Skip to main content

Releases of October 2022

New features and improvements

Status

Description

Version 2.66.1 (Released on October 26, 2022)

NEW

Checkmarx One users are now able to download scan reports for the SAST engine in the CSV format.

NEW

The SAST engine has been upgraded to version 9.5.1 to improve its performance, accuracy, and stability.

NEW

Existing SAST customers are now able to migrate to Checkmarx One while preserving the user-to-project mapping exactly as it is in SAST.

NEW

This release provides the ability to run and consume incremental SAST scans from within the IDE by using the CLI sub-command ./cx scan create.This capability has been added to VS Code and JetBrains plugins.To enable this functionality, toggle on the option shown in the screenshot below:

image-20221004-164401.png

NEW

To improve and streamline the user experience with the Jira Feedback App Wizard, the authentication and the configuration stages now appear in separate tabs.

NEW

To help developers fix vulnerabilities found by Checkmarx, remediation advice in all the IDEs. The information is split into three sections - Risk, Cause, and General Recommendations - and at least one code sample is provided for each advice.

The example below shows a remediation advice and code sample in VS Code:

Remediation_Advice_Example.png

CLI and Plugins Release of October 2022

New CLI Versions

Version 2.0.32

General improvements and bug fixes

Version 2.0.31

General improvements and bug fixes

Version 2.0.30

Improvements and Bug Fixes

Status

Item

Description

NEW

Tenant settings

We added a new command for retrieving tenant settings via the CLI. See tenant

NEW

API Key

The CLI now extracts the base-uri from the API Key, making it unnecessary to submit the base-uri independently.

UPDATED

Logs sanitization

Added an additional sanitization to the logs, by removing the proxy value.

UPDATED

Error message

Added specific error messages when a user doesn't have a container engine (e.g., Docker) installed and running.

Version 2.0.29

Improvements and Bug Fixes

Status

Item

Description

FIXED

Auto remediation

Fixed issue that auto remediation had been failing for projects that didn't contain dev dependencies.

CI/CD Plugins

In October we released the following CI/CD plugin versions.

  • Azure DevOps Plugin - 2.0.16 (uses CLI 2.0.31)

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

API Key

Azure DevOps

Added the option to authenticate with Checkmarx One using an API Key instead of using an Oauth2 Client.

Tip

When you authenticate using an API Key, there is no need to submit your account info (Base URL, Auth URL, Tenant name).

Learn how to generate an API Key hereGenerating an API Key

IDE Plugins

In October we released the following IDE plugin versions:

  • VS Code Extension - 2.0.11 (uses CLI 2.0.31)

  • JetBrains Plugin - 2.05 (uses CLI 2.0.31)

  • Visual Studio Extension - 2.0.8 (uses CLI 2.0.32)

  • Eclipse Plugin - 2.0.4 (uses CLI 2.0.31)

New Features

Running Scans from IDE

This features is included in the new releases for VS Code and JetBrains.

You can now initiate scans directly from your IDE. This empowers developers to identify vulnerabilities and remediate them as they code. This feature is currently supported for VS Code and JetBrains.

Warning

This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings in the Checkmarx One web portal. Before enabling this feature, you should consider the ramifications; since there is a limitation to the number of concurrent scans that you can run based on your license, enabling IDE scans may cause scans triggered by CI/CD pipelines and SCM integrations to be added to the scan queue, causing major delays for those scans.

To Run a Scan

In the Checkmarx panel in your IDE, open an existing Checkmarx Project in which your current workspace has already been scanned.

Notice

It is a requirement that you must first create a Checkmarx project and run the initial scan using some other method, e.g., web portal, API, CLI etc. Then, you are able to run subsequent scans on that project from your IDE.

When you want to run a new scan (even before committing the code), just click on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace.

The scan applies the scan configuration that was used for the previous scan of this project . For example, if the last time you scanned this project you excluded certain files, those files will be excluded also from the current scan.

Checkmarx runs a sanity check to verify that your current workspace matches the files that were previously scanned under this Checkmarx project. If a mismatch is detected, a warning is shown. You are given the option to run the scan despite the mismatch.

Figure 1. Running Scans from the IDE
Running Scans from the IDE

GIF - How to run a new scan from the IDE



Simplified Integration via API Key

This features is included in the new releases for all IDE plugins.

We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key.

To learn how to generate an API Key, see Generating an API Key.

Additional Parameters

In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Checkmarx One CLI Commands.