- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Upcoming Multi-Tenant Version | 3.44
Upcoming Multi-Tenant Version | 3.44
Warning
The content and dates of these Release Notes are provisional and subject to change.
All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.
New Features and Enhancements
New KPI in Analytics API: Full Vulnerability List with Severity Counters
A new KPI was added to the Analytics API to provide a full list of all vulnerabilities (queries) with counters broken down by severity. Unlike the existing mostCommonVulnerabilities KPI, which is limited to the top 100, this new KPI returns an exhaustive dataset.
Query Editor: Edit Overridden and New Queries
GA: August 24, 2025
The Query Editor now allows editing additional parameters for new and overridden queries. Previously, only the Severity field could be modified after creation. With this update, users can also edit:
Query name
Severity
Executable (Yes/No toggle)
CWE ID
Description ID
These changes can be made through the UI or via the API.
SCA
Improved Results for Package Usage and Exploitable Path
GA: August 24, 2025
In Package results, we now distinguish between packages for which no usage was detected (Not Used) as opposed to packages for which we were not able to calculate usage (Not Calculated). For Not Calculated results we provide the reason why it wasn’t calculated (e.g., unsupported language).
Similarly, in Risk results, we now distinguish between risks for which no Exploitable Path was detected (Not Found) as opposed to results for which we were not able to calculate whether or not there is an Exploitable Path (Not Calculated). For Not Calculated results we provide the reason why it wasn’t calculated (e.g., transitive dependencies are not supported).
Note
This info is shown in the scan results as well as in the Global Inventory.
This improvement will prevent users from mistakenly assuming that their project is safe, when in fact we don’t have enough information to draw that conclusion
Resolved issues
Ticket number | Description |
|---|---|
AST-102556 | A potential memory leak in |
AST-101367 | Corrected issue where exporting CSV results from drill-down views included all vulnerabilities instead of only filtered ones. |
AST-100775 | Missing data in the container report. |
AST-89801 | Improved report generation to support large reports without failure. |
SCA-23512 | Scan results failed to save to the database after multiple retry attempts. |
SCA-23493 | Fixed a Windows-specific issue where ScaResolver failed to resolve Bower manifest files. |
SCA-23402 | Corrected SourceResolver to properly save the dependency name in ScanResults. |
AST-107746 | Scans were getting stuck in the scan queue. |
AST-105998 | Resolved a configuration issue causing private (CLI) DAST scans to fail report generation. |
AST-105847 | Fixed an issue preventing the ZAP recorder from working with public web targets. |
AST-105206 | The Environments page was creating an API Key on every open. |
AST-105076 | Authentication was failing due to session and verification mismatches. |
AST-104811 | Corrected handling of the default backslash (\) in DAST run commands for terminals where it was not interpreted correctly. |
AST-100786 | Updated KICS query to correctly identify inline rules. |
AST-100634 | DAST failed to upload scan results. |
AST-100062 | Fixed a false positive in KICS for "Image Version Not Explicit". |
AST-98817 | Fixed a false negative in KICS for terraform.S3 buckets missing public access restrictions. |
AST-98792 | Updated KICS query to correctly detect when a web app is not using the latest TLS version on ARM platforms. |
AST-98286 | Fixed false positive in KICS for "API Gateway Method Does Not Contain an API Key". |
AST-95994 | An error in iac-runner-nv was causing scans to fail unexpectedly. |
AST-94816 | Updated Audit Trail API documentation to include the optional parameters "From" and "To". |
AST-94574 | Fixed false positive in KICS for "S3 Bucket Logging Disabled". |
AST-91007 | Applied overrides to common KICS queries for cloud providers. |
AST-105792 | Fixed issue where tagging a project in the project list page cleared the primary branch setting. |
AST-104964 | Enabled opening SCA Results in a separate tab, aligning behavior with SAST Results. |
AST-104482 | Resolved issue where the app did not display results in the Risk Management tab in Singapore production. |
AST-98340 | Fixed issue where projects with assigned groups displayed an empty value in the "Groups" column on the Projects page. |