2.31.0 | Feb 13, 2025 | 2.3.14 | | |
2.30.0 | Jan 28, 2025 | 2.3.12 | You can now view results from the Secret Detection scanner (part of SCS) in VS Code. When you click on a result, the result details are shown in three tabs: General, Description and Remediation Examples. We now use pagination when loading projects and branches in order to cut the loading time. We now load only 20 items at a time. TipThis does not affect the search box, which still searches all projects and not only those that are currently loaded.
| |
2.29.0 | Dec 31, 2024 | 2.3.9 | We now show a warning when the selected Checkmarx One project doesn't match the local project in your workspace. Improved ability to load results for projects with a large number of results (above 40k).
| |
2.28.0 | Dec 17, 2024 | 2.3.7 | | |
2.27.0 | Dec 4, 2024 | 2.3.6 | | |
2.26.0 | Nov 18, 2024 | 2.3.5 | | |
2.25.0 | Nov 5, 2024 | 2.3.3 | | |
2.24.0 | Oct 20, 2024 | 2.3.1 | | |
2.23.0 | Oct 11, 2024 | 2.3.0 | | |
2.22.0 | Oct 8, 2024 | 2.3.0 | | |
2.21.0 | Sep 25, 2024 | 2.2.5 | | |
2.20.0 | Sep 16, 2024 | 2.2.5 | | |
2.19.0 | Aug 26, 2024 | 2.2.0 | | |
2.18.0 | Aug 23, 2024 | 2.2.0 | Added the AI Secure Coding Assistant (ASCA). The ASCA scanner is a lightweight scan engine that runs in the background as you work in VS Code. Whenever you edit a file in VS Code the ASCA scanner automatically scans that file. Changed the name of KICS Auto Scanning to KICS Real-time scanning.
| |
2.17.0 | July 29, 2024 | 2.2.0 | | |
2.16.0 | July 29, 2024 | 2.2.0 | | |
2.15.0 | July 16, 2024 | 2.2.0 | | Resolved issue that it wasn't possible to run a scan on a Project for which no vulnerabilities were found in the previous scan. Improved the error message when a user without proper permissions tries to initiate a scan.
|
2.14.0 | June 20, 2024 | 2.1.6 |
| |
2.13.0 | May 20, 2024 | 2.1.2 | | |
2.12.0 | May 20, 2024 | 2.1.2 | | |
2.11.0 | May 8, 2024 | 2.1.0 | | |
2.10.0 | Apr 22, 2024 | 2.0.72 | | |
2.9.0 | Apr 9, 2024 | 2.0.72 | | |
2.8.0 | Mar 15, 2024 | 2.0.70 | | |
2.7.0 | Mar 13, 2024 | 2.0.70 | | Remediated vulnerabilities that we identified in our project. Uses new CLI version in which vulnerabilities affecting that project have been remediated. In the AI Security Champion tab, we improved the formatting of the response, and fixed the description of the "Confidence" score to accurately explain that it represents the likelihood of the vulnerability being exploited.
|
2.6.0 | Feb 2, 2024 | 2.0.64 | We added AI Guided Remediation for SAST vulnerabilities (in addition to existing support for IaC Security vulnerabilities). We send the Checkmarx scan results file to OpenAI together with code snippets around each node of the Attack Vector for the specified vulnerability. We also submit a pre-configured series of instructions to OpenAI, which generates a response that includes the following sections: Confidence, Explanation and Proposed Remediation sections. You can follow up with additional questions. For more information see AI Guided Remediation WarningThis feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings > Settings > Plugins in the Checkmarx One web portal.
| |
2.5.0 | Oct 11, 2023 | 2.0.57 | | Fixed issue that KICS Auto Scanning had been running even when the feature was disabled. Fixed issue related to incorrect use of log object. Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.
|
2.4.0 | August 11, 2023 | 2.0.54 | | |
2.3.0 | August 9, 2023 | 2.0.54 | | Fixed issue that had been causing KICS Realtime scans to fail. Fixed issue that HTML output wasn't being shown properly for results that contain HTML content. Stopped showing the Policy Violation header in the console results for projects that don't have any associated polities.
|
2.2.0 | July 29, 2023 | 2.0.53 | We added ”AI Guided Remediation” feature, which harnesses the power of Open AI's GPT to help you to understand the vulnerabilities in your code, and resolve them quickly and easily. This feature is currently supported only for IaC Security vulnerabilities. TipThis feature needs to be activated for your tenant account via the web portal Account Settings > Settings > Plugins. This option may not be available yet in some environments. When you initiate an AI chat, we automatically provide the context to GPT so that you can start a conversation about the precise vulnerability instance that you are assessing. TipWhen sending your IaC files to GPT, we protect your sensitive data by anonymizing all passwords and secrets before the content is sent. The query used for identifying sensitive data can be seen here. Added a new Documentation & Feedback section to the Checkmarx panel, providing quick links to view our documentation and submit requests for improvements.
