Enterprise Updates

CxSAST now saves scan metadata (including indicators of scan quality and results), allowing customers to measure KPIs, such as the quality, coverage, and performance of each scan.

For more information, refer to Configuring and Viewing Scan Metrics.

Customers with processes that automatically send similar or identical scans of a particular project to the scan queue can now prevent multiple scans of the same project. Once a scan project is in the queue, the additional scans of the same project will automatically be removed from the queue. The user can specify which of the multiple scans will remain in the scan queue.

For more information, refer to Creating and Configuring a SAST Project.

When using APIs (REST/SOAP/OData), you can enrich your scan data with customized data, which will be displayed in your Dashboard and Reports. Using custom fields, you can add information such as Build IDs, Revision IDs, and Pull Request IDs, so you no longer have to rely on timestamps to identify scans!

CxSAST logs, containing general system information, scan results, and scan processing data, can now be downloaded in the following formats:

The JSON-structured logs can be viewed and analyzed using ELK (Elastic Search, LogStash/Filebeat, and Kibana) components. Kibana is one tool that allows users to review them. Note: The JSON logs are only available for some application logs related to the scan ID flow.

For more information, refer to Working with Logs.

The New Improved Scan Flow offers improved scan accuracy by reducing false positives and negatives. It also improves scan performance in terms of scan time and memory consumption. Among the benefits is increased Engine supportability and maintainability. In the new flow, flow calculations are only performed during the queries phase if and only if they are needed, resulting in improved performance.

For more information, refer to Configuring CxSAST Scan Flow Processes.

The following components are upgraded to .NET Core 3.1:

You can now generate reports about secret key vulnerabilities detected in scanned projects. CxQL (Checkmarx Query Language) emulates TruffleHog queries, and Regex and High Shannon Entropy queries are performed on scan projects. Currently implemented for Java.

The default sources path was changed to “%temp” and can be modified using an environment variable. For more information, please refer to Configuring the Default Sources Path.

The Access Control and CxEngine parameters currently being used are available for viewing and editing via Environment Properties under Windows Properties. This approach provides an interface for reconfiguring Access Control and CxEngine parameters at a later stage for users who wish to do so. For detailed information, see CxSAST Environment Variables.

The Apex language and its frameworks, VisualForce Framework, Lightning Framework, and Lightning Component Framework, have been redesigned using the latest engine technologies and are in line with all other supported frameworks.

The Angular for JavaScript has been updated to keep up with the major release that spans the entire platform, including the Angular Material framework and the CLI.

The TypeScript has been improved to include more features released in the past versions, allowing us to improve our overall support.

The Java and JSP framework has been improved to include more features released in the past versions, allowing us to improve our overall support.

The .Net Core has been improved to include more features released in the past versions, allowing us to improve our overall support.

The Kotlin support has been improved to include more features released in the past versions, allowing us to improve our overall support.

The C++ support was improved to include improved support in makefile and macros.

Queries targeting API-related vulnerabilities were developed to reduce the number of false negative results in API projects while maintaining the accuracy of the queries.

Included right out of the box in the main version: JavaScript, Java, C#

The Checkmarx Default preset has been optimized for improved accuracy.

Several new bulk user management operations are now available, such as modifying, enabling, and disabling users/roles and deleting users.

Improvements in the UI, such as defining and sorting Roles and Teams.