JetBrains Plugin - Changelog

Added the ability to create a new branch in the Checkmarx project when you run a scan from the IDE.

General improvements and bug fixes

General improvements and bug fixes

Added the AI Secure Coding Assistant (ASCA). The ASCA scanner is a lightweight scan engine that runs in the background as you work in JetBrains. Whenever you edit a file in JetBrains the ASCA scanner automatically scans that file.

ASCA also provides customized prompts to get remediated code from Copilot. For more info about ASCA in JetBrains, see here.

General improvements and bug fixes

General improvements and bug fixes

General improvements and bug fixes

General improvements and bug fixes

General improvements and bug fixes

General improvements and bug fixes

The CLI that this plugin is based on is now signed with the Checkmarx digital signature, indicating that this is an official Checkmarx product. This enables communication from this plugin to bypass firewalls on Windows computers that previously blocked the unsigned CLI.

General improvements and bug fixes.

Changed mismatch warning behavior.

We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update automatically to the latest pre-release version or to update only when a new release version is published. To learn how to install pre-release versions, see Automatic Updates - Releases Versions and Pre-Release Versions.

Updated dependencies

All references to AST (other than the name of the plugin) have been changed to use the new product name "Checkmarx One".

Fixed tooltip for Additional parameters so that link points to new documentation portal.

Fixed issue that SCA Additional Knowledge link had been causing errors when no link was available.

The "Code samples" tab was renamed "Remediation Examples".

You can now initiate scans directly from your IDE. This empowers developers to identify vulnerabilities and remediate them as they code. This feature is currently supported for VS Code and JetBrains. This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings.

You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace.

In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Checkmarx One CLI Commands.

We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key.

In the SAST results viewer, we added new tabs with additional info about each vulnerability.

In the SCA results viewer -

Added option to group results by file name.

Fixed issue that retrieving SCA results was causing an error.

Added links to the relevant Codebashing lessons.

Added support for JetBrains’ Android Studio IDE.

Automatically selects the latest scan once a project and branch have been selected.

Added ability to filter results by vulnerability state.

Added ability to triage results directly from the IDE console

Added a brief description for SAST vulnerabilities

Updated UI elements to reflect the new Checkmarx branding (e.g., logo)

General UI improvements

Updated CLI to version 2.0.4

Added buttons in the sidebar of the Checkmarx pane to filter vulnerabilities by severity

Fixed issue when opening a JetBrains project that doesn’t have a repository

Import Checkmarx One scan results into your IDE

Show results from all scan types (SAST, SCA, and KICS)

Group and filter results

Navigate from results directly to the vulnerable code in the editor

Vulnerable code is highlighted in the editor