- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Upcoming Multi-Tenant Version | 3.35
Upcoming Multi-Tenant Version | 3.35
Multi-Tenant release date: April 6, 2025
Warning
The content and dates of these Release Notes are provisional and subject to change.
All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.
New features and enhancements
Project-Level Control for Code Deletion and Snippet Retention
GA: April 13
This version introduces project-level control over the deletion of entire source code or retention of vulnerable code snippets, enhancing platform security and enabling efficient code management in Checkmarx One.Customers can enable this functionality per project from the project settings page. The following options are available:
Delete Source Code: Automatically deletes the entire source code after a scan completes.
Keep Code Snippets: Retains only the relevant code lines associated with each result.
Entities-Based Issues Summary Report: Project-Level Focus
GA: April 13
The Entities base report delivers insights into high-risk security issues and their trends over time, showcasing Checkmarx One’s value in identifying, managing, and resolving vulnerabilities. The report’s entities-based approach enables flexible grouping and breakdowns by the selected entity.
This version introduces reports focused on the Project entity, providing detailed, project-level insights.
Analytics Branch Filtering: Main Branch Focus
GA: April 13
This feature optimizes analytics by filtering data to the default main branch (e.g., "main" or "default main") of each project. This approach enhances clarity and performance, ensuring analytics data remains relevant and actionable.
Cloud Insights | CrowdStrike Integration
GA: April 6
Cloud Insights now integrates with CrowdStrike by establishing a secure connection with CrowdStrike’s API endpoints. The integration is set up easily by launching the setup wizard from the Cloud Insights page in the Checkmarx One UI.
This enhancement expands Cloud Insights' coverage, reinforcing Checkmarx’s position as an application security leader within the CNAPP ecosystem.
Cloud Insights | Enhanced Matching Algorithm Using OCI "Labels"
GA: April 6
Cloud Insights now supports an improved matching algorithm based on OCI (Open Container Initiative) "Labels," which are key-value pairs used to describe metadata about container images. This method ensures 100% accuracy when matching container images to Checkmarx One project names. OCI Labels provide standardized information such as image version, maintainers, and source code repository, allowing for precise identification and management of images.
Vulnerability Risk Score Details Enhancement
GA: April 13
A new card information feature is now displayed when hovering over a vulnerability’s risk score, providing clear details on how the score is calculated, including the metrics, weighting factors, and other contributing elements. This feature gives users a deeper understanding of vulnerability severity, enabling them to prioritize remediation efforts more effectively.
SCA Updates
Added Licenses to SCA Global Inventory
We have added a new tab, Licenses, to the SCA Global Inventory. This tab shows all relevant licenses for packages consumed in all of the tenant's projects. The data from this table can be exported as a .csv file.
This will greatly improve visibility of licenses on a tenant-wide level.
Public APIs for SCA Management of Risk
We now officially support changing risk severity score via API. We have also added the SCA Management of Risk and Management of Packages APIs to our official API documentation (Stoplight).
Added Permission for Proposed Not Exploitable
For SCA vulnerabilities, we added a new permission, update-result-state-propose-not-exploitable(-if-in-group), which grants permission to change risk state only to Proposed Not Exploitable state.
Resolved issues
Ticket number | Description |
---|---|
AST-80445 | Scans were failing with error code 34030. |
AST-68271 | Exception (parsing error) in the SAST Policy Engine during policy evaluation. |
AST-69678 | A scan failed due to a "failed to save scan process in storage pq" error, caused by a duplicate key value. |
AST-80547 | All queries involving |
AST-73206 | A false positive was detected for the "Passwords and Secrets - Generic Password" vulnerability. |
AST-80695 | The OAuth Client UI was regenerating the secret when hitting Enter in any field. |
AST-84583 | The _system OAuth client was visible in the AIM UI. |
AST-85133 | Enabling SCS in build pipelines triggers a license error for customers with the feature flag |
AST-82010 | Users could unintentionally create new branches through the Eclipse IDE plugin. |
AST-86138 | The following error occurred during a DAST scan: "ExtensionClientIntegration - Failed to get or create Firefox profile zap-client-profile". |
AST-86520 | Users were unable to reset Two-Factor Authentication directly from the Access Control tab. |
AST-86794 | Users were experiencing issues creating merge request comments in projects integrated with GitLab OnPrem. |
SCA-21685 | A scan was getting stuck at the |
SCA-22115 | The Export Service query failed when the "Hide Dev & Test Dependencies" option was enabled. |
SCA-22130 | A package was identified through fingerprinting based on 53 files, but none provided definitive evidence. |
AST-85780 | The build in Bitbucket self-hosted was not corresponding to the correct commit. |
AST-85814 | Merge checks in Bitbucket self-hosted were not working correctly. |
AST-82731 | A 504 Gateway Timeout error occurred when making a POST request to |
AST-79900 | An error occurred when attempting to generate the Open Vulnerabilities Report. |
AST-88034 | Bitbucket self-hosted triggered a scan in Checkmarx One, but the build did not appear in Bitbucket. |