Skip to main content

Multi-Tenant (April 2023)

New features and improvements

Status

Description

Version 2.84 (Released on April 30, 2023)

NEW

The latest update to Feedback Apps allows users to define and override issue-type fields in Azure work items configuration at the project or scan level using project and scan tags.

This is a convenient solution for users who would otherwise have to maintain multiple Feedback apps, saving them time and effort.

NEW

We have added a new preview wizard that enhances the comparison of two scan results by presenting relevant information in a clear and concise manner. This wizard displays pertinent information about the two scans, including relevant details and totals for fixed, new, and recurrent issues.

With this feature, users can quickly see which issues have been fixed and which ones are still outstanding. They can also determine if new issues have arisen since the last scan, enabling them to take proactive measures to resolve these issues before they escalate.

NEW

Single-tenant customers can now use self-hosted Azure DevOps (ADO) instances.

Previously, only multi-tenant customers were able to use self-hosted ADO instances, while single-tenant customers were required to use Microsoft-hosted instances.

With this new feature, single-tenant customers can now choose to host their ADO instances on their own servers, giving them more control over their data and enabling them to meet any specific security or compliance requirements they may have. Self-hosted ADO instances also offer greater flexibility and customization options compared to Microsoft-hosted instances.

NEW

Feedback App for Jira has been updated to support complex type fields.

The term "complex fields" refers to pre-defined "structures" rather than simple dropdown selections, integers, or strings.

NEW

Checkmarx One has extended its support for various formats of fields in different Jira issue types.

In case an issue type has a mandatory field of an unsupported format, the user will be prompted to convert that field to an optional one, ensuring that the issue can still be created or edited.

This feature helps users maintain data consistency and completeness while working with various issue types.

Version 2.83 (Released on April 16, 2023)

NEW

The SAST engine implemented in Checkmarx One has been upgraded to version 9.5.4.

NEW

The Code Repository Coverage widget has undergone a redesign to not only enhance its visual appeal but also improve its functionality and user experience. The updated widget boasts a sleek and modern appearance, with a refreshed color palette and intuitive design that makes it easy to use and navigate.

Whether you're a developer looking to track code coverage metrics or a team lead interested in monitoring progress, the redesigned widget is sure to be a valuable tool for your workflow.

NEW

The Code Repository (SCM) import process for Bitbucket projects has been enhanced to enable all users, regardless of their permissions, to import projects and scan them within their organization.

By allowing users without Admin permissions to import projects, we are providing a more inclusive and flexible user experience while also improving the efficiency and usability of the import process.

NEW

Customers now have the option to host their own Azure DevOps (ADO) instance if they prefer a self-hosted solution. This is especially useful for organizations with specific security, compliance, or customization requirements that cannot be met with a cloud-based solution.

Bug Fixes

Status

Description

Version 2.83 (Released on April 16, 2023)

FIXED

Results from different programming languages are mixed in the Results Viewer. As a result, result states are affected.

Checkmarx SCA

Notice

This section relates only to SCA releases that are relevant to users who consume SCA through the Checkmarx One platform. Release notes for the SCA standalone platform are available here.

Support for Unity Package Manager

We added support for Unity package manager.

Unity_logo_PNG10.png

Languages/Frameworks: Unity

Repository: Unity Technologies, Needle-mirror, Open UPM

File Types: none

Supported Package Managers

Exploitable Path

Supply Chain Security (SCS)

Manifest Files (Packages marked with (blue star) are required)

none

x-10366__1_.png

x-10366__1_.png

manifest.json(blue star), packages.json(blue star)

SCA Resolver Releases

We released the following new versions of SCA Resolver:

Notice

The complete changelog, and links to download SCA Resolver are available here.

Version 2.1.5

  • Added support for Unity package manager. For more information, see Unity Package Manager Dependency Resolver.

  • For Bower, fixed issue that dependency resolution was failing when latest version ("*") was specified.

  • For Ivy, fixed issue that unused versions were being resolved despite the fact that a newer version had been specified in the manifest file.

  • ImageResolver updated to version 2.0.43.

Version 2.1.2

  • Added support for authentication via Master Access Control, see Master Access Control Authentication for Checkmarx SCA Resolver.

  • For Sbt, stack overflow is fixed when building the dependency tree.

