Upcoming Multi-Tenant Version | 3.40

For images that have multiple source code repos associated with them, we now match the image to the main source code project and also show all private packages used by that image. The private package data is shown in the Attack Path visualization as well as in a tooltip in the Inventory table.

In addition to identifying the private packages used by the image, when possible, we also match those packages with Checkmarx One projects of the same name, enabling us to show vulnerability info for those packages.

You can now export the full Global API Inventory as a CSV file directly from the UI. The export respects your applied filters and sorting, includes all data across pages, and breaks down risk levels by severity. This makes it easier to share, audit, and analyze API risk data across teams. CSV files are downloaded automatically with a single click.

Cloud Insights now allows Checkmarx One admins to configure enrichment settings directly in the UI. Admins can control whether to push SAST or DAST results to Wiz, define the label for extracting repo URLs, and customize blacklist terms to fine-tune the matching algorithm.

This enables greater flexibility for implementing the enrichment.

The GET /results API response now includes a new field: alternateId. This field provides a unique identifier for each result and is currently supported for the following scanners: IaC, SAST, SCA, SSCS Secret Detection, and SSCS Scorecard.

Customers using CxLink can now connect to their SCMs through a secure tunnel instead of relying on direct SCM URLs. This enhancement enables seamless integration in restricted or secured network environments where direct access is blocked, simplifying setup and eliminating the need for firewall or network changes.

Checkmarx One automatically detects when CxLink is in use and routes traffic through the tunnel, ensuring secure and flexible SCM connectivity.

The Applications column is now available also for the new projects. This column shows which applications a project is associated with, helping users quickly understand project context without navigating away.

We released a new Checkmarx One plugin for identifying Software Composition Analysis (SCA) risks in your JFrog artifactory. The plugin analyzes each of the open source packages in your artifactory, comparing them against our SCA vulnerability database in order to identify security risks and license requirements. The findings are added as "cx" properties to each artifact, enriching the metadata displayed in the Artifactory UI.

This provides seamless risk visibility within your DevOps workflow, helping you to identify and address vulnerabilities early in the development process.

The plugin allows you to configure compliance thresholds, so that artifacts exceeding these thresholds are automatically marked as non-compliant. Depending on the configuration, such artifacts can be blocked from usage to prevent the use of insecure components.

We added the option when generating an SBOM report to exclude Dev and Test dependencies. See how we identify Dev and Test dependencies here.

We also added the option to exclude all licenses that are not designated as “Effective” for that particular package.