IaC Changelog
Note
This changelog shows updates made to Checkmarx IaC engine. Please note that the dates below reflect when this changelog was updated, not when the change was implemented in the platform.
Version 2.1.19 | January 19, 2025
New Features and Enhancements
Added a new query to ensure container instances use private virtual networks in Terraform/Azure.
Improved TFPlan file parsing and updated the query for “Encryption on Managed Disk Disabled.”
Updated query naming convention by replacing “unconfigured” with “not configured.”
Added missing "Ingress/Egress" resource support for several CloudFormation queries.
Bug Fixes
Query fixes
Added support for CloudFormation queries missing ingress/egress resources (Part 3).
Corrected regex for Security Group Not Used (Terraform/AWS).
Fixed parent–child handling for server-level auditing in SQL Server Database Without Auditing.
Improved password and secret handling in Avoiding TF Resource Access allow rules.
False positives
Security Group Not Used
Storage Account Allows Default Network Access
SQL Server Database Without Auditing
False negatives
Encryption On Managed Disk Disabled
Terraform Plan Scanning improvements
Azure Windows VM does not enable encryption.
Key vault key is not backed by HSM.
Managed disks do not use a specific set of disk encryption sets for customer-managed key encryption.
Windows VM Without Automatic Updates.
Virtual Machine extensions are installed.
Linux VM Without SSH Key.