Skip to main content

Jenkins Plugin - Changelog

The following table lists the features and changes that have been implemented for the plugin with the relevant version release.

Note

Install the latest version of the Jenkins plugin from marketplace.

Plugin Version

Release Date

CLI Version

Improvements

Bug Fixes

2.0.13-575.ve032ddd17a_a_4

May 20, 2024

2.1.2

  • The CLI that this plugin is based on is now signed with the Checkmarx digital signature, indicating that this is an official Checkmarx product. This enables communication from this plugin to bypass firewalls on Windows computers that previously blocked the unsigned CLI.

2.0.13-571.v6e4e22d0623f

May 1, 2024

2.0.75

  • General improvements and bug fixes.

2.0.12-568.v9c19049fe239

Apr 9, 2024

2.0.72

  • Added a new flag, --sast-fast-scan to the Advanced Options, for running SAST scans in fast scan mode.

  • Added a new flag --application-name to the Advanced Options, which enables users to assign the project to a specific application.

    Note: This is only effective when creating a new project and assigning it to an existing application.

  • Added Directory.Packages.props to the list of included files (when creating the zip archive for scanning).

2.0.12-529.v940316ea_19da_

Feb 22, 2024

2.0.67

  • Remediated vulnerabilities that we identified in our project.

  • Uses CLI version in which vulnerabilities affecting that project have been remediated.

2.0.12-518.v686a_a_26876ce

Feb 9, 2024

2.0.66

  • We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update to the latest pre-release version or to update only when a new release version is published.

  • The output log is now stored to a variable cxcli, enabling users to access this data further along in their pipeline.

  • Updated CLI code to GO version 1.21.1 in order to remediate a vulnerability.

  • We now return an unlimited number of results in the results summary (had been limited to 10k).

  • Added an environment variable, "CX_IGNORE_PROXY", for ignoring proxies. Mark the variable as true to ensure that all Checkmarx One CLI commands run directly from the local machine.

  • Added Podfile and Podfile.lock to the list of included files (when creating the zip archive for scanning).

  • Added information about violated policies to the scan summary output.

    For policies that are configured to "break build", when the policy is violated the scan will fail. (The --ignore-policy flag can be applied using --additional-params to prevent policies from causing the scan to fail).

  • Added the ability to generate SBOM reports. SBOMs can be generated using CycloneDX or SPDX format. SPDX reports are output in JSON format, and CycloneDX can be output as JSON or xml. This can be done using the scan create or results show command.

  • Increased the default limit for projects returned using the project list command to 10,000. (This enables Checkmarx One to effectively verify whether a project with the specified name already exists when a scan is initiated via CLI/plugin.)

  • We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.

    Notice

    We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

  • Fixed issue obtaining scan ID from logs.

  • Fixed issue that submitting --groups was interfering with project configuration (e.g., removing designation of primary branch).

2.0.11-450.v39e936fcb_0c0

June 16, 2023

2.0.48

  • You can now designate a scan as a "Private Package" and assign a package version to it using the Additional Parameters options. Once a private package has been scanned, info about the risks affecting that package will be identified by SCA when that package version is used in any of your projects. You can download an article about private packages here.

  • We added the --exploitable-path flag to the Additional Parameters options. This enables you to designate whether or not Exploitable Path will run on this particular scan. When used, this overrides the designation made in the project settings.

    We also added a flag --sca-last-sast-scan-time, which enables you to specify the number of days that SAST scan results are considered valid for use in Exploitable Path (i.e., if there is no current SAST scan, how many days prior to the current SCA scan will Checkmarx One look for a SAST scan to use for analyzing Exploitable Path.)

    Warning

    The --sca-last-sast-scan-time flag is not yet fully supported and may not function as designed.

  • Improved memory usage when uploading zip files.

  • Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning).

  • Added additional options for pdf format reports. When running the results show command or the scan create command with --report-format set to pdf, you can now:

    • Add the --report-pdf-email flag to specify email recipients.

    • Add the --report-pdf-options flag to specify which sections to include in the report. Options are: Iac-Security, Sast,Sca, ScanSummary, ExecutiveSummary, ScanResults.

