- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Main Releases
- Release Notes for 9.7.0
Release Notes for 9.7.0
Languages & Frameworks
All supported code Languages & Frameworks versions can be found here.
New Return Code
A new scanning return code has been introduced in the scan log:
56: This new error code indicates that all queries failed during execution.
The existing error code 66 has also been reviewed to ensure it is appropriately returned when not all queries fail during execution.
Queries Deprecation
The following queries for the JavaScript language will be deprecated in the upcoming engine pack 9.7.1:
Query Name | Package Name |
|---|---|
Angular_Improper_Type_Pipe_Usage | JavaScript_Angular |
Client_Privacy_Violation | JavaScript_Medium_Threat |
Frameable_Login_Page | JavaScript_Medium_Threat |
Client_Sandbox_Allows_Scripts_With_Same_Origin | JavaScript_Low_Visibility |
Client_Hardcoded_Domain | JavaScript_Low_Visibility |
Critical Severity
Queries
Warning
To minimize impact on customer policies and pipelines, the inclusion of the Critical severity level in queries has been reverted in version 9.7.0.
While the SAST application is fully prepared to support and display Critical severity results once available, query severities will not be updated to include Critical in this release. Additionally, presets content remains unchanged.
The rollout of the Critical severity level will be gradual. For more details, please refer to the plan.
Application
The SAST application is fully prepared to support and display Critical severity results once they become available as scan results. However, as queries do not currently include Critical severity, you may notice the Critical severity label appearing in the CxSAST application, even though no relevant insights are provided.
For further details, see CxSAST 9.7.0 On-Prem | Critical Support | What to Expect
Renamed Queries
While reviewing query severities, the names of several queries were also updated, resulting in multiple renames in version 9.7.0. View the list of renamed queries here: XLSX; PDF.
Warning
To prevent scan failures due to renamed queries:
Open CxAudit.
Review your custom queries that reference the old query names.
Update them with the new names to ensure they continue running smoothly.
Core
As a prerequisite, installation now requires .NET8 version instead of .NET6 due to .NET6 end of life.
API
Enhanced API /sast/scans/oldScanId/compareResultsTo/NewScanId with new fields:
CweId
SimilarityId (Path Node SimilarityId)
DetectionDate
DeepLink (Result Node deeplink)
PresetId
PresetName
Categories (to get info on OWASP TOP 10 and SANS TOP 25):
CategoryId
CategoryName
CategoryType
CategoryTypeName