Skip to main content

Current Multi-Tenant Version | 3.31

Multi-Tenant release date: February 10-11, 2025

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

New Features and Enhancements

SAST Engine Upgrade to Version 9.7.1

The SAST engine in Checkmarx One has been upgraded to version 9.7.1. To discover all the new features and updates in the latest version, refer to this page.

Repository Insights API

We have introduced the Repository Insights API, providing metadata on developers' repositories, including Lines of Code (LOC), scanned files, and language usage. This enables AppSec managers to gain deeper insights into repository activity and refine security policies accordingly.

SCA Updates

SBOM Improvements

  • We have upgraded our SBOM capabilities by adding support for CycloneDX version 1.6. CycloneDX SBOMs generated via the web application (UI), CLI and API now conform to v1.6 specifications. In addition, for SBOMs uploaded using the File Analysis API, we now support CycloneDX v1.6.

  • For SBOMs generated by Checkmarx One, we now add the following info to the metadata field:

    • Project name

    • Project tags

    • Scan date

    • Scan tags.

Management of Packages - Mute and Snooze

You can now change the state of a package to “muted” so that the vulnerabilities associated with that package won’t be shown as risks in your project.

You can also “snooze” a package so that it is muted for a fixed period of time after which it will automatically revert back to being a regular monitored package. This can help to reduce noise in your system when you feel that a certain package does not pose a threat or where there is no available fixed version of the package.

When the snooze period ends, Checkmarx One automatically rescans the Primary branch of your project so that the project data accurately reflects the fact that the package has returned to being monitored.

For more information, see documentation.

IAM Updates

(General availability: February 16)

New Permissions for SCM Credentials Manager

Four new permissions have been added under the Integrations category:

  • Create SCM Configuration: Allows creating an SCM configuration without repositories.

  • Update SCM Configuration: Enables updating an SCM configuration.

  • Delete SCM Configuration: Permits deleting an SCM configuration.

  • View SCM Configuration: Grants access to view SCM configurations.

Keycloak Upgrade

Keycloak was upgraded to version 26.

Concurrent Session Limiting

Users can now set a limit on the number of concurrent sessions per user, providing greater control and compliance with organizational policies.

Resolved Issues

  • OpenID Claim to Role Mapper removed existing roles.

  • A scan was canceled automatically without any apparent reason.

  • SCA results button failed to render in the contextual right panel.

  • The Projects PUT method wouldn’t update the "origin" field with an empty string.

  • An inconsistency in the sorting behavior of the scans endpoint.

  • Adding a new tag or group filter by typing its name would clear previously selected filters in the Projects List.

  • The Scan List and Project Overview displayed different result counts for SCA findings.

  • It was not possible to select SPDX for the SBOM.

  • 2MS scans failed with the error: "Failed to parse 2MS results into SARIF: the provided file path doesn't have a file."

  • Duplicate groups were showing for the same project.

  • The filter select option on the Project Page was unavailable when only a few projects (up to 3) were displayed.

  • Scans were taking too long to complete.

  • Clicking on a project name link on the Project page led to an empty page with the URL "/Projects/undefined."

  • The export data pop-up in the Global Inventory exhibited unexpected behavior.

  • Changing a result in a project with an incremental scan caused the result count on the Project Page to become inflated and incorrect.

  • FirstFoundAt was incorrectly updated.

  • Checkmarx One was not identifying Perl dependencies.

  • Bulk tags applied on the fly were in lower case.

  • It was not possible to open multiple Risk tabs for SCA scan results.

  • SourceResolverSandbox exception: No results.

  • Project conversion API got stuck in IN_PROGRESS state, and running another process was not possible.

  • The Policy page was not editable.

In this section: