Skip to main content

Version 3.20

Multi-Tenant release date: August 18, 2024

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

Maintenance releases

Note

This table includes only the maintenance releases that addressed customer-facing issues. Maintenance releases that contained only internal enhancements are not listed.

Release number

Resolved issues

3.20.17

Users with certain permissions encountered 403 errors when attempting to add notes or change the state/status for specific results, even though they could perform these actions for other results within the same scan.

3.20.16

After upgrading to version 3.18, the tenant name was not automatically populated, even though the web app service was correctly configured.

New features and enhancements

Container results in Scan Report summary

Note

This feature is currently available only in Multi-Tenant environments and is not yet supported for Single-Tenant customers.

The Scan Report summary displayed in the main header has been enhanced to include Container results, providing a more comprehensive overview of your security posture.

The Scan Results Overview section has been expanded to feature specific KPIs related to Containers, offering deeper insights and more detailed visibility into your container security status.

Download source code (ZIP file) - Admins Only

This version introduces the capability to download the ZIP file submitted for scanning. This functionality enables quick rescans for minor changes, saves time, and enhances productivity.

In Identity Access Management (IAM), this functionality is off by default and can only be toggled on by the Admin. When toggled on, the permission - download-source-code - can be assigned to any user and allows them to download the source code as a ZIP file.

Checkmarx Support users also have this permission off by default and must be assigned the permission in IAM by the tenant Admin.

TAR file upload support

To enhance flexibility and accommodate a wider range of formats, Checkmarx One now supports .tar file upload.

Access to scans from Projects page

A new Query Editor button has been added to the Projects page for quicker access to your scans. Clicking on the button opens a dropdown list with available SAST or IaC scans for that project. The Query Editor button appears when there are SAST or IaC scans for that project.

The Query Editor button appears when there are SAST or IaC scans for that project.

UI enhancements

This version introduces the following UI updates:

  • On the Project page, on a project row, right-click Results, Overview, or Project Settings (ellipsis) and select Open link in new tab, to open the respective window in a new tab.

  • On the Overview page, in the Branch drop-down, right-click a branch and select Open link in new tab, to open it in a new tab.

  • On the Scan History page, after selecting a scan, right-click Results or Query Editor (Audit Scan) and select Open link in new tab, to open the respective window in a new tab.

Redesign of SAST Results Viewer

Note

This feature is currently available only in Multi-Tenant environments and is not yet supported for Single-Tenant customers.

The SAST Results Viewer page has been redesigned to be more intuitive and accessible.

A ribbon at the top of the page details the scanner type, project branch, scan date, and scan history. Details, like a result’s severity or source code file, are organized in a table, while quick links and buttons like Overview, Download Logs, Audit Scan, and Go To Project appear by hovering over a project row, making navigation between features quicker.

For more information, click here.

Retrieve list of SAST supported compliances via API

For the GET /queries/categories-types API, which fetches a list of supported compliances for SAST, we added a filter to retrieve only the “standard” compliances.

The “standard” compliances are the subset that Checkmarx One shows by default on the project page.

SCA

Delta Scan feature

Note

This feature is currently available only in Multi-Tenant environments and is not yet supported for Single-Tenant customers.

We have dramatically cut the time of SCA scans by introducing the new Delta scan feature. When rescanning an existing project, if the manifest files haven’t been changed since the last scan, then we skip the dependency resolution process. This can cut scan times by up to 95% without detracting from the accuracy of the scan.

Currently, this only applies to scans run in the cloud, not to scans run using SCA Resolver.

For more information, click here.

Resolved issues

  • Adding a SAST or IAC rule in Policy Management caused the UI to freeze.

  • The PR failed to include the subgroups that the repository belongs to during the redirection.

  • The Common query was not showing in the UI.

  • Sorting SAST results by Detection Date caused the results to be deleted and triggered a 400 error.

  • PDF and JSON report generation failed from both the UI and API with the grpc: received message larger than max error.

  • Users without the manage-reports permission were shown the option to generate reports, but the feature did not function.

  • The SAST Policy Manager rule was not functioning correctly: even when all conditions passed, the rule still failed.

  • SCA scan export failed.

  • SBOM vulnerability analysis.

  • The SourceResolverSandbox ran out of memory due to the large project size.

  • A CVE with a score of zero was incorrectly categorized as High.

  • SCA risks filter issues.

  • SCA risk results returned a 404 response code.

  • It was not possible to to delete existing policies from the Policy Management.

  • Two different namespaces were used for two scans of the same source code and caused for a wrong feedback Apps integration.