An error message occurred when creating an OAuth client if the user who created it had manage-clients credentials but not the manage-users option.

  • An attempt to create a Feedback App for an IT Azure project resulted in an error.

  • Policy Management: False positive IaC policy violations were reported that did not appear in the Incident tab.

  • It was not possible to create an application through API with the related project ID in the rules.

  • Scan report configuration was ignored when generating reports.

  • The “SRC Deleted on Data Retention” message appeared when the code could not be accessed.

  • Users with special characters in their first or last name encountered sporadic error 500 messages.

  • Issues with GitLab merge request decoration.

  • Migration API or Import API for ADO cloud failed while trying to trigger a scan.

  • The documentation link to VS Code Plugin on the Integrations page was incorrect.

  • The "Audit Scan" error was encountered in SAST and IaC when the SCA scanner failed.

  • Slack feedback profile did not work.

  • In certain scenarios it was impossible to generate a PDF report.

  • Issues with exporting report on Global Inventory & Risk.

  • Dependencies that were only present in Dev and/or Test scopes were not properly indicated.

  • The Back button in the SCA result viewer was not working.

  • The isViolatingPolicy column was incorrectly shown in Global Inventory reports in the Checkmarx One UI.

  • A scan failed due to inability to extract a zip file.

  • The UsageType parameter had different predefined values in the ExportService and RiskManagement API endpoints.

  • Contributing Developers reports failed with a 500 HTTP error when the number of contributors exceeded 4500.

  • The SAML attribute in the Group Mapper in force Sync Mode ignored all other Group Mappers.

  • Policy Management incorrectly failed a build due to an exception caused by a gRPC message exceeding the maximum size limit.

  • The SAST Policy Manager Rule was malfunctioning: even if only one condition did not fail, the rule still failed.

  • In Policy API, a net new policy was not labeled as passed.