Skip to main content

Multi-Tenant (May 2023)

API Security



Version 2.85 (Released on May 14, 2023)


Identifying and monitoring Shadow APIs - Shadow APIs refer to undocumented APIs found in code that can pose a significant security risk if left unmonitored. Identifying Shadow APIs is crucial to ensure that all APIs are protected, not just the ones that are known and documented. This is where our solution comes in as a key differentiator in the industry. We specialize in finding Shadow APIs to ensure that they are properly secured and protected from potential vulnerabilities.

Without proper identification and monitoring of Shadow APIs, any shift-right solution that only focuses on known APIs is ineffective. That's why we prioritize discovering and securing these hidden APIs, so that our customers can have complete protection and peace of mind.

For more information, refer to this help topic.


API Inventory - API Security is now able to scan Swagger files to identify all APIs available within an organization. This is a critical step in understanding the scope of APIs that exist in a system and identifying any potential security vulnerabilities.

With an accurate and up-to-date API inventory, organizations can effectively manage their APIs and ensure they are properly secured. Additionally, an API inventory helps in identifying potential duplication or overlap of APIs, which can be optimized to improve efficiency and reduce maintenance costs. It is an essential tool for API governance and can be used to track changes and updates to APIs over time.

For more information, see here.


API documentation risks can be a serious concern for developers and organizations alike. One way to address this issue is by proactively scanning Swagger files to identify vulnerabilities and risks at an early stage, before they can cause significant problems. This can help ensure that the API documentation accurately reflects the intended functionality and reduces the likelihood of errors or misunderstandings down the line.

In addition to improving the accuracy and completeness of the documentation, scanning Swagger files for potential risks can also improve the overall security of the API and prevent or mitigate potential security breaches.

Refer to this page for more details.


Identifying sensitive data discrepancies - API Security is now able to identify any discrepancies between the sensitive data parameters in code and those in the Swagger API documentation. This helps users discover any sensitive parameters they may not have been aware of before, allowing them to take action to fix and update their Swagger files. This ensures that the API documentation accurately reflects the current state of the codebase, reducing the risk of data breaches and other security incidents.

For more information, see this page.


Support for Flask Python queries - The incorporation of Flask Python queries into our API security scanning enables thorough analysis and identification of potential vulnerabilities within Python-based applications. With this expanded support, our customers can confidently ensure the integrity and resilience of their applications, safeguarding them against potential security risks.

Checkmarx SCA


This section relates only to SCA releases that are relevant to users who consume SCA through the Checkmarx One platform. Release notes for the SCA standalone platform are available here.

SCA Resolver Releases

We released the following new versions of SCA Resolver:


The complete changelog, and links to download SCA Resolver are available here.

Version 2.2.2

  • Syft is now used automatically whenever the --scan-container flag is used. The --use-syft flag is no longer in use.


    This is a breaking change. If you have pipelines that use the --use-syft flag, it needs to be removed.


    For syft to run on your scans, you need to have it installed on the machine that is running Resolver, see Prerequisites.

  • For PIP:

    • Added a new argument for including custom manifest files for resolution.

    • Improved detection of the Python version installed on the system.

  • For Gradle, dependencies that were ignored by the package manager are now ignored by Resolver.

  • For NPM, the problem with the decision to run commands for NPM6 or NPM7 has been fixed.

  • Fixed "out of memory" issues that were occurring in some edge cases.

Version 2.1.9

  • For Gradle, added support for dynamic submodule declaration.

  • ImageResolver updated to version 2.0.47.

CLI and Plugins Release of May 2023

Version 2.0.47





KICS realtime

When a kics-realtime scan completes successfully and doesn't find any IaC securtiy vulnerabilities, the results are now correctly returned showing "0" IaC security vulnerabilities.


BtiBucket contributor count

The contributor count for BitBucket now counts only contributors who have contributed in the past 90 days, as expected.

IDE Plugins

In April we released the following IDE plugin version:

  • Eclipse - 2.0.6 (uses CLI v2.0.45)

  • VS Code Extension - 2.1.0 (uses CLI v2.0.47)

  • JetBrains Plugin - 2.0.11 (uses CLI v2.0.47)

Improvements and Bug Fixes






Pre-release versions

VS Code, JetBrains

We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update automatically to the latest pre-release version or to update only when a new release version is published.

To automatically install pre-release versions, see VS Code Automatic Updates and JetBrains Automatic Updates


SCA Realtime

VS Code

For SCA Realtime scans that return incomplete results, we now show a Dependency resolution errors section which gives info about manifest files that weren't resolved and the reason for the error (e.g., relevant package managers not installed locally).


Version support


Added support for eclipse version 2019-03 (4.11) and above.


Product name


All references to AST (other than the name of the plugin) have been changed to use the new product name "Checkmarx One".


Additional parameters


Fixed tooltip for Additional parameters so that link points to new documentation portal.

IDE Plugin Quick Links