  • Added the option to generate reports in markdown format using the --report-format flag.

2.0.11-415.vde4f199d0f33

Mar 2, 2023

2.0.41

General improvements and bug fixes

2.0.11-409.vddc0ca_56ce70

Feb 24, 2023

2.0.39

General improvements and bug fixes

2.0.11-366.vcc8e9a_380a_78

Nov 11, 2022

2.0.34

A report is now generated when a build fails because of a threshold set in the Checkmarx One plugin.

2.0.11-348.v434cc908cfe6

Oct 20, 2022

2.0.31

Fixed issue that pipelines were failing.

2.0.11-319.vb_0fa_8477f9a_d

Aug 29, 2022

2.0.25

All documentation links now point to the new Checkmarx documentation portal at https://checkmarx.com/resource/documentation.

2.0.11-305.vf5b_6c5f3d2cd

Jul 20, 2022

2.0.21

Fixed issue that "Test Connection" hadn't been working properly.

2.0.11-295.v86e43214c160

Jul 4, 2022

2.0.21

You can now store secrets as environment variables, to avoid printing them to logs.

2.0.11-278.v19427b_1422b_3

Jun 16, 2022

2.0.18

  • General improvements

  • Fixed issue that some results weren’t being shown properly in the Checkmarx Scan Results tab in Jenkins.

2.0.11-274.va_d38ce3e7a_35

May 31, 2022

  • You can now add filters to the scan create command (to exclude files/folders from the scan) separately for each specific scanner. The flags for the new filters are: --sast-filter <string>, --kics-filter <string>, --sca-filter <string>. See scan create.

    Tip

    The existing flag --file-filter , which sets filters for the entire scan (for all scanners) is still in use.

  • You can now add an ssh key to a scan, using the flag --ssh-key <string> with the path to the ssh private key.

  • Updated html content to give clear explanation of async scan flow.

2.0.11-270.v58f65715b_f9b_

May 11, 2022

Change build step to run in the agent.

2.0.10-265.v7ed6917039c0

Apr 13, 2022

General improvements and bug fixes.

2.0.9-261.vfd1a_e1162900

Apr 11, 2022

2.0.16

Handle job cancel event and cancel scan if running.

2.0.9-234.v64773b_46040d

Mar 2, 2022

2.0.13

  • Added new --sca-resolver-params flag to the scan create command. See documentation here.

2.0.15

2.0.10

  • Added SummaryJSON reports.

  • Added the --scan-timeout <int> flag to the scan create command, enabling users to specify a time limit after which the scan will fail and terminate. See documentation here.

  • Updated UI elements to reflect the new Checkmarx branding (e.g., logo).

2.0.14

2.0.9

  • Added ability to break builds by specifying a threshold for acceptable vulnerabilities.

  • Added support for exporting scan results directly to SonarQube or SonarCloud console. See documentation here.

2.0.13

2.0.4

  • Updated CLI to version 2.0.4

  • Added branch parameter (required)

2.0.11

  • Added global additional options

  • Changed checkmark API token to Oauth clientId and secret

  • Remove team name field

  • Fixed bug when running checkmark step in secondary node.

2.0.10

  • Minor improvements

2.0.10

  • Minor improvements

2.0.9

  • Remove zip filters field

  • Integration with Checkmarx One results

2.0.8

  • Added a check connection button

  • Remove scan type selection

  • Change jenkins minor version to 2.263.1

2.0.7

  • Update labels and tooltips

  • Remove scan type selection option

  • Set default branch name

2.0.6

  • Global Settings - When creating a freestyle project Checkmarx One is not using Global Settings as default.

  • Default filters - Updated the default filters functionality.

2.0.5

  • Added Checkmarx One link to results page

  • Tenant name is not holding the global configuration page

2.0.4

  • Added results page

2.0.3

  • Added Pipeline build support

  • Added tenant support

2.0.0

  • Supports SAST Scan

  • Support for file filters while zipping the source code.

  • Store the Client-ID/Secret using Jenkins Credentials.

  • Support for using all the available options from the CLI. (Conditions Apply)