- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Upcoming Single-Tenant Version | 3.34
Upcoming Single-Tenant Version | 3.34
New Features and Enhancements
SAST Engine Upgrade to Version 9.7.2
The SAST engine in Checkmarx One has been upgraded to version 9.7.2. To discover all the new features and updates in the latest version, refer to this page.
Enhanced DAST Triage with Persistent Notes
The Add Notes feature enables users to attach context to vulnerabilities in DAST results, such as mitigation strategies or rationale for severity changes. Notes persist across scans, supporting triage, auditing, and collaboration. This aligns with the existing note-adding functionality in SAST and IaC Security, ensuring platform consistency.
Enhanced Triaging for Secret Detection and Repo Health
The new triaging capabilities in the Repository Health and Secret Detection tabs provide a structured way to manage and prioritize findings. Users can now categorize findings by severity and state, add mandatory comments, and track all actions through a history log.
This ensures a more efficient workflow, allowing security teams to quickly address critical issues while maintaining transparency and accountability. The feature also improves clarity by clearly indicating non-exploitable risks in the UI, helping teams focus on actionable threats.
Feedback App Alerts for SCA Vulnerabilities
You can now configure Feedback Apps to send automatic Alerts to Slack, Teams or Email when a new SCA vulnerability is detected in a package that is used in your projects.
API for Unlimited Filtering of Scans
We have added a new API, POST /scans/byfilters. This enables retrieving detailed information about scans, similar to GET /scans. However, the new API does not have a limit on the number of characters used in filter submission.
External API for Analytics Database
The new external API endpoints provide access to the Checkmarx One Analytics database, enabling customers to integrate their preferred Business Intelligence tools for customizable data analysis and reporting. This API also offers a unified access method for internal Checkmarx One services to consume analytics data.
By replacing multiple real-time data retrieval processes with a single, robust API, it streamlines data access, reduces integration complexity, and minimizes potential points of failure.
For more information, see documentation.
Cloud Insights: Enhancements in Public Exposure Data Logic for Replicated Images
This release introduces enhancements to the Cloud Insights logic for determining the exposure status of replicated images.
Left-Side Menu Updates
In the Checkmarx One left-side menu, Insights has been replaced with ASPM, and Analytics, Risk Management, and Cloud Insights have been grouped under this menu.
SCA Updates
AI Guided Package Remediation
When the SCA scanner identifies a vulnerable package in your project and there is no remediated version available, a button is now shown that enables you to get AI generated suggestions for non-vulnerable replacement packages.
SCA Global Inventory Improvements
We added the following functionality to the Vulnerabilities & Malware tab of the SCA Global Inventory.
Added the “Fix Available” column, indicating whether or not a remediated version of the package is available. You can sort and filter for this column.
The EPSS score is now shown in a separate column (not under Exploitability). You can now sort and filter for EPSS.
SCA Resolver Version 2.12.11
For Nuget, fixed resolution for projects that include private packages.
Download the new version here.
IAM Updates
Keycloak Upgrade
Keycloak was upgraded to version 26.1.
Resolved issues
Ticket number | Description |
|---|---|
AST-80321 | Epic Links for Jira feedback profiles stopped working. |
AST-80593 | An error occurred when generating a Projects Report. |
AST-80428 | A type conversion error occurred when attempting to convert an empty interface. |
AST-80773 | The access token was briefly exposed when opening the Overview page in a new tab. |
AST-81799 | Analytics: CSV report from KPI was ignoring a tag filter. |
AST-81136 | API Compare Scan Endpoint allowed comparison to a running scan. |
AST-82885 | The source code was missing in the SAST viewer when the file path contained an HTML entity such as #. |
AST-82682 | An attempt to delete a project failed with the "Failed to fetch project" error. |
AST-84312 | A SAST scan was skipped with the "no valid sources were found" message for repositories containing symlinks. |
AST-84583 | The system OAuth client was visible in AIM UI. |
AST-84801 | The Applications page was not loading with a “Failed to get all Projects” error. |
SCA-21893 | SPDX 2.2 SBOM Scan was not working. |
SCA-21983 | Failed to load results from old projects. |
AST-82217 | SCA Containers were still showing results. |
AST-64507 | Traditional Chinese characters are masked in project report. |
AST-78615 | The number of vulnerabilities in Scan History doesn't match the CSV Export grid. |
AST-80010 | The CSV from SAST results shows an incorrect detection date when the detection date is earlier than the scan date. |
AST-80016 | Failed to generate a report with the Containers engine. |
AST-80697 | Application report is showing 0 for all the rows for some users. |
AST-81066 | Automatic filter reset when viewing vulnerabilities in DAST results. |
AST-72972 | The ID columns in the “ast_meta_scan_results” and “ast_meta_results” tables for single-tenant deployments were incorrectly set to INT type. |
AST-73941 | Updating scan results triggered a 502 Bad Gateway error. |
AST-74875 | A scan was stuck in the Running state. |
AST-76119 | SAST encountered an error when processing engine ETL results, with the message (pq: deadlock detected). |
AST-66143 | Deleted groups still appeared on the Projects page. |
AST-80423 | Wrong behavior on the Applications page for users that have if-in-group permissions. |
AST-82542 | The |
AST-77615 | An exception occurred during the Policy Manager SCA Engine validation step. |
AST-84342 | SAST Migration: services crashed due to a Redis error. |
AST-84428 | Mismatched vulnerabilities count between the Applications view page and the count inside a specific application. |
AST-84443 | The Results pages for both SAST and SCA were not opening from the application page on the primary branch. |
AST-85596 | An issue with the Container Security toggle in the Code Repository Integration projects. |
SCA-21272 | CycloneDx SBOM: Package hashes were always empty. |
SCA-21576 | Direct dependencies were marked as "snoozed" even though they broke the Policy check. |
SCA-21861 | The "Identified in Package" filter was not working correctly. |
SCA-22002 | An error occurred when generating SBOM in SPDX format. |
AST-80695 | The OAuth Client UI regenerated the secret when pressing Enter in any field. |