Skip to main content

Version 3.19

Multi-Tenant release date: August 4, 2024

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment, unless explicitly stated otherwise in the respective section's sub-heading.

New features and enhancements

New report: Project

The new Project Report merges the existing Project Report and Open Vulnerabilities Report, creating a unified document that enhances user experience and improves data analysis and decision-making. This single report provides a comprehensive view of project management and security.

License count enhancements

We have enhanced the repository count by using an API to obtain a more accurate number of committers for each private repository imported into Checkmarx One. This improvement introduces logic to exclude bot users and duplicate developers, ensuring more reliable data.

Users will also be able to download a detailed and accurate CSV report, listing developers who have made commits in the last 90 days.

Search in Query Editor

Search options have been added to the Query Editor to reflect results from query names, query content, and source code files, content, and folders. This enhancement ensures greater search precision.

Application level override

Checkmarx One now supports overriding queries at the application level. Queries overridden at the application level will affect all projects in that specific application.

File Exclusions

Checkmarx One now includes a Recommended Exclusions setting to exclude unnecessary files and folders during SAST scans. This significantly reduces scan time and results in a more responsive and user-friendly experience.

For more information, click here.

Loading the Audit in edit mode

The ability to load the Audit in edit mode independently of a project, a feature present in SAST, has now been implemented in Checkmarx One.

SAST engine upgrade

The SAST engine in Checkmarx One has been upgraded to version 9.6.6. To discover all the new features and updates in the latest version, refer to this page.

UI/UX enhancement for new Projects page

The order of the columns has been rearranged to prioritize the most important data, such as risk level, total vulnerabilities, and last scan date, which now appear first from the left. This adjustment also ensures that the floating action icons do not obscure the total vulnerabilities data.

Postman collection for DAST API scans

Now you can use the Postman collection job when running DAST API scans from the DAST CLI. For more information, click here.

SCA Improvements

SCA Resolver Version 2.9.2 (Aug 8, 2024)

  • Fixed log level when extracting malformed compressed files.

  • Prevent scan failure when using complex markers on pip requirements.txt files.

  • Ensure flow synchronization when processing container scans.

  • For NuGet, updated the package versions for .NET distributed packages.

  • For Yarn, improved compatibility when processing yarn.lock files using version 2.

Download the new version here.

Resolved issues

  • IaC scanner results were not available in the logs.

  • Discrepancy between the number of Container Vulnerabilities in scan-summary and GraphQL.

  • An attempt to retrieve SCM settings from the scan configuration resulted in an error.

  • Scan Status and Incremental Scans from the Analytics Over Time viewer appeared with dates out of order.

  • Intermittent error when opening scan results.

  • The presentation of queued scan times for API Security differed from that of other scanners.

  • The "platform" rule for the IaC Security Scanner was not applied.

  • Confusing scan date for projects without scans.

  • WebAudit was not opening in projects due to an expired DefaultConfig URL.

  • The PR did not include subgroups that the repository belonged to during the redirection.

  • The Changes made in column in the Results Viewer was empty.

  • Error in generating a SAST scan report for specific source code.

  • api/projects-overview/aggregate was failing even when sent with the correct parameters.

  • Integrated project summary and scan details link was broken.

  • The meta-results-processor-inc service encountered a Grpc ResourceExhausted error.

  • Scanning failures occurred when using git commit to non-master branches after the latest version update.

  • A "500 - Internal Server Error" message appeared when accessing More Details.

  • Incorrect component version was identified on a NuGet project.

  • No scan results for a specific project.

  • The license status did not update.

  • Risk page only listed one vulnerable package path for risks with packages with multiple references.

  • Different results were observed between versions 1 and 2 of yarn.lock files, affecting both transitive and direct dependencies.

  • The redirect button for Remediation Tasks was displayed even when Remediation Tasks were disabled.

  • The ScaWorker status was stuck in the "running" state.

  • Error in a query description.

  • Policy management incorrectly failed the build after encountering an exception due to a gRPC message exceeding the maximum size limit.

  • The false negative in "Key Vault Not Recoverable" occurred when both enableSoftDelete and enablePurgeProtection were set to false.

In this section: