Upcoming Single-Tenant Version | 3.28

SCA engine results have been added to the logs for analysis purposes.

Scan-Summary API returned a negative number of findings.

Incorrect project results on the Projects List page.

Filters in the SAST results grid were ignored when performing a search by name.

Recurrent vulnerability status was shown as +1 in the Checkmarx One UI.

No "fixable" recommendations for a private image that was using public base images.

The count for selected vulnerabilities did not reset after an action.

The Result Viewer did not provide an option to cancel filters once the list was empty.

Cloning failed with a "destination path already exists and is not an empty directory" error message.

The Jira feedback app created a duplicate ticket for the same finding in the same project when scans were triggered differently.

Trying to integrate already integrated project led to the removal of SCM repository data.

An attempt to download a contributors CSV file resulted with an “error 403 forbidden”.

An API Security scan failed to find source code when organization name contained white spaces.

Misleading response message on SAST Scan Results comparison API endpoint.

IAM: For any group created from the Identity Provider Mapper section, the Created By field was blank.

IAM: the manage-clients role was not available in the Group role mapping.

IAM: The IAM Groups tab was not correctly showing the groups list, because the API was hardcoded filtering the results up to 200 results.

IAM: The GET /users API endpoint returned a partial response in some cases.

Scan failure possibly caused by a MinIO outage or temporary disruption.

Short GRPC timeout.

Wrong error code was sent to Zeebe.

Impossible to change one specific vulnerability status (CVE-2017-12626).

SCA - Reoccurring Problem - Internal Error.

Top vulnerabilities with empty vulnerability description.

Private package did not appear in the UI, but it did appear in the results file.

GetEvaluableEntities query should not rely on TenantId to filter data.

Failing to get comparison results when using a language different than English.

API Security doesn't find the OpenAPI definition.

GET /api/scans request did not retrieve the commitID.

Analytics displayed no results for a specific application and project, despite the application and project having generated results.

The path on the Project page became overlaid and unreadable when the page was zoomed.

Incorrect link for Checkmarx One External IP's List.

Missing projects in Analytics.

End-of-life Node version warning in ADO pipelines.

Viewing results for a specific application from Risk management was failing.

The manage-feedbackapp role was removed from ast-admin in IAM 3.24.

Attack vectors spanning multiple files had an incorrect URL in Jira.

The "Friendly Name" attribute in the "SAML Attribute to Role" mapper did not behave as in other mappers.

Unable to generate a project report.

Syncing DependencyModel failed with the error: column "additional_data" is of type jsonb but expression is of type text.

A 500 GraphQL error occurred after marking CVE-2024-37568 as "Proposed Not Exploitable."

The PDF SCA report did not reflect the data shown in the UI.

HashMatching was taking too long to analyze packages.

Inconsistent order in the Global Inventory.

The screen to change the status of the SCA vulnerability failed to load.

Request to add SCA engine results to the logs.

SBOM scan failed.

Users with manage-groups roles were able to obtain Admin privileges.

An error occurred when attempting to update the password for any user.

Container Engine didn’t show results if the user was "if in group".

It was not possible to add Azure Cloud as a self-hosted SCM if the URL contained user info.

It was not possible to import repositories from GitHub.

REST API /api/flags?filter={tenantID} allowed checking other tenant IDs.

The feedback app updated the status of the Jira tickets on every scan, even when they were already marked as Released.

Problems with filtering Container Security vulnerabilities and packages.

Attack vectors spanning multiple files had incorrect URL in Jira.

The view-results-if-in-group role didn’t work for "containers".

The results API was not working for the Container Security Engine.

Container scans wouldn’t finish in a test environment.

Inconsistency between CSV Applications report and the application UI overview.

Project's JSON report showed the package and technology names in the languagename field.

If Jenkins was running on a Linux machine, it wouldn’t collect the environment variable in lower case.

Users with the ast-admin role encountered a 403 Forbidden error page.

[Analytics] The application encountered a ReferenceError with the message: "stateColors is not defined".

Deleting a project failed with the error message: "Failed to fetch project".

It was requested to increase the gRPC max message size and decrease the pagination offset.

Scanning failed when a large number of secrets were inserted.

Inserting results failed.

Import queries were not working as expected.

Tenant name was not filled automatically when logging in to a single-tenant environment.

The Identity Provider Mapper of type SAML Attribute to Groups does not display subgroups.

SCS risks in the Application Risk Management UI could not be linked to the correct risk pages.

There was a discrepancy in results when processing two nearly identical ZIP files.

Irrelevant error message.

The GI search box was not filtering correctly.

The Package Usage feature encountered an OutOfMemory error.

The page redirected to a 404 error, and users were unable to retry by refreshing the page.