Skip to main content

Checkmarx SCA Release Notes December 2024

Notice

These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.

SCA Updates

Malicious Packages in Global Inventory & Risks

We now include results from Malicious Package Detection on the Global Inventory & Risks screen. The data is shown in the relevant tabs.

  • Packages tab - Malicious Packages and Suspected Malware are now shown in the table with the Vulnerabilities column showing the malicious icon Image_1487.png. You can filter and sort for Malicious Packages and/or Suspected Malware.

  • Risks tab - Risks associated with malicious packages are shown in the table with the Risk Type listed as "Suspected Malware". You can filter and sort for Suspected Malware.

When you export the data from the SCA Inventory and Risks, the malicious package data is included in the report.

SCA Resolver Version 2.12.7

(Jan 3, 2025)

  • For Bower,

    • Fixed resolution for packages for which the version is declared as a range

    • Ignore transitive dev dependencies

  • For Gradle, skip command execution for ignored modules.

Download the new version here.

In this section: