Fast Scan & Recommended Exclusions Enabled by Default
The Fast Scan and Recommended Exclusions settings will be turned on by default at the Environment level. These settings were previously turned off, and now they will help to experience faster scans right out of the box, ensuring a smoother experience from day one.
With Fast Scan and Recommended Exclusions enabled, scans become significantly faster, leading to quicker identification and resolution of vulnerabilities. This not only enhances developer productivity by prioritizing the most relevant areas of code but also supports faster and more frequent deployments.
Note
For organizations that use the Checkmarx One CLI tool and/or the associated CI/CD plugins, we recommend upgrading to CLI version 2.3.11 which enables better control over whether or not each scan runs in Fast Scan mode.
What are Fast Scan and Recommended Exclusions?
Fast Scan mode: This mode speeds up project scans by focusing on the most relevant vulnerabilities. It helps maintain security standards while supporting continuous deployment, enabling developers to quickly address critical issues.
Recommended Exclusions: This feature automatically excludes unnecessary files and folders from scans, reducing scan time and improving responsiveness for a better user experience.
When does this change become effective?
Starting with version 3.30 (January 26th), the settings for Fast Scan and Recommended Exclusions will be set as enabled (TRUE) by default at the Environment level.
Does this change impact any existing projects?
No, this change will not affect existing projects or their scans.
How will it impact my new projects?
If you haven´t changed the default value for these settings, new projects will be created with 'Fast Scan' and 'Recommended Exclusions' turned on after this release.
If these settings are already adjusted to your preference, there will be no change, and new projects will follow your existing configuration.
What is the required action if I am not interested in Fast Scan and Recommended Exclusions?
If you prefer not to have Fast Scan and Recommended Exclusions enabled by default for new projects, we recommend updating the Global Settings from Default to FALSE. This will ensure that new projects inherit the values defined by you at the Account level.
 |
Alternatively, you can set Fast Scan and Recommended Exclusions to FALSE at the project level during project creation.
 |
Existing Tenants
Use Case | Global Settings | Existing Projects | New Projects |
|---|---|---|---|
Fast Scan and/or Recommended Exclusion settings have never been edited in Global Settings | Both Fast Scan and Recommended Exclusions will retain their default value (empty), which inherits the environment value (TRUE). |
| New projects will default to Fast Scan and Recommended Exclusions set to TRUE. |
Fast Scan and/or Recommended Exclusion settings have been edited (set to True or False) in Global Settings | Nothing changes. Global settings are not affected. | Nothing changes. Both Fast Scan and Recommended Exclusions retain their pre-defined values. | Nothing changes. New projects will be created with the values currently defined in Global Settings. |
Examples for better understanding on the use cases
Global Settings have never been edited
Now (before the change) | AFTER the change | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Environment Settings | Global Settings | Existing Project | Scan Existing Project | Environment Settings | Global Settings | Existing Project | Scan Existing Project | Scan for New Projects (if both settings are not edited on creation) | ||||
Value | Origin Level | Value | Origin Level | Value | Origin Level | |||||||
Scenario 1 | ||||||||||||
Fast Scan | FALSE | Default (empty value, which means same value as Environment) | Default | FALSE | Environment | TRUE | Default (empty value, which means same value as Environment) | FALSE | FALSE | Project | TRUE | Environment |
Recommended Exclusions | FALSE | Default (empty value, which means same value as Environment) | Default | FALSE | Environment | TRUE | Default (empty value, which means same value as Environment) | FALSE | FALSE | Project | TRUE | Environment |
Scenario 2 | ||||||||||||
Fast Scan | FALSE | Default (empty value, which means same value as Environment) | FALSE | FALSE | Project | TRUE | Default (empty value, which means same value as Environment) | FALSE | FALSE | Project | TRUE | Environment |
Recommended Exclusions | FALSE | Default (empty value, which means same value as Environment) | TRUE | TRUE | Project | TRUE | Default (empty value, which means same value as Environment) | TRUE | TRUE | Project | TRUE | Environment |
Global Settings have been edited (from Default to True or False)
Now (before the change) | AFTER the change | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Environment Settings | Global Settings | Existing Project | Scan Existing Project | Environment Settings | Global Settings | Existing Project | Scan Existing Project | Scan for New Projects (if both settings are not edited on creation) | ||||
Value | Origin Level | Value | Origin Level | Value | Origin Level | |||||||
Scenario 1 | ||||||||||||
Fast Scan | FALSE | TRUE | Default | TRUE | Tenant | TRUE | TRUE | Default | TRUE | Tenant | TRUE | Tenant |
Fast Scan | FALSE | TRUE | TRUE | TRUE | Project | TRUE | TRUE | TRUE | TRUE | Project | TRUE | Tenant |
Recommended Exclusions | FALSE | TRUE | FALSE | FALSE | Project | TRUE | TRUE | FALSE | FALSE | Project | TRUE | Tenant |
Scenario 2 | ||||||||||||
Fast Scan | FALSE | FALSE | Default | FALSE | Tenant | TRUE | FALSE | Default | FALSE | Tenant | FALSE | Tenant |
Recommended Exclusions | FALSE | FALSE | TRUE | TRUE | Project | TRUE | FALSE | TRUE | TRUE | Project | FALSE | Tenant |
Recommended Exclusions | FALSE | FALSE | FALSE | FALSE | Project | TRUE | FALSE | FALSE | FALSE | Project | FALSE | Tenant |
Fast Scan limitations
Fast Scan is not advised for CPP, JS and Kotlin.
Faster scans are achieved at the expense of comprehensive results.
Differences in scan results are expected due to the methodology used by Fast Scan. It explores fewer flows compared to the "in-depth" mode, which may result in some vulnerabilities being missed or unique findings that differ from the standard scan.