Skip to main content

Version 3.21

Multi-Tenant release date: September 8, 2024

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment, unless explicitly stated otherwise in the respective section's sub-heading.

Maintenance releases

Note

This table includes only the maintenance releases that addressed customer-facing issues. Maintenance releases that contained only internal enhancements are not listed.

Release number

Resolved issues

3.21.6

Jira Feedback App links to view results had been broken for the new results viewer.

New Features and Enhancements

Filtering by Vulnerability Name

The Filter by Vulnerability Name feature in the Analytics module allows users to search for specific vulnerabilities detected in all projects within the Checkmarx One platform. Users can filter results based on vulnerability names, providing a comprehensive view of affected projects.

Enhanced Vulnerability KPIs with SCA and IaC Integration

The Top Open and Oldest Vulnerabilities KPIs metric has been enhanced by integrating Software Composition Analysis (SCA) and Infrastructure as Code (IaC) findings into the existing SAST data. This integration offers a comprehensive view of the vulnerability resolution lifecycle across these scanners, enabling better tracking and management of remediation efforts.

Removal of Incremental Scans KPI Chart from Scans Dashboard

The Incremental Scans KPI chart has been removed from the Scans dashboard, both in the Overtime and Total views. The new layout enhances clarity and usability by reordering elements and adding detailed information.

Ability to Delete Multiple Self-Hosted Repositories

You can now delete multiple self-hosted repositories from the Account Settings, either in the table view or within a configuration. If repositories are connected to a configuration, the delete option will be disabled, showing an information icon. Clicking the icon displays a list of projects associated with that configuration.

SCS (Supply Chain Security) Results Summary

The Scan Results Overview pie chart now includes results for SCS. Additionally, a new section titled "Supply Chain Security Vulnerabilities" has been introduced. This section displays a bar for each mini engine, such as "Secret Detection Severities" and "Scorecard Severities," categorized by severity levels.

Exporting Vulnerability Data in CSV Format

Users can now export data from the vulnerabilities table to a CSV file. The CSV will include all currently displayed columns in the table, along with a direct link to the results in the platform for each vulnerability.

SCA Updates

Remediation Recommendations in SCA Scan Report

We now offer recommendations for remediating the package versions as part of the SCA scan report. When you generate an SCA scan report either via the UI or via API there are two new fields:

  • NextVersionWithoutVulnerabilities – gives the next package version (i.e., minimal change from currently used version) that has no vulnerabilities.

  • LatestVersionWithoutVulnerabilities – gives the latest package version (i.e. most recently released version) that has no vulnerabilities.

These fields were added to reports in format json, xml or csv (but not for pdf).

SCA Resolver Version 2.11.2 (Sep 20, 2024)

  • Added support for Pub package manager (for Dart and Flutter frameworks).

    Notice

    Current limitations: Only identifies direct dependecies and only identifies Malicious Packages.

  • Performance optimization during folder analysis.

  • Improved Risk Report and SBOM generation. SBOMs are now generated in CycloneDX v1.5 format (instead of v1.3).

  • For Gradle, we now remove dependencies which Gradle marks as FAILED (such as packages that conflict with a different package version) from our scan results.

Download the new version here.

IAM Updates

  • The search for users and groups is now case-insensitive.

  • Keycloak has been upgraded to version 25.

Resolved IAM Issues

  • Users were missing firstName and lastName data.

  • OpenID Claim to Role Mapper removed existing roles.

  • It was possible to access the Keycloack page (account/#/applications) without proper authorization.

  • The IAM Groups tab was not displaying the groups list correctly due to the API being hardcoded to filter and limit the results to 200 entries.

  • SAML: Unable to change the NameID Policy Format when an email mapper was present.

  • SAML/OpenID login attempt failed if the creation of any group was unsuccessful.

  • In Force Sync mode, the SAML Attribute to Groups Mapper ignored all other Group Mappers.

Resolved Issues

  • It was not possible to save numbers in the query description.

  • Users with special characters in their first or last names occasionally encountered 500 Internal Server Error messages.

  • Unable to refresh repository permissions in SCM project.

  • The link to the vulnerable SCA package created by the GitHub PR decoration was incorrect.

  • Error: 'Failed to set need for recalculation' was encountered when modifying a vulnerability that is not from the last scan.

  • An error occurred while accessing the scan list of a project.

  • Application creation was taking longer than 30 seconds.

  • Specifying an image tag as a SHA256 hash resulted in no container package being found.

  • It was not possible to see to view resolved container packages.

  • Confusing information about a detected Docker image vulnerability.

  • The Policy Management page was failing to load for some users due to an encoded token issue.

  • A user with the 'view-projects-if-in-group' role received a 403 response.

  • The Results Summary API endpoint was returning illogical values in the 'stateCounters' field.

  • The tenant's name was not automatically filled in when logging into the ST environment.

  • The Risk Management GET /{applicationId}/results API returned 'Invalid limit argument' if the limit parameter was greater than 100.

  • The malicious package did not display details.

  • Project report generation was failing with the default settings.

  • The branch selector in the Containers Results Viewer was not functioning.

  • The scan kept failing with the error 'Failed to extract zip file' for a 2.8GB zip file.

  • Opening any item in the Packages & Version section of an SCA project resulted in a blank AppSec Knowledge Center page.

  • Failed to upload stream to the cloud (TIMEOUT ScanRunner).

  • SourceResolver was unable to locate missing packages.

  • Changes in packages were displayed even though the Mute option was applied.

  • The 50k limit was ignored when a filter was applied without pressing the 'Export Filter' button.