Current Multi-Tenant Version | 3.53

Cloud Insights now highlights changes in vulnerability counts between the image currently in production and the latest project scan. A new Image → Latest Scan column in the Cloud Insights Inventory clearly shows the delta, helping teams identify risk increases before code is deployed. You can filter projects by security trend and sort by total delta to quickly pinpoint areas where risk is rising. This makes it easier to assess the impact of upcoming releases, prioritize remediation efforts, and prevent vulnerable code from reaching production.

Analytics now supports a custom date range filter, allowing you to select exact start and end dates using a classic date picker. The selected range is applied consistently across all KPIs, trend charts, and over-time metrics on the Analytics page.

This gives you full control over the timeframe you analyze, making it easier to create accurate reports, investigate specific periods, and base decisions on the most relevant data instead of fixed, predefined ranges.

To view a full explanation of Analytics filters, see Filtering.

Cloud Insights now leverages AI to enhance container image detection and correlation. The platform can identify third-party images, automatically extract commit hashes and source URLs, and correlate images to their originating projects.

For more information about Cloud Insights correlation methodology, see Correlation Methodology.

Webhook creation now includes built-in limits to improve platform stability and prevent accidental overload of internal services. Users can create only one webhook per Payload URL per level (Project or Tenant), with clear guidance to update an existing webhook if a duplicate is detected. The total number of webhooks a user can create is capped based on the number of supported event types, ensuring predictable and controlled usage.

When the same Payload URL exists at both Project and Tenant levels, the Project-level webhook takes precedence for matching events, while different event selections will trigger all relevant requests.

These safeguards make webhook usage more reliable and predictable, prevent misconfiguration and sprawl, and ensure integrations scale safely without impacting system performance.

Scan Details now show webhook execution status for each scan, making it clear whether associated webhooks were triggered successfully. When a scan completes, any related webhook activity is logged in the Scan Details side panel.

If a webhook fails, the log displays not only a Failed status but also a short error description explaining the reason. All existing scan conditions remain visible.

Checkmarx One now supports automatic monitoring of new Azure DevOps (ADO) repositories. When enabled, any new project created in a connected ADO organization is automatically imported into Checkmarx One, with default settings applied and a scan triggered right away.

For more information on this feature, see Monitor New Repositories.

Analytics dashboards now show metrics from the Secret Detection and Repository Health scanners.

You can now view findings and KPIs related to exposed secrets and repository health (OSSF) alongside existing analytics data from other scanners. This creates a unified analytics experience, giving you consistent visibility across all supported scan types.

Secret Detection and Repository Health scanners are now fully supported in both Scan and Project reports. These scanners can now be included in CSV scan reports as well as in Project reports across all supported formats (PDF and JSON), bringing them to full parity with existing scanners.

You can now select Secret Detection and Repository Health when generating reports, ensuring a consistent reporting experience across all scan types. This update provides a single, consolidated view of security findings and improves visibility across your organization’s security posture.

Global Reports now include Container Security results. When enabled, this scanner can be selected in the Global Report UI and is fully supported via API, with its findings included alongside existing scanners.

You can now triage vulnerabilities in open-source dependencies using Vulnerability Exploitability eXchange (VEX) - a standardized, machine-readable format for communicating whether a known vulnerability (such as a CVE) actually affects your software.

This enhancement enables you to export SBOMs and reports that include clear, standardized exploitability classifications, helping teams reduce noise and focus on actionable risk.

For more information about VEX triage, see Triaging SCA Results.

You can now explicitly filter packages by the Monitored state (excluding Muted and Snoozed packages).

The new filter is available in both the SCA Results → Packages tab and the SCA Global Inventory → Packages tab.

This enhancement reduces noise, streamlines triage workflows, and ensures consistent filtering behavior across all package views.

SCA now extracts copyright ownership information for open-source packages and includes it in reports, making it easier to track usage rights and meet compliance requirements. Copyright details are now included in exported SCA scan report and SBOMs. When multiple copyright statements are present, they are consolidated and clearly separated for readability.

This enhancement improves visibility, simplifies compliance workflows, and helps generate complete third-party notice files with minimal manual effort.