- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Current Multi-Tenant Version | 3.49
Current Multi-Tenant Version | 3.49
New Features and Enhancements
CxLink Migration to Zrok v1
Migrating to Zrok v1 provides added proxy support for CxLink enabling connections to Checkmarx One while using corporate/network proxies.
User-Controlled Incremental Scan for Branches
Incremental scan support for branch configurations is now fully exposed to users in the UI. Previously, this capability was controlled only through a feature flag, limiting visibility and user control. With this release, the feature flag has been removed, and users can now directly manage their incremental scan settings.
Results Metadata Grouping Available in UI
The Results Metadata Grouping setting, previously controlled by a feature flag, is now available in the UI, giving customers direct control over how results are grouped for triaging.
Manual Bearer Token Entry for API Scans
GA: December 7, 2025
In some cases, bearer tokens in the API specification may not grant access to API docs, causing scans to fail. To ensure scans succeed, now you can manually add bearer tokens using + Add custom headers and confirm your headers and target URL are correct.
Predefined Scan Configurations in DAST
GA: December 7, 2025
Added predefined scan configurations to the Environment Setup Wizard and Environment settings, so you no longer need to manage configuration files or ZAP.
IaC
Updated to version 2.1.16
Fixes and Improvements
Corrected false positives for SNS topic public accessibility in Terraform/AWS, Ansible/AWS, and CloudFormation/AWS.
Added support for database resources in two Azure queries.
Included cases for Azure App Service resources (azurerm_linux_web_app and azurerm_windows_web_app).
Prevented panic when parsing recursive YAML anchors or aliases.
Added support for arrays and minor fixes in queries.
Resolved Issues
Item | Description |
|---|---|
AST-120770 | Establishing a connection failed after multiple attempts. |
AST-120359 | Authentication to certain web applications in DAST failed. |
AST-119984 | Establishing a connection did not work as expected. |
AST-119074 | Generic API Key (ClientSecret) produced false negatives. |
AST-118991 | Generic API Key (SecretKey) produced false negatives. |
AST-118979 | Authentication to public web applications in DAST failed. |
AST-117177 | SAST results were missing descriptions. |
AST-116382 | Predefined Azure role identifiers (RBAC) were incorrectly flagged as secrets. |
AST-115570 | Generic API Key produced false positives. |
AST-120044 | The “Download Logs” option did not appear for specific tenants. |
AST-119647 | Authentication to additional public web applications in DAST failed. |
AST-118856 | DAST vulnerability reports contained duplicate compliance data. |
AST-118034 | Constant error messages appeared in the UI even though scans completed successfully. |
AST-117997 | Certain users were unable to tag scans. |
AST-117993 | Projects could not be deleted. |
AST-116320 | Generating DAST scan reports failed when scans contained a large number of vulnerabilities. |
AST-116212 | SAST worker failed to read results due to an XML parsing error. |
AST-108655 | The UI displayed an unclear message when the primary branch was not set. |
AST-98430 | SAST worker failed to read scan status due to a deserialization error (EOF). |
AST-114083 | Changing the preset setting at the project level was not possible. |
AST-114444 | GitLab projects did not convert via API, though creation and updates worked through the UI with the same credentials. |