Skip to main content

Version 3.27

Multi-Tenant release date: December 15, 2024

Warning

The content and dates of these Release Notes are provisional and subject to change.

All new features, enhancements, and resolved issues will be available upon version deployment in the multi-tenant environment unless explicitly stated otherwise in the respective section's sub-heading.

Release number

Resolved issues

3.27.23

The scan fails with an error indicating a failure to parse results into SARIF.

3.27.20

The Repostore service fails to load the index file.

New features and enhancements

Support for Critical Severity

The Checkmarx One platform now supports a new Critical severity level for vulnerability triaging across all scanners (excluding DAST), components and result APIs.

For more information, refer to our Documentation Portal.

Cursor Behavior Change

The cursor has changed from an arrow to a 'hand' icon when hovering over a row, even in areas that are not actually clickable.

License Page Enhancement: Contributor Developer Breakdown

The updated License Page now includes a Contributing Developers modal, offering detailed insights into active committers across repository services (SCMs).

Key features include:

  • Total contributing developers and license-based allowed committers.

  • Breakdown of contributors by repository type.

  • CSV export functionality for detailed data.

IAM Search Enhancement

We implemented the ability to search by both group and subgroup within a single query in the IAM (Identity and Access Management) module.

IaC Results in Application Risk Management

The Application Risk Management system now includes results from Checkmarx's IaC engine. This integration bridges a critical gap by identifying security risks and misconfigurations in infrastructure, ensuring comprehensive risk assessment.

Enhancing DAST Flexibility with ZAP Engine

DAST now supports traffic-agnostic scanning, allowing users to leverage existing company processes, such as QA, to define traffic for scanning. The ZAP engine has been updated to run scans in sequence, enabling integration with these workflows.

Checkmarx One's Left Side Menu Enhancement

The left side menu in Checkmarx One has been standardized for consistency and better usability. This enhancement improves user satisfaction, boosts efficiency, and drives better adoption and productivity.

Consolidating Container Image Replicas in Cloud Insights

Cloud Insights no longer shows replicas of the same container image when it is used in multiple pods. This update simplifies the analysis process, reducing unnecessary effort for customers with multiple replicas in production environments.

Licensing Support for Cloud Insights

Cloud Insights now includes licensing capabilities within Checkmarx One.

Note

Cloud Insights is included in the Essential, Professional and Enterprise license bundles.

Private Packages Regex Filter (Container Security)

Introduced a new rule-setting option (Project / Account settings) that allows users to define custom regex patterns to identify private packages.

Packages matching the specified regex will be excluded from analysis, ensuring they remain private and are not uploaded to external servers for scanning. This provides enhanced control and security for sensitive packages while enabling more focused scans.

SCA Updates

SCA Resolver Version 2.12.3

(Dec 10, 2024)

  • Improved logging for the project creation process

  • Fixed issue with manifest file upload on Windows operating systems

  • Fixed issue with certificate expiration for Windows binary digital signing

Download the new version here.

Resolved issues

  • SCA engine results have been added to the logs for analysis purposes.

  • Scan-Summary API returned a negative number of findings.

  • Incorrect project results on the Projects List page.

  • Filters in the SAST results grid were ignored when performing a search by name.

  • Recurrent vulnerability status was shown as +1 in the Checkmarx One UI.

  • No "fixable" recommendations for a private image that was using public base images.

  • The count for selected vulnerabilities did not reset after an action.

  • The Result Viewer did not provide an option to cancel filters once the list was empty.

  • Cloning failed with a "destination path already exists and is not an empty directory" error message.

  • The Jira feedback app created a duplicate ticket for the same finding in the same project when scans were triggered differently.

  • Trying to integrate already integrated project led to the removal of SCM repository data.

  • An attempt to download a contributors CSV file resulted with an “error 403 forbidden”.

  • An API Security scan failed to find source code when organization name contained white spaces.

  • Misleading response message on SAST Scan Results comparison API endpoint.

  • IAM: For any group created from the Identity Provider Mapper section, the Created By field was blank.

  • IAM: the manage-clients role was not available in the Group role mapping.

  • IAM: The IAM Groups tab was not correctly showing the groups list, because the API was hardcoded filtering the results up to 200 results.

  • IAM: The GET /users API endpoint returned a partial response in some cases.

  • Scan failure possibly caused by a MinIO outage or temporary disruption.

  • Short GRPC timeout.

  • Wrong error code was sent to Zeebe.

  • Impossible to change one specific vulnerability status (CVE-2017-12626).

  • SCA - Reoccurring Problem - Internal Error.

  • Top vulnerabilities with empty vulnerability description.

  • Private package did not appear in the UI, but it did appear in the results file.

  • GetEvaluableEntities query should not rely on TenantId to filter data.

  • Failing to get comparison results when using a language different than English.

  • API Security doesn't find the OpenAPI definition.

  • GET /api/scans request did not retrieve the commitID.

  • Analytics displayed no results for a specific application and project, despite the application and project having generated results.

  • The path on the Project page became overlaid and unreadable when the page was zoomed.

  • Incorrect link for Checkmarx One External IP's List.

  • Missing projects in Analytics.

  • End-of-life Node version warning in ADO pipelines.

  • Viewing results for a specific application from Risk management was failing.

  • The manage-feedbackapp role was removed from ast-admin in IAM 3.24.

  • Attack vectors spanning multiple files had an incorrect URL in Jira.

  • The "Friendly Name" attribute in the "SAML Attribute to Role" mapper did not behave as in other mappers.

  • Unable to generate a project report.

  • Syncing DependencyModel failed with the error: column "additional_data" is of type jsonb but expression is of type text.

  • A 500 GraphQL error occurred after marking CVE-2024-37568 as "Proposed Not Exploitable."

  • The PDF SCA report did not reflect the data shown in the UI.

  • HashMatching was taking too long to analyze packages.

  • Inconsistent order in the Global Inventory.

  • The screen to change the status of the SCA vulnerability failed to load.

  • Request to add SCA engine results to the logs.

  • SBOM scan failed.

  • Users with manage-groups roles were able to obtain Admin privileges.

  • An error occurred when attempting to update the password for any user.

In this section: