| 2.0.31 | Apr 6, 2025 | 2.3.18 |  |  | 
| 2.0.30 | Mar 24, 2025 | 2.3.17 |  |  | 
| 2.0.29 | Mar 11, 2025 | 2.3.16 Added the ability to triage Software Supply Chain Security (SSCS) vulnerabilities (i.e., change severity and state and add comments).Added the ability to apply filters to Container Security scans. The following filter flags can now be added to the scan createcommand. --containers-exclude-non-final-stages- Scan only the final deployable image.
--containers-file-folder-filter <string>- Specify files and folders to be included or excluded from scans. e.g., "!*.log"
  --containers-image-tag-filter  <string>- Exclude images by image name and/or tag. e.g., "*dev"
--containers-package-filter <string>- Exclude packages by package name or file path using regex. e.g., "^internal-.*"
 |  |  | 
| 2.0.28 | Jan 31, 2025 | 2.3.12 |  |  | 
| 2.0.27 | Jan 7 2025 | 2.3.7 |  |  | 
| 2.0.26 | Dec 26, 2024 | 2.3.7 |  |  | 
| 2.0.25 | Dec 17, 2024 | 2.3.7 |  |  | 
| 2.0.24 | Dec 18, 2024 | 2.3.5 Added support for the new Software Supply Chain Security (SCS) module, which enables running Secret Detection and Repository Health scans on your projects. For more info, see Software Supply Chain Security.Software Supply Chain SecurityAdded support for *.rs (Rust source code) files.
 |  |  | 
| 2.0.23 | Nov 12, 2024 | 2.3.3 |  |  | 
| 2.0.22 | Aug 9, 2024 | 2.2.2 | The CLI that this plugin is based on is now signed with the Checkmarx digital signature, indicating that this is an official Checkmarx product. This enables communication from this plugin to bypass firewalls on Windows computers that previously blocked the unsigned CLI.We have improved the precision of the exit codes in order to give a more clear picture of which particular scanners failed. We have also created a new CLI command, results exit-code, for retrieving information about the completion status for a particular scan in Checkmarx One, as well as details about failures of specific scan engines. CautionFor users who are using external commands (e.g., $LastExitCode for Powershell) to obtain exit codes for the scan createcommand, this is a breaking change. You need to refactor your pipelines based on the new exit codes, which are shown here.Improved the content and graphic presentation of the PDF scan report generated using --report-format pdfin theadditional_params. Learn about the improved scan report here.Added a new flag, --sast-fast-scanto theadditional_params, for running SAST scans in fast scan mode.Added a new flag --application-nameto theadditional_params, which enables users to assign the project to a specific application. Note: This is only effective when creating a new project and assigning it to an existing application.Added Directory.Packages.propsto the list of included files (when creating the zip archive for scanning).
 |  | 
| 2.0.21 | Jan 17, 2024 | 2.0.64 |  | Fixed issue that submitting --groupswas interfering with project configuration (e.g., removing designation of primary branch).Fixed issue that sarif reports had been failing when no vulnerabilities were identified.
 | 
| 2.0.20 | October 30, 2023 | 2.0.60 | Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.Added an environment variable, "CX_IGNORE_PROXY",  for ignoring proxies. Mark the variable as true to ensure that all Checkmarx One CLI commands run directly from the local machine. Added PodfileandPodfile.lockto the list of included files (when creating the zip archive for scanning).
 |  | 
| 2.0.19 | July 29, 2023 | 2.0.53 | Added information about violated policies to the scan summary output.  For policies that are configured to "break build", when the policy is violated the scan will fail. (The --ignore-policyflag can be applied using Additional Parameters to prevent policies from causing the scan to fail).
 |  | 
| 2.0.18 | Apr 19, 2023 | 2.0.45 | We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable. NoticeWe still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.
 |  | 
| 2.0.17 | Apr 3, 2023 | 2.0.44 | You can now designate a scan as a "Private Package" and assign a package version to it using the Additional parameters options. Once a private package has been scanned, info about the risks affecting that package will be identified by SCA when that package version is used in any of your projects. You can download an article about private packages here.We added the --exploitable-pathflag to the Additonal parameters options. This enables you to designate whether or not Exploitable Path will run on this particular scan. When used, this overrides the designation made in the project settings. We also added a flag --sca-last-sast-scan-time, which enables you to specify the number of days that SAST scan results are considered valid for use in Exploitable Path (i.e., if there is no current SAST scan, how many days prior to the current SCA scan will Checkmarx One look for a SAST scan to use for analyzing Exploitable Path.) WarningThe --sca-last-sast-scan-timeflag is not yet fully supported and may not function as designed.Improved memory usage when uploading zip files.Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning).
 |  | 
| 2.0.16 | Feb 23, 2023 | 2.0.42 | All references to AST have been changed to use the new product name "Checkmarx One".Added option to generate reports in PDF format by setting  --report-formattopdf. For PDF format reports, you can add the following additional flags: Add the --report-pdf-emailflag to specify email recipients.Add the --report-pdf-optionsflag to specify which sections to include in the report. Options are: Iac-Security, Sast, Sca, API Security, Container Security and Software Supply Chain Security, ScanSummary, ExecutiveSummary, ScanResults.
 |  | 
| 2.0.15 | Dec 7, 2022 | 2.0.37 | The KICS scanner is now referred to in Checkmarx One as "IaC Security". All mentions of the scanner and the vulnerabilities identified by it, now refer to IaC Security. The API Security scanner is now supported for use via the CLI. When running the scan create command, you can now add api_securityto the list of scanners under--scan-types.
 |  | 
| 2.0.14 | Nov 10, 2022 | 2.0.34 |  |  | 
| 2.0.13 | Sep 15, 2022 | 2.0.28 | General improvements and bug fixes. |  | 
| 2.0.12 | Sep 2, 2022 | 2.0.27 | General improvements and bug fixes. |  | 
| 2.0.11 | Jul 5, 2022 | 2.0.21 | You can now add filters to the scan createcommand (to exclude files/folders from the scan) separately for each specific scanner. The flags for the new filters are:--sast-filter <string>,--kics-filter <string>,--sca-filter <string>. See scan create. TipThe existing flag --file-filter, which sets filters for the entire scan (for all scanners) is still in use.
You can now add an ssh key to a scan, using the flag --ssh-key <string>with the path to the ssh private key.Changed the flag to async so that the workflow continues without failure for async scans.Added all permissions for github token being used in action.
 |  | 
| 2.0.10 | Apr 13, 2022 | 2.0.16 | General improvements and bug fixes. |  | 
| 2.0.9 | Mar 2, 2022 | 2.0.13 | Added new --sca-resolver-paramsflag to thescan createcommand. See documentation here. |  | 
| 2.0.8 | Feb 11, 2022 | 2.0.12 | In the scan createcommand, we renamed theformatflag asscan-info-format.Renamed the resultscommand asresults showcommand.
 |  | 
| 2.0.7 | Feb 8, 2022 | 2.0.11 |  |  | 
| 2.0.6 | Jan 26, 2022 | 2.0.10 | Added SummaryJSONreports.Added the --scan-timeout <int>flag to the scan create command, enabling users to specify a time limit after which the scan will fail and terminate. See documentation here.Updated UI elements to reflect the new Checkmarx branding (e.g., logo).
 |  | 
| 2.0.5 | Jan 11, 2022 | 2.0.9 |  |  | 
| 2.0.4 | Nov 3, 2021 | 2.0.4 |  |  | 
| 2.0.0 |  |  | Initial release of the plugin. Enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project. Automatically trigger CxSAST, CxSCA and KICS scans from TeamCity projectsSupports use of CLI arguments to customize scan configurationAutomatically updates to the latest plugin versionInterface for viewing scan results summary and trends in the TeamCity environmentDirect links from within TeamCity to detailed Checkmarx One scan results and reports
 |  |