Skip to main content

Releases of February 2022

Version 38

New features and improvements

Status

Description

NEW

The parameters of a scanner (SAST, SCA, KICS) can now be configured at four different levels, each overriding the previous one:

  • Environment: The default configuration at the environment level (e.g., master, eu-prod, dev, ppe, etc.)

  • Tenant: The default scanner configuration of the specific tenant. It is derived from the environment scans configuration. It can be overridden by an administrator only.

  • Project: The default scanner configuration of a specific project. It is applied to all the scans initiated on this project. The default project configuration is derived from the tenant scan configuration. It can be overridden by users with the relevant role.

  • Config-as-Code: This configuration is defined in a Checkmarx YAML file in the source repository (under .checkmarx/config.yml). Config-as-code is applied at the scan level.

For comprehensive documentation on project settings, refer to this section.

Version 37

New features and improvements

Status

Description

NEW

The scanners that the user has license for are now set to True by default.

NEW

This version introduces support for logging in Jira.

NEW

The UI for triaging vulnerabilities in Eclipse has been enhanced with new icons and the ability to refresh the results.

NEW

The UI for triaging vulnerabilities in JetBrains has been enhanced with new icons.

NEW

The Open option is now available only for the scanners the user has a license for.

NEW

This version introduces front-end support for automatic scans in Azure.

NEW

This version introduces back-end support for automatic scans in Bitbucket.

NEW

If a user chooses to configure a webhook and the configuration fails for any reason, the Checkmarx One project will not be created and a notification to the user will appear.

NEW

UI links have for CI/CD have been added to plugins.

NEW

A new parameter of the scan create endpoint enables you to determine various types of vulnerability thresholds. The following keys are available:

  • ast-high, sast-medium, sast-low

  • sca-direct-high, sca-direct-medium, sca-direct-low

  • sca-transitive-high, sca-transitive-medium, sca-transitive-low

  • kics-high, kics-medium, kics-low

For example: --threshold "sast-high=1"

The system will return an error if a threshold is exceeded.

NEW

To enhance API usability, the --format parameter has been renamed to --scan-info-format. The parameter supports the table or JSON format and is used to:

  • select the format applied to display the scan information (i.e., scan ID, scan date, etc.)

  • select the format for representing scan data (table or JSON)

NEW

When authenticating via API, a user is now prompted to indicate one of the following roles:

  • ast-admin

  • ast-scanner

In previous versions, the role value defaulted to ast-admin.

If the user provides a string that does not match either option, the following error message will appear:

Role not found, please input ast-admin or ast-scanner

If the user is not granted the indicated role, the following error message will be displayed:

User does not have permission for <role name>

Resolved issues

Status

Description

FIXED

Using the source node/sink node filters caused disappearance of all the results.

CLI and Plugins Release of February, 2022

During February, we released two new CLI versions, containing important updates and improvements. We also released new plugins that use the new CLI versions and contain additional improvements.

Released New CLI Versions

Version 2.0.11

General Improvements

Status

Item

Description

UPDATE

Renamed format flag

In the scan create command, we renamed the format flag as scan-info-format.

Version 2.0.12

General Improvements

Status

Item

Description

UPDATE

Renamed results command

Renamed the results command as results show command.

Bug Fixes

Status

Item

Description

FIXED

proxy

Fixed a problem with proxy connections.

FIXED

empty project name

An error is now generated when project name is empty.

FIXED

threshold flag

Fixed the help text for the threshold flag.

FIXED

result command

Fixed the help text for the result command to include state filters.

FIXED

SCA Resolver

Fixed the help text for the SCA Resolver flag.

CI/CD Plugins

New CI/CD Plugin Version - Based on CLI 2.0.11

In February we released the TeamCity plugin Version 2.0.7 based on CLI version 2.0.11. This release contains the following updates:

  • In the scan create command, we renamed the format flag as scan-info-form.

  • Fixed problems with the proxy connection

New CI/CD Plugin Versions - Based on CLI 2.0.12

We also released the following plugin versions based on CLI version 2.0.12.

General Updates

This group of new plugin releases include the following general updates.

Status

Item

Platform

Description

UPDATE

Renamed format flag

All

In the scan create command, we renamed the format flag as scan-info-format.

UPDATE

Renamed results command

All

Renamed the results command as results show command.

UPDATE

Branding

Azure DevOps

Updated UI elements to reflect the new Checkmarx branding (e.g., logo).

FIXED

Origin name

Azure DevOps

Fixed naming of agent for scans run via Azure DevOps to accurately reflect scan origin.

FIXED

Proxy

GitHub Action

Fixed a problem with proxy connections.

FIXED

Empty project name

GitHub Action

An error is now generated when project name is empty.

IDE Plugins

In February we released a new version of the Eclipse Plugin Version 2.0.1 based on CLI version 2.0.12. This release contains the following updates:

  • Improved the Attack Vector design

  • Minor bug fixes

In this section: