Skip to main content

Checkmarx SCA Release Notes December 2024

Notice

These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.

Support for CVSS 4.0

We have added support for the CVSS 4.0 scoring system, which uses additional metrics to provide better granularity and further refine the scoring methodology. We now show the CVSS 4.0 score for each vulnerability that has such a score. When no CVSS 4.0 score is available, we continue to use the most recent available score from previous scoring systems (3.1 or 2.0).

SCA Resolver Releases

Version 2.12.3 (Dec 12, 2024)

  • Improved logging for the project creation process

  • Fixed issue with manifest file upload on Windows operating systems

  • Fixed issue with certificate expiration for Windows binary digital signing

  • For Nuget, improved package version resolution for Directory.Packages.props and Directory.Build.props files.

Download the latest version here.