- Checkmarx Documentation
- Checkmarx SCA
- Checkmarx SCA Release Notes
- Checkmarx SCA Release Notes May 2025
Checkmarx SCA Release Notes May 2025
Notice
These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.
Warning
The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.
SCA Updates
Added Licenses to SCA Global Inventory
We have added a new tab, Licenses, to the SCA Global Inventory. This tab shows all relevant licenses for packages consumed in all of the tenant's projects. The data from this table can be exported as a .csv file.
This will greatly improve visibility of licenses on a tenant-wide level.
Improvements in the Scan Results - Risks Tab
We have added the following improvements to the Scan Results - Risks tab:
Added the Secure Version column, indicating whether or not a remediated version of the package is available. You can sort and filter for this column.
The EPSS score is now shown in a separate column (not under Exploitability). You can now sort and filter for EPSS.
Note
These changes are similar to the changes made in the Global Inventory in March.
SCA Resolver
Download the latest version here.
Version 2.12.23 (May 6, 2025)
For Nuget, added support for .NET 9.