Skip to main content

Upcoming Multi-Tenant Version | 3.43

Multi-Tenant release date: August 3, 2025

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

New Features and Enhancements

Similarity ID Column Added to SAST Results Viewer

The SAST Results Viewer now includes a sortable Similarity ID column, providing quick access to this important attribute.

Redesigned Code Repository Integration Wizard

The new wizard simplifies SCM project setup with a cleaner, more intuitive flow. Core steps are streamlined, while advanced settings are now optional, making it faster and easier for users to connect repositories with minimal configuration.

Cloud Repository Improvements

Show Private Packages Based on SCA

Cloud Insights now determines identification of private packages based on SCA scan results. This is reflected in the private package data shown in the Inventory table and Attack Path graph.

This ensures consistency with the data shown in the SCA Results Viewer and provides a unified view of private package risks across Checkmarx One.

Manually Map Private Packages to Projects

Cloud Insights now supports manual mapping of private packages to Checkmarx One projects. After Cloud Insights provides an initial mapping based on heuristics, the user can manually specify mapping for unmapped packages or override the automatic mapping for specific packages.

The feature enables you to improve mapping accuracy, helping teams make better-informed security decisions.

Added Enrichment Evidence Log

A new Evidence Log tab is now available in Cloud Insights, displaying a searchable table of all enrichment transactions for each integration account. This includes both incoming enrichments from cloud providers and outgoing enrichments sent to them.

You can apply filters and search the logs. This visibility allows users to track and validate enrichment flows without relying on internal logs.

Added Support for AWS ECS Assets

Cloud Insights now retrieves container data for AWS ECS assets, in addition to existing support for Kubernetes. This is currently supported for Wiz integrations.

Also, you can now group and filter the Inventor page by Asset Type (Kubernetes, ECS or Unknown) and Cluster Name.

This enables broader visibility across diverse deployment platforms, helping users manage risk more comprehensively.

Support to Multiple Consumers in Cloud Connections

Cloud Connections now provide a centralized place to configure integrations across multiple consumers. Instead of setting up connections individually within each consumer, users can create and manage them in one unified view.

Feedback Apps Now Support Container Security

You can now enable the Container Security engine in Feedback Apps. This allows customers to scan container images and report vulnerabilities directly through their existing feedback workflows.

IAM

Keycloak Upgrade

Keycloak was upgraded to version 26.1.

New Permission: send-report-email

A new permission, send-report-email, has been added under the Analytics category. It allows users to send reports via email. This permission is assigned by default to the ast-admin role.

New Permission: assign-project-all-groups

A new permission, assign-project-all-groups, has been introduced under the Projects category. It allows assigning any existing group when creating or updating a project.

During migration, this permission is added to users, groups, OAuth clients, and composite roles only if they already have the create-project permission. This permission is assigned by default to the ast-admin role.

Enforcing SSO-Only Access for Application Users

GA: August 10, 2025

To address security concerns when application and SSO users share the same email, organization administrators can now enforce SSO-only access by disabling username/password login.

Authentication is restricted to OIDC or SAML, ensuring users sign in exclusively through SSO and helping organizations maintain stricter access control and simplified account management.

Resolved issues

Ticket number

Description

AST-101425

Resolved the Containers AWS ECR integration issue.

AST-101042

Experienced UI freezes when clicking the "filters" button in the Container Scan Results window.

AST-99625

"Containers-file-folder-filter" did not filter as expected.

AST-99627

"If-in-group" permissions did not allow changing state.

AST-98449

Found inconsistencies in Containers Security results in Checkmarx One.

AST-98384

CLI scans failed due to insufficient space when writing to the /tmp folder.

AST-98382

Dockerfile.ubi9 scan returned zero results via GitHub Actions.

AST-89854

Displayed confusing or unclear information on the Containers Security scanner UI page.

AST-98433

Identified a false positive for Terraform IAM Group Without Users in KICS.

AST-98288

Flagged a false negative for IAM Policy granting full permissions in KICS.

AST-94893

Improved volume mount handling with OS directory write permissions.

AST-92897

Flagged a false positive for Storage Account not enforcing HTTPS in KICS.

AST-87254

Flagged a false positive for generic private keys in Passwords and Secrets.

AST-85090

Flagged a false positive for Terraform MSSQL Server Auditing Disabled in KICS.

AST-84874

Identified a false positive for IAM Group Without Users.

AST-82101

Flagged a false negative for Passwords and Secrets.

AST-82029

Flagged a false positive for Storage Account not enforcing HTTPS.

AST-81770

Identified a false positive for missing flag in DNF install.

AST-74743

Flagged a false positive for generic passwords in Passwords and Secrets in KICS.

AST-68530

Flagged various false positives in KICS.

SCA-23468

Improved responsiveness and performance in SCA inventory and risk views.

SCA-22720

Resolved issues when hiding Dev and Test dependencies.

SCA-23383

Encountered errors when downloading an SCA report.

AST-103953

Application Risk Management page appeared empty.

AST-102782

Clicking Vulnerabilities by Scan Type in Project Overview opened a blank tab.

AST-98399

Encountered thousands of exceptions during data retention flow following project deletion.

AST-102548

The Save button in project settings did not display a notification, though settings were saved.

AST-92509

Updated documentation for the project conversion API.

AST-101534

The Keycloak API (PUT /authentication/required-actions/CONFIGURE_TOTP) could disable 2FA and potentially corrupt the database.

AST-99133

Import process was failing due to a duplicate resource error.

AST-96377

Identity provider name was duplicated in the User tab.

AST-106760

The Auto PR feature removed customer’s branches.

AST-104422

It was not possible to update a custom item type with an inherited field in ADO using the pipeline's additional parameter tags.

AST-103867

Jira integration failed to get server info from Jira (during the scan in flow-publisher) but the connection was established successfully in the configuration.

AST-102576

Customer's tags in an Azure Boards work item were removed after a new scan.

AST-100922

The search for a protected branch couldn’t find all branches when their number exceeded 400.