- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Engine Pack Version 9.7.4
Engine Pack Version 9.7.4
CxSAST Engine
Languages & Frameworks
All supported code Languages & Frameworks versions can be found here.
C++
Added support for range-based for loop (C++ 11) and pack expansions in lambda capture groups (C++17).
Hand-crafted tokenizer used during macro expansion for enhanced performance.
Boost and stdlib:
Added support for: "map", "multimap", "unordered_map", "unordered_multimap", "flat_map", "flat_multiset" and "flat_multimap"-
Boost
Extended support for vector initialization and iteration methods
Go
Added new and improved queries, including:
Cryptography
Information Exposure
JWT
File Handling
Password Management
DoS
XSS
SQL Client
Additionally, some general queries were added and refined, expanding detection capabilities and improving overall scan precision.
Optimized Java .properties Files Handling During Scans
Improved handling of .properties
files during SAST scans by skipping their preprocessing and DOM generation. These files are now processed only during query execution using a simpler, more efficient mechanism.
Affected queries are:
Java_Medium_Threat.Use_Of_Hardcoded_Password
Java_Medium_Threat.Use_Of_Hardcoded_Password_In_Config
Java_Low_Visibility.Incorrect_Permission_Assignment_For_File_System_Resources
Java_Best_Coding_Practice.LeftOver_Debug_Code
Java_Best_Coding_Practice.ESAPI_Banned_API
Java_Best_Coding_Practice.Incorrect_Block_Delimitation
Java_Best_Coding_Practice.Potentially_Serializable_Class_With_Sensitive_Data
Java_Best_Coding_Practice.Unused_Variable
Java_Metadata.Get_Values_Assigned_To_Properties
Compliance Standards
PCI has been improved to include queries covering Rule 8.6.2
ASA Premium preset has been updated to include additional queries.
ASA Mobile Premium preset has been updated to include additional queries.
Recommended Exclusions
Added default exclusions for #[test]
and #[cfg(test)]
annotations in Rust to prevent false positives in test code.