1.1.36 December 2024 | Added a new parameter loglevel . Added a warning regarding the deprecation of the parameter AvoidDuplicateProjectScans . Added the plugin name and version in the headers of API calls. Added support for OpenJDK 21. Added changes to use the Project Default preset if no preset is specified in the parameters.
Upgraded the following libraries cx-client-common to 2024.3.28 commons--io to 2.17.0 netty-resolver-dns to 4.1.115.Final netty-common to 4.1.115.Final
| Supported SAST versions: 9.5, 9.6 and 9.7 OSA Support: Supported - *FSA agent supported version: 24.2.2 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8, OpenJDK 17, OpenJDK 21
1.1.34 October 2024 | Upgraded the following libraries: | Supported SAST versions: 9.5, 9.6 OSA Support: Supported - *FSA agent supported version: 24.2.2 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8, OpenJDK 17
1.1.33 August 2024 | Upgraded the following libraries: org.bouncycastle:bcprov-jdk18on to 1.78.1 org.apache.commons:commons-compress to 1.27.0 org.mozilla:rhino to 1.7.15 io.vertx:vertx-core to 4.5.9 io.netty dependencies to 4.1.112.Final org.iq80.snappy:snappy to 0.5
| Supported SAST versions: 9.4, 9.5, 9.6 OSA Support: Supported - *FSA agent supported version: 24.2.2 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8, OpenJDK 17
1.1.31 August 2024 | Fixed the issue: The scan did not find the existing project name containing special characters in the case of the CxSCA scan. Enhanced functionality to enable users to set a timeout for copying branch projects. Upgraded the following libraries: Cx-Client-common to 2024.3.26 org.apache.commons:commons-compress to 1.26.0 org.bouncycastle:bcprov-jdk18on to 1.78 io.vertx:vertx-core to 4.5.3 io.netty:netty-codec-http to 4.1.108.Final
| Supported SAST versions: 9.4, 9.5, 9.6 OSA Support: Supported - *FSA agent supported version: 24.2.2 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8, OpenJDK 17
1.1.30 January 2024 | Upgraded the following libraries: com.google.guava:guava to 32.0.1-android org.eclipse.jgit:org.eclipse.jgit to cx-client-common to 2024.1.1
Enhanced to print plugin version in logs. Enhanced to show policy compliance status in logs. Fixed the issue of SAST scan getting terminated while waiting for longer duration with Status SourcePullingAndDeployment.
| Supported SAST versions: 9.4, 9.5, 9.6 OSA Support: Supported - *FSA agent supported version: 24.0.1 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8, OpenJDK 17
1.1.27 November 2023 | Enhanced functionality to avoid duplicate SAST scans for the same project if another scan is already running. Upgraded the following libraries: org.json:json to 20231013 com.google.guava:guava to 32.0.0-android io.netty:netty-handler to 4.1.100.Final org.codehaus.plexus:plexus-archiver to 4.8.0 org.bouncycastle:bcprov-jdk15on to 1.70 org.eclipse.jgit:org.eclipse.jgit to
Enhanced to use of expected versions of SAST APIs.
| Supported SAST versions: 9.4, 9.5, 9.6 OSA Support: Supported - *FSA agent supported version: 23.0.2 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.26 | Uptake of FSA version 23.0.2. The following third-party
libraries have been upgraded: Library org.json:json to
20230227 Library
com.fasterxml.jackson.core: jackson-databind to 2.15.0-rc1 Library
com.fasterxml.jackson.dataformat: jackson-dataformat-yaml to 2.15.0-rc1 Library net.lingala.zip4j :zip4j to2.11.5 Library org.glassfish.jaxb:
jaxb-runtime to 2.3.2 Removed dependency on
org.yaml: snakeyaml
Post Scan Action feature is now supported with the 9.4+ version of SAST. The SCA Resolver integration is enhanced to reuse SAST-specific parameters like project name, source code location, SAST server URL, and credentials. SCA resolver additional parameters are reserved for additional arguments as per SCA resolver arguments syntax.
