Skip to main content

Current Multi-Tenant Version | 3.37

Multi-Tenant release date: May 11, 2025

New Features and Enhancements

Use Private Registry Integrations for Matching Container Images to Checkmarx One Projects

Cloud Insights now extracts container image data (such as labels, image-sha, and packages) from the private cloud registries that have been connected to your Checkmarx One account. This data is used by Cloud Insights to improve the accuracy of the matching of container images to Checkmarx One projects.

Currently supported for: GitHub, JFrog, and Dockerhub.

Use Commit Hash and Repo URL for Cloud Insights Matching

We now compare the commit hashes (revision tags) and repo URLs in the Checkmarx One project scans with the hashes and URLs in the container metadata (i.e., OCI Labels). This enables increased accuracy of project matching.

IaC Updates

IaC version 2.1.7 has been released with the following new features:

  • Fixed an issue that was causing a FP on the OpenAPI query.

  • Updated the link on the AWS queries to refer to the proper documentation at docs.aws.amazon.com.

  • Fixed an issue that was triggering a false positive in the Password and Secrets query.

  • Added support for parsing nested HCL identifiers in Terraform by grouping variable paths and maintaining relative subpaths.

SCA Updates

Auto Pull Request Improvement

When a non-supported manifest file is present in the project together with a supported file (i.e., package.json), this no longer prevents the auto pull request from being sent for the supported file.

To learn more about the auto pull request feature, see documentation.

Resolved issues

Ticket number

Description

AST-70904

Dockerfile was not recognized on the container scan.

AST-76766

Missing results were observed on image "r-base:4.4.1".

AST-77925

The remediation recommendation did not work properly.

AST-78995

Unable to get image from private registry, even though login and pull were successful.

AST-81282

Folder/File exclusion for Container scan didn’t work correctly.

AST-82199

The Container Security UI showed inconsistencies and errors when trying to change the state of the results.

AST-82542

The scans API sporadically returned error 502.

AST-82733

CLI plugin using container engine populated temp directory with "stereoscope" folders and did not erase them.

AST-83219

CLI plugin output SYFT debug logs without --debug flag.

AST-84268

Container Security UI scans were not able to scan a specific image.

AST-84782

False negatives were reported for Django 1.8 package in Container Security.

AST-86103

A container security results permission issue.

AST-86951

A performance issue occurred when changing predicates.

AST-87972

An issue with permissions for results triage was observed.

AST-87987

The --containers-exclude-non-final-stages parameter did not work.

AST-88092

An exception occurred during the Containers Policy validation.

AST-88838

The container engine failed after 30 minutes, even though the codebase had no containers.

AST-89575

A PR comment was not created for on Azure DevOps.

AST-91027

The policy broke the PR decoration format on Bitbucket.

AST-92095

Local image resolution did not work on Windows.

AST-92225

GetUploadedFileForScan failed for scan due to GRPC Exception.

AST-92440

The attack vector did not navigate to the selected node.

AST-93503

An exception occurred in the new policy management section in the PR decoration flow.

AST-93522

Update Results Roles were misconfigured.

AST-83377

Documentation update was needed for Net New Vulnerabilities Policy in Policy Management.

AST-82423

Documentation update was needed for the Open vulnerabilities in the Project's Overview.

AST-73194

Documentation update was needed for ADO Feedback app Open-status and Close-status fields.

AST-78227

Projects displayed results despite SSCS being disabled in a tenant.

AST-86769

CLI plugin Jenkins plugin did not support HTTP_PROXY variable in lowercase (http_proxy).

AST-89692

SCS scans were triggered without a license in GitLab CI/CD.

AST-93297

Unable to see imports or start an import from Account Settings.

AST-93519

GET /api/risks/{scan_id} returned 503 Service Unavailable.

AST-93628

Cookies needed to be cleared after the deployment of the new version.

SCA-22294

Scan history results did not match the risk results.

SCA-22295

SCA vulnerability showed in UI but was missing in ast_sca_scan_summary table.

SCA-22571

Discrepancy was seen in SCA Scan Results.

SCA-22662

Timeout occurred on the Notifications page - notification/notifications/settings/projects.

AST-89617

Option from Assign Projects at Application List was disabled.

AST-91408

The popup window from Notes cut the URLs added in the notes.