- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Current Multi-Tenant Version | 3.37
Current Multi-Tenant Version | 3.37
Multi-Tenant release date: May 11, 2025
New Features and Enhancements
Use Private Registry Integrations for Matching Container Images to Checkmarx One Projects
Cloud Insights now extracts container image data (such as labels, image-sha, and packages) from the private cloud registries that have been connected to your Checkmarx One account. This data is used by Cloud Insights to improve the accuracy of the matching of container images to Checkmarx One projects.
Currently supported for: GitHub, JFrog, and Dockerhub.
Use Commit Hash and Repo URL for Cloud Insights Matching
We now compare the commit hashes (revision tags) and repo URLs in the Checkmarx One project scans with the hashes and URLs in the container metadata (i.e., OCI Labels). This enables increased accuracy of project matching.
IaC Updates
IaC version 2.1.7 has been released with the following new features:
Fixed an issue that was causing a FP on the OpenAPI query.
Updated the link on the AWS queries to refer to the proper documentation at docs.aws.amazon.com.
Fixed an issue that was triggering a false positive in the Password and Secrets query.
Added support for parsing nested HCL identifiers in Terraform by grouping variable paths and maintaining relative subpaths.
SCA Updates
Auto Pull Request Improvement
When a non-supported manifest file is present in the project together with a supported file (i.e., package.json
), this no longer prevents the auto pull request from being sent for the supported file.
To learn more about the auto pull request feature, see documentation.
Resolved issues
Ticket number | Description |
---|---|
AST-70904 | Dockerfile was not recognized on the container scan. |
AST-76766 | Missing results were observed on image "r-base:4.4.1". |
AST-77925 | The remediation recommendation did not work properly. |
AST-78995 | Unable to get image from private registry, even though login and pull were successful. |
AST-81282 | Folder/File exclusion for Container scan didn’t work correctly. |
AST-82199 | The Container Security UI showed inconsistencies and errors when trying to change the state of the results. |
AST-82542 | The scans API sporadically returned error 502. |
AST-82733 | CLI plugin using container engine populated temp directory with "stereoscope" folders and did not erase them. |
AST-83219 | CLI plugin output SYFT debug logs without |
AST-84268 | Container Security UI scans were not able to scan a specific image. |
AST-84782 | False negatives were reported for Django 1.8 package in Container Security. |
AST-86103 | A container security results permission issue. |
AST-86951 | A performance issue occurred when changing predicates. |
AST-87972 | An issue with permissions for results triage was observed. |
AST-87987 | The |
AST-88092 | An exception occurred during the Containers Policy validation. |
AST-88838 | The container engine failed after 30 minutes, even though the codebase had no containers. |
AST-89575 | A PR comment was not created for on Azure DevOps. |
AST-91027 | The policy broke the PR decoration format on Bitbucket. |
AST-92095 | Local image resolution did not work on Windows. |
AST-92225 |
|
AST-92440 | The attack vector did not navigate to the selected node. |
AST-93503 | An exception occurred in the new policy management section in the PR decoration flow. |
AST-93522 | Update Results Roles were misconfigured. |
AST-83377 | Documentation update was needed for Net New Vulnerabilities Policy in Policy Management. |
AST-82423 | Documentation update was needed for the Open vulnerabilities in the Project's Overview. |
AST-73194 | Documentation update was needed for ADO Feedback app Open-status and Close-status fields. |
AST-78227 | Projects displayed results despite SSCS being disabled in a tenant. |
AST-86769 | CLI plugin Jenkins plugin did not support HTTP_PROXY variable in lowercase (http_proxy). |
AST-89692 | SCS scans were triggered without a license in GitLab CI/CD. |
AST-93297 | Unable to see imports or start an import from Account Settings. |
AST-93519 |
|
AST-93628 | Cookies needed to be cleared after the deployment of the new version. |
SCA-22294 | Scan history results did not match the risk results. |
SCA-22295 | SCA vulnerability showed in UI but was missing in |
SCA-22571 | Discrepancy was seen in SCA Scan Results. |
SCA-22662 | Timeout occurred on the Notifications page |
AST-89617 | Option from Assign Projects at Application List was disabled. |
AST-91408 | The popup window from Notes cut the URLs added in the notes. |