Skip to main content

Upcoming Multi-Tenant Version | 3.35

Multi-Tenant release date: April 6, 2025

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

New features and enhancements

Project-Level Control for Code Deletion and Snippet Retention

GA: April 13

This version introduces project-level control over the deletion of entire source code or retention of vulnerable code snippets, enhancing platform security and enabling efficient code management in Checkmarx One.Customers can enable this functionality per project from the project settings page. The following options are available:

  • Delete Source Code: Automatically deletes the entire source code after a scan completes.

  • Keep Code Snippets: Retains only the relevant code lines associated with each result.

Entities-Based Issues Summary Report: Project-Level Focus

GA: April 13

The Entities base report delivers insights into high-risk security issues and their trends over time, showcasing Checkmarx One’s value in identifying, managing, and resolving vulnerabilities. The report’s entities-based approach enables flexible grouping and breakdowns by the selected entity.

This version introduces reports focused on the Project entity, providing detailed, project-level insights.

Analytics Branch Filtering: Main Branch Focus

GA: April 13

This feature optimizes analytics by filtering data to the default main branch (e.g., "main" or "default main") of each project. This approach enhances clarity and performance, ensuring analytics data remains relevant and actionable.

Cloud Insights | CrowdStrike Integration

GA: April 6

Cloud Insights now integrates with CrowdStrike by establishing a secure connection with CrowdStrike’s API endpoints. The integration is set up easily by launching the setup wizard from the Cloud Insights page in the Checkmarx One UI.

This enhancement expands Cloud Insights' coverage, reinforcing Checkmarx’s position as an application security leader within the CNAPP ecosystem.

Cloud Insights | Enhanced Matching Algorithm Using OCI "Labels"

GA: April 6

Cloud Insights now supports an improved matching algorithm based on OCI (Open Container Initiative) "Labels," which are key-value pairs used to describe metadata about container images. This method ensures 100% accuracy when matching container images to Checkmarx One project names. OCI Labels provide standardized information such as image version, maintainers, and source code repository, allowing for precise identification and management of images.

Vulnerability Risk Score Details Enhancement

GA: April 13

A new card information feature is now displayed when hovering over a vulnerability’s risk score, providing clear details on how the score is calculated, including the metrics, weighting factors, and other contributing elements. This feature gives users a deeper understanding of vulnerability severity, enabling them to prioritize remediation efforts more effectively.

SCA Updates

Added Licenses to SCA Global Inventory

We have added a new tab, Licenses, to the SCA Global Inventory. This tab shows all relevant licenses for packages consumed in all of the tenant's projects. The data from this table can be exported as a .csv file.

This will greatly improve visibility of licenses on a tenant-wide level.

Public APIs for SCA Management of Risk

We now officially support changing risk severity score via API. We have also added the SCA Management of Risk and Management of Packages APIs to our official API documentation (Stoplight).

Added Permission for Proposed Not Exploitable

For SCA vulnerabilities, we added a new permission, update-result-state-propose-not-exploitable(-if-in-group), which grants permission to change risk state only to Proposed Not Exploitable state.

Resolved issues

Ticket number

Description

AST-80445

Scans were failing with error code 34030.

AST-68271

Exception (parsing error) in the SAST Policy Engine during policy evaluation.

AST-69678

A scan failed due to a "failed to save scan process in storage pq" error, caused by a duplicate key value.

AST-80547

All queries involving results_predicates_history were updated to reflect the changes from the "redesign predicate processing" in SAST.

AST-73206

A false positive was detected for the "Passwords and Secrets - Generic Password" vulnerability.

AST-80695

The OAuth Client UI was regenerating the secret when hitting Enter in any field.

AST-84583

The _system OAuth client was visible in the AIM UI.

AST-85133

Enabling SCS in build pipelines triggers a license error for customers with the feature flag PACKAGE_ENFORCEMENT_ENABLED = false.

AST-82010

Users could unintentionally create new branches through the Eclipse IDE plugin.

AST-86138

The following error occurred during a DAST scan: "ExtensionClientIntegration - Failed to get or create Firefox profile zap-client-profile".

AST-86520

Users were unable to reset Two-Factor Authentication directly from the Access Control tab.

AST-86794

Users were experiencing issues creating merge request comments in projects integrated with GitLab OnPrem.

SCA-21685

A scan was getting stuck at the FetchPackageUsageCalculationStatusPollingStep, preventing it from progressing.

SCA-22115

The Export Service query failed when the "Hide Dev & Test Dependencies" option was enabled.

SCA-22130

A package was identified through fingerprinting based on 53 files, but none provided definitive evidence.

AST-85780

The build in Bitbucket self-hosted was not corresponding to the correct commit.

AST-85814

Merge checks in Bitbucket self-hosted were not working correctly.

AST-82731

A 504 Gateway Timeout error occurred when making a POST request to /api/reports/v2.

AST-79900

An error occurred when attempting to generate the Open Vulnerabilities Report.

AST-88034

Bitbucket self-hosted triggered a scan in Checkmarx One, but the build did not appear in Bitbucket.