Skip to main content

Checkmarx SCA Release Notes May 2025

Notice

These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.

SCA Updates

Added Licenses to SCA Global Inventory

We have added a new tab, Licenses, to the SCA Global Inventory. This tab shows all relevant licenses for packages consumed in all of the tenant's projects. The data from this table can be exported as a .csv file.

This will greatly improve visibility of licenses on a tenant-wide level.

Improvements in the Scan Results - Risks Tab

We have added the following improvements to the Scan Results - Risks tab:

  • Added the Secure Version column, indicating whether or not a remediated version of the package is available. You can sort and filter for this column.

  • The EPSS score is now shown in a separate column (not under Exploitability). You can now sort and filter for EPSS.

    Note

    These changes are similar to the changes made in the Global Inventory in March.

SCA Resolver

Download the latest version here.

Version 2.12.23 (May 6, 2025)

  • For Nuget, added support for .NET 9.