| Supported SAST versions: 9.3, 9.4, 9.5 OSA Support: Supported - *FSA agent supported version: 23.0.2 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.21 | | Supported SAST versions: 9.2, 9.3, 9.4, 9.5 OSA Support: Supported - *FSA agent supported version: 21.0.5 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.18 | Fixed issue “Plugin Shows Git Token in Plain Text”. Fixed issue “failed with next error 'Exception in thread "main" java.lang.NoClassDefFoundError: net/lingala/zip4j/core/ZipFile.” Fixed issue “Plugin does not work with ScaResolver and Exploitable path”. Below are the newly introduced features in plugin: Below are the newly introduced command line options for SAST Scan:
Below are the newly introduced command line options for SCA Scan: Config-as-code cx.config file can have new properties “enableSASTBranching” and ‘masterBranchProjName’ to enable branching support and name of master branch project. The following third-party libraries have been upgraded: Library “snakeyaml” to 1.33. Library “Jackson-databind” to 2.14.0. Library “jsoup” to 1.15.3. Library “gson” to 2.10.
| Supported SAST versions: 9.3, 9.4, 9.5 OSA Support: Supported - *FSA agent supported version: 21.0.5 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.14 | Fixed an issue that caused duplicated headers being sent while re-attempting a scan after token has expired. The following command line options have been introduced for OSA scans: ‘osafailonerror’ to fail the CxOSA scan if any error occurs while performing the scan. ‘osascanjson’ to provide a custom CxOSA dependency “.json” file. ‘osaerrorlogdir’ to provide a location to store CxOSA log files that contain errors indicted in the command line. ‘osafsaconf’ to provide a comma separated list of FSA configurations.
The Config-as-code cx.config file supports a new property called “overrideProjectSetting” that decides whether values of property “preset” and “configuration” are replaced in the SAST project settings. The following third-party libraries have been upgraded: Library “io.netty:netty-codec-http” to 4.1.77.Final. Library “io.netty:netty-code” to 4.1.77.Final. Library “net.lingala.zip4j: zip4j” to 2.10.0. Library “org.springframeworkspring-core” to 5.3.20.
| Supported SAST Versions: 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 21.0.5 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.12 | | Supported SAST Versions: 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 21.0.5 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.11 | | Supported SAST Versions: 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 21.0.5 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.10 | | Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 20.0.13 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.9 | An option to run a SCA scan via the SCA Resolver has been added. Support for scan level custom fields has been added. The SCA scan timeout functionality enforces the timeout for SCA scans.
For additional information and instructions on running SCA via the SCA Resolver, on using scan level custom fields and on using the SCA timeout, refer to Running Scans from the CLI. | Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 20.0.13 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.8 | | Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 20.0.13 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.7 | | Supported SAST Versions: 9.0, 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 20.0.13 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
1.1.5 | The version numbering has been changed starting with this version (semantic versioning instead of year.quarter.version). An exploitable path/attack vector has been added for CxSCA scans. The ‘CheckPolicy’ option now enforces CxSCA policies to break the build as per policy action. An option to include source code with CxSCA scans has been added. Private registries and environment variables have been added for CxSCA scans. Project creation and team assignment capabilities have been added for CxSCA scans.
| Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4 OSA Support: Supported - * FSA agent supported version: 20.0.11 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2021.1.4 | | Supported SAST Versions: 8.9, 9.0, 9.2, 9.3 OSA Support: Supported - * FSA agent supported version: 20.0.11 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2021.1.1 | Fixed the CxSAST 8.9 scan issue Fixed the retry mechanism for the SAST/OSA scan status failure Converted zipped files messages from the info to the debug log level
| Supported SAST Versions: 8.9, 9.0, 9.2, 9.3 OSA Support: Supported - * FSA agent supported version: 20.0.9 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2020.4.12 | Fixed the CxSAST project settings override options (relevant for CxSAST 9.3) Added Config as code support Configured Origin via the configuration as code Added NTLM proxy support Added a new command line parameter for include/exclude patterns Upgraded Log4j Fixed the CxSCA OpenId call with proxy and SSL context
| Supported SAST Versions: 8.9, 9.0, 9.2, 9.3 OSA Support: Supported - * FSA agent supported version: 20.0.9 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2020.4.4 | Fixed case sensitive project name for SCA Fixed the Async mode in SCA Exported SCA results to JSON files Printed the SAST and SCA user names as hashed Printed the SAST and SCA passwords and token as masked (stars) Fixed GenerateToken and RevokeToken error messages in the log Fixed the OSA Json reports that were missing the “.json” extension Fixed a password issue in Windows (starts with "-" followed by uppercase) Fixed an issue where scans running in parallel 'hung' Fixed missing default include pattern Fixed the include/exclude parameters to be added instead of overridden Coupled multiple scanners in a way that they run independently. In case one scanner fails, it won’t affect the others Fixed the “help” command. It now indicates the missing parameters
| Supported SAST Versions: 8.9, 9.0, 9.2 OSA Support: Supported - * FSA agent supported version: 20.0.8 SCA Support: Supported Operating Systems: Windows, Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2020.3.1 | | Supported SAST Versions: 8.9, 9.0, 9.2 OSA Support: Supported - * FSA agent supported version: 20.0.5 SCA Support: Supported Operating Systems: Windows Supported Java version: OpenJDK 11, Oracle JDK 8
2020.2.18 | | Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: 20.0.5 SCA Support: Supported Operating Systems: Windows Supported Java version: OpenJDK 11, Oracle JDK 8
2020.2.11 | Added support for new CxSCA APIs The ScaTenant CLI flag has been renamed to ScaAccount Enabled creating projects without adding the "\" prefix when performing scans performing scans for SCA only The SCA Scan ID is displayed in the log
| Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: 20.0.5 SCA Support: Supported Operating Systems: Windows Supported Java version: OpenJDK 11, Oracle JDK 8
2020.2.3 | Fix for the GIT SSH private key Fix for the overriding preset and configuration using GIT Fix for the overriding preset and configuration using Shared Folder Fix for the password print in the log
| Certified SAST Versions: 8.9, 9.0 OSA Support: Supported SCA Support: Supported Operating Systems: Windows (not Windows Server) Supported Tool Version: Visual Studio 2019
2020.1.12 | Fix for configuration parameter Scans are set to be public by default Fix for SSO in CxSAST 8.9
| Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: 20.0.3 SCA Support: Supported Operating Systems: Windows Supported Java version: OpenJDK 11, Oracle JDK 8
2020.1.10 | | Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: 20.0.3 Operating Systems: Windows Supported Java version: OpenJDK 11, Oracle JDK 8
2019.4.10 | | Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: 20.0.0 Operating Systems: Windows and Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2019.4.4 | | Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: Operating Systems: Windows and Linux Supported Java version: OpenJDK 11, Oracle JDK 8
2019.4.2 | OpenJDK 11 support Fix for extension exclusion patterns Fix for resolving team path and project name Fix for login failures in some patterns of passwords Ability to CxOSA Scan Docker images for binary vulnerabilities Ability to break the build according to both CxSAST & CxOSA policy status
| Certified SAST Versions: 8.9, 9.0 OSA Support: Supported - * FSA agent supported version: Operating Systems: Windows and Linux Supported Java version: OpenJDK 11, Oracle JDK 8
8.90.0 | Updated CxOSA scan support for the following dependency managers: NuGet, Python Ability to break the build if CxOSA Policy Compliance is violated Fixed issue that caused CPU spikes Added support for proxy authentication Fixed issue for recursive file pattern exclusions Fixed issue that caused enabling ‘https.’ verification Fixed issue that truncated team name and caused new projects to be created Improved multipart requests to CxSAST server
| |
8.70.0 | A new parameter (-ExecuteNpmAndBower) has been added to this version of the CxSAST CLI plugin enabling the retrieval of all NPM and Bower dependancies before starting the CxOSA scan. The parameters ('-OsaReportHtml' & '-OsaReportPDF') have been deprecated and are no longer supported in this version
| |
8.60.0 | | |