Skip to main content

Current Multi-Tenant Version | 3.23 (Early Access)

Multi-Tenant release date: October 6, 2024

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

Release number

Resolved issues

3.23.13

  • SCA scans failed when MinIO was disabled.

  • When attempting to view the SCA results of any project on the Scanners page, a 400 error appeared.

New features and enhancements

New Code Retention Controls

We have developed two related features that enhance code privacy and result clarity:

  • Delete Code After Scan: The entire source code is removed once a scan is completed. While scan results remain visible, clicking on a result will not display the source code.

  • Keep Code Snippets: Only a few relevant lines of code related to each result are stored and shown when a result is clicked.

Currently, these features are controlled by feature flags with no option for user-driven activation or deactivation.

New 'Detection Date' Column in Results Viewer

We have introduced a Detection Date column, displaying the date each vulnerability was detected. This column is sortable and includes a filter option to help users easily manage and view vulnerability timelines.

SAST Engine Upgrade

The SAST engine in Checkmarx One has been upgraded to version 9.6.7. To discover all the new features and updates in the latest version, refer to this page.

SCA updates

Private Packages

We now identify private and unresolved packages in the scanned project. Private Packages are shown in the SCA Results > Packages tab.

Notice

A “private package” is a package or library developed in-house that is being used across the organization. For example, a logging library that was developed in-house and is used by several different projects. These packages are only visible to the specific collaborators/teams that were granted access.

Resolved issues

  • Failed to download the PDF report due to the error: “Something went wrong – failed to generate report.”

  • The Scan-Summary API was returning a negative number of findings.

  • Traditional Chinese characters were masked in the project report.

  • The DAST scan initiated from Checkmarx One was throwing DOM errors.

  • Attack Vector was throwing errors.

  • API security scans returned duplicate vulnerabilities when pagination was configured to display 10 items per page.

  • The POST /repos-manager/project-conversion API call remained in an ongoing state indefinitely.

  • Packages with malicious risks or Suspected Malware were experiencing an infinite loading issue.

  • It was required to add retry to publish messages on SCA services.

  • The scan of the SBOM CycloneDX version 1.2 returned no results.

  • Two different versions of jackson-databind were reported in same module though only one version appeared in the pom.xml.

In this section: