Checkmarx SCA Release Notes September 2024
Warning
The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.
Support for Pub Package Manage
We have added limited support for Pub package manager.
| Languages/Frameworks: Dart, Flutter Repository: N/A File Types: none Exploitable Path: Not supported | |||
Supported Package Manager | Vulnerability Support | Malicious Package Support | Manifest Files | |
Pub |
|
|
| |
SCA Resolver Releases
Download the latest version here.
Version 2.11.2
(Sep 20, 2024)
Added support for Pub package manager (for Dart and Flutter frameworks).
Notice
Current limitations: Only identifies direct dependecies and only identifies Malicious Packages.
Performance optimization during folder analysis.
Improved Risk Report and SBOM generation. SBOMs are now generated in CycloneDX v1.5 format (instead of v1.3).
For Gradle, we now remove dependencies which Gradle marks as FAILED (such as packages that conflict with a different package version) from our scan results.
Version 2.10.2
(September 3, 2024)
For Npm, improved package.json identification when lerna.json is present
For RubyGems, fixed circle dependencies
For Yarn, fixed direct dependency identification for yarn.lock v2
We added the following items to the scan summary that is shown when a scan is completed:
Outdated packages
Vulnerable packages, with breakdown by severity level
Legal risks, with breakdown by severity level
Critical and Info level severity are now displayed. (However, results for these severities are only identified in accounts for which this feature has been activated.)