Upcoming Multi-Tenant Version | 3.35

This version introduces project-level control over the deletion of entire source code or retention of vulnerable code snippets, enhancing platform security and enabling efficient code management in Checkmarx One.Customers can enable this functionality per project from the project settings page. The following options are available:

The Entities base report delivers insights into high-risk security issues and their trends over time, showcasing Checkmarx One’s value in identifying, managing, and resolving vulnerabilities. The report’s entities-based approach enables flexible grouping and breakdowns by the selected entity.

This version introduces reports focused on the Project entity, providing detailed, project-level insights.

This feature optimizes analytics by filtering data to the default main branch (e.g., "main" or "default main") of each project. This approach enhances clarity and performance, ensuring analytics data remains relevant and actionable.

Cloud Insights now integrates with CrowdStrike by establishing a secure connection with CrowdStrike’s API endpoints. The integration is set up easily by launching the setup wizard from the Cloud Insights page in the Checkmarx One UI.

This enhancement expands Cloud Insights' coverage, reinforcing Checkmarx’s position as an application security leader within the CNAPP ecosystem.

Cloud Insights now supports an improved matching algorithm based on OCI (Open Container Initiative) "Labels," which are key-value pairs used to describe metadata about container images. This method ensures 100% accuracy when matching container images to Checkmarx One project names. OCI Labels provide standardized information such as image version, maintainers, and source code repository, allowing for precise identification and management of images.

A new card information feature is now displayed when hovering over a vulnerability’s risk score, providing clear details on how the score is calculated, including the metrics, weighting factors, and other contributing elements. This feature gives users a deeper understanding of vulnerability severity, enabling them to prioritize remediation efforts more effectively.

We have added a new tab, Licenses, to the SCA Global Inventory. This tab shows all relevant licenses for packages consumed in all of the tenant's projects. The data from this table can be exported as a .csv file.

This will greatly improve visibility of licenses on a tenant-wide level.

We now officially support changing risk severity score via API. We have also added the SCA Management of Risk and Management of Packages APIs to our official API documentation (Stoplight).

For SCA vulnerabilities, we added a new permission, update-result-state-propose-not-exploitable(-if-in-group), which grants permission to change risk state only to Proposed Not Exploitable state.