Skip to main content

Checkmarx SCA Release Notes March 2025

Notice

These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.

Warning

The IgnoreVulnerability and UnignoreVulnerability APIs, which had been used for triaging SCA vulnerabilities, will be deprecated soon. They have been replaced by the new Management of Risk API, which supports applying any Checkmarx One state and adding comments. We recommend migrating to the new API soon.

SCA Updates

Global Inventory Improvements

We added the following functionality to the Vulnerabilities and Malware tab of the Global Inventory & Risks.

  • Added the “Secure Version” column, indicating whether or not a remediated version of the package is available. You can sort and filter for this column.

  • The EPSS score is now shown in a separate column (not under Exploitability). You can now sort and filter for EPSS.

SCA Resolver

Download the latest version here.

Version 2.12.14 (Mar 25, 2025)

  • Improved the export process for risk reports.

  • For SwiftPM, added support for version 3 of lock file package.resolved.

Version 2.12.11 (Mar 18, 2025)

  • For Nuget, fixed resolution for projects that include private packages.