| |
2.1.0 | May 29, 2023 | 2.0.47 | For SCA Realtime scans that return incomplete results, we now show a Dependency resolution errors section which gives info about manifest files that weren't resolved and the reason for the error (e.g., relevant package managers not installed locally). We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update automatically to the latest pre-release version or to update only when a new release version is published. If you would like to start receiving automatic updates whenever a new pre-release (or release) version is created, go to the Checkmarx extension page and click on Switch to Pre-Release Version. Otherwise, you will continue to get updates only when a new release version is created. We now show the complete Changelog for this extension in Marketplace as well as on the Checkmarx Extension page that is shown in the IDE.
| |
2.0.18 | Apr 28, 2023 | 2.0.46 | | |
2.0.17 | Apr 11, 2023 | 2.0.44 | | |
2.0.16 | Apr 11, 2023 | 2.0.44 | | |
2.0.15 | Apr 6, 2023 | 2.0.44 | | Fixed issue that the Create Scan button had been disabled after unexpected shutdown. Fixed issue that SCA Realtime wasn't yielding results for users that didn't enter account credentials. TipThis is a free tool that does not require a Checkmarx account. Fixed issue that filters hadn't been functioning properly.
|
2.0.14 | Mar 13, 2023 | 2.0.42 | | |
2.0.13 | Dec 7, 2022 | 2.0.37 | The KICS scanner is now referred to in Checkmarx One as "IaC Security". All mentions of the scanner and the vulnerabilities identified by it, now refer to IaC Security. TipThis change does not apply to the KICS Auto Scanning tool (free tool), which will continue to be referred to as KICS. Scan results now differentiate between regular SCA vulnerabilities and Supply Chain Security (SCS) risks. We added a new grouping category. For SCA vulnerabilities you can now differentiate between Direct Dependencies and Transitive Dependencies in the results tree.
| |
2.0.12 | Nov 10, 2022 | 2.0.34 | | |
2.0.11 | Oct 25, 2022 | 2.0.31 | You can now initiate scans directly from your IDE. This empowers developers to identify vulnerabilities and remediate them as they code. This feature is currently supported for VS Code and JetBrains. This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings. You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace. We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key. In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Checkmarx One CLI Commands.
| |
2.0.10 | Sep 19, 2022 | 2.0.27 | In the SAST results viewer, we added new tabs with additional info about each vulnerability. Learn More - Gives detailed information about the the nature of the risk and their causes, as well as remediation recommendations. Code Samples - Shows a sample of code that is subject to this vulnerability, followed by a remediated version of that code.
A notification is now shown in the Output section when KICS Auto-Scanning identifies an IaC vulnerability for which Checkmarx offers a suggested "quick-fix".
| |
2.0.9 | Sep 2, 2022 | 2.0.27 | In the SCA results viewer, we added an automatic remediation button, which enables users to automatically replace a vulnerable package version with a non-vulnerable version of that package. TipThis feature is currently supported only for NPM and only for direct dependencies. It is now possible to add a comment to a vulnerability without changing the state or severity of the vulnerability. All documentation links now point to the new Checkmarx documentation portal at https://checkmarx.com/resource/documentation.
| |
2.0.8 | Aug 12, 2022 | 2.0.21 | We added a "Quick Fix" feature, enabling users to automatically apply remediation recommendations for KICS risks. There is an option to fix a specific risk or to fix all risks in a particular file or in the entire project. | |
2.0.7 | Jul 29, 2022 | 2.0.21 | | Fixed the issue that the extension wasn’t working if Git wasn’t enabled in VS Code. |
2.0.6 | Jul 22, 2022 | 2.0.21 | | Clicking on a node in the Attack Vector now takes you to the relevant code in the editor window (as expected). |
2.0.5 | Jul 5, 2022 | 2.0.21 | | |
2.0.4 | Jun 22, 2022 | 2.0.20 | Added a new tool to the VS Code plugin that initiates KICS scans directly from their VS Code console. This is a free tool provided by Checkmarx for all VS Code users, and does not require the user to submit credentials for a Checkmarx One account. For more info, see Visual Studio Code - KICS Auto Scanning. Added hover tooltip for codebashing links. Once a project and branch are selected, the latest scan of that branch is automatically loaded.
| |
2.0.3 | Jun 14, 2022 | | | |
2.0.2 | Apr 12, 2022 | 2.0.16 | | |
2.0.1 | Mar 30, 2022 | | | |
0.0.10 | Feb 25, 2022 | 2.0.13 | | Fixed bugs affecting the UI |
0.0.9 | Jan 26, 2022 | | Added ability to triage results directly from the IDE console Added a brief description for SAST vulnerabilities Updated UI elements to reflect the new Checkmarx branding (e.g., logo) Added filter results by “state” General UI improvements
| |
0.0.8 | Nov 3, 2021 | | Updated CLI to version 2.0.4 Shows logs of Checkmarx One results in “Output” tab Added a “Clear” button to “Projects” tab, enabling clearing the current selection and results. Added integration tests and UI tests
| |
0.0.1 | | | Initial release of the plugin. Enables you to import results from a Checkmarx One scan directly into your VS Code console. Import Checkmarx One scan results Show results from all scan types (SAST, SCA, and KICS) Group results by file, language, severity, and status Navigate from results directly to the vulnerable code in the editor Vulnerable code is highlighted in the editor
| |