  • For Gradle, when a submodule is duplicated in a project we now resolve the package only once.

  • ImageResolver was updated to version 2.0.41.

CLI and Plugins Release of April 2023

Version 2.0.46

Status

Item

Description

UPDATED

SCA Realtime errors

Added error handling for SCA Realtime scanner.

Version 2.0.45

Status

Item

Description

NEW

Environment variables

We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.

Notice

We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

UPDATED

Branches

We increased the number of branches returned using the project branches command from 20 to 1,000.

Version 2.0.44

Status

Item

Description

NEW

Private packages

You can now designate a scan as a "Private Package" and assign a package version to it using the addtional_params options. Once a private package has been scanned, info about the risks affecting that package will be identified by SCA when that package version is used in any of your projects. You can download an article about private packages here.

NEW

Flags

We added the --exploitable-path flag to the additional_params options. This enables you to designate whether or not Exploitable Path will run on this particular scan. When used, this overrides the designation made in the project settings.

NEW

File extensions

Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning).

UPDATED

Memory usage

Improved memory usage when uploading zip files.

FIXED

Contributors count

Fixed issue that was causing index out of range errors for the contributors count command.

FIXED

Sarif reports

Fixed issue that SCA results weren't being included in sarif reports.

CI/CD Plugins

In April we released the following CI/CD plugin versions.

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

Proxy environment variables

TeamCity

We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.

Notice

We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

NEW

Private packages

TeamCity, GitHub Actions, Azure DevOps

You can now designate a scan as a "Private Package" and assign a package version to it using the Additonal parameters options. Once a private package has been scanned, info about the risks affecting that package will be identified by SCA when that package version is used in any of your projects. You can download an article about private packages here.

NEW

Exploitable Path

TeamCity, GitHub Actions, Azure DevOps

We added the --exploitable-path flag to the Additonal parameters options. This enables you to designate whether or not Exploitable Path will run on this particular scan. When used, this overrides the designation made in the project settings.

We also added a flag --sca-last-sast-scan-time, which enables you to specify the number of days that SAST scan results are considered valid for use in Exploitable Path (i.e., if there is no current SAST scan, how many days prior to the current SCA scan will Checkmarx One look for a SAST scan to use for analyzing Exploitable Path.)

Warning

The --sca-last-sast-scan-time flag is not yet fully supported and may not function as designed.

NEW

File extensions

TeamCity, GitHub Actions, Azure DevOps

Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning).

UPDATED

Memory usage

TeamCity, GitHub Actions, Azure DevOps

Improved memory usage when uploading zip files.

FIXED

Additional parameters

TeamCity

Fixed issue that spaces in additional params values had been causing errors.

IDE Plugins

In April we released the following IDE plugin version:

  • VS Code Extension - 2.0.18 (uses CLI v2.0.46)

  • Visual Studio Extension - 2.0.14 (uses CLI v2.0.45)

  • JetBrains Plugin - 2.0.9 (uses CLI v2.0.41)

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

Proxy environment variable

Visual Studio

We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.

Notice

We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

UPDATED

Create Scan button

VS Code

Improved visibility of the Create Scan button by moving it to the header bar of the Checkmarx pane.

UPDATED

Version support

Visual Studio

Added support for earlier versions of Visual Studio 2022. We now support SDK version 17.0 and above.

UPDATED

Memory usage

Visual Studio

Improved memory usage when uploading zip files.

UPDATED

Product name

JetBrains

All references to AST (other than the name of the plugin) have been changed to use the new product name "Checkmarx One".

FIXED

Additional Knowledge link

JetBrains

Fixed issue that SCA Additional Knowledge link had been causing errors when no link was available.

FIXED

Create Scan button

VS Code

Fixed issue that the Create Scan button had been disabled after unexpected shutdown.

FIXED

SCA Realtime results

VS Code

Fixed issue that SCA Realtime wasn't yielding results for users that didn't enter account credentials.

Tip

This is a free tool that does not require a Checkmarx account.

FIXED

Filters

VS Code

Fixed issue that filters hadn't been functioning properly.

FIXED

Additional parameters

Visual Studio, JetBrains

Fixed tooltip for Additional parameters so that link points to new documentation portal.

IDE Plugin Quick Links