- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Previous Releases
- Releases of June 2023
Releases of June 2023
Version 2.88 | Released on June 25
Support query override in application level for scans
This version introduces support for query override at the application level for scans. By allowing query overrides at the application level, users can customize scan parameters and tailor the scanning behavior specifically for individual applications, optimizing the scan results and enhancing the overall security assessment process.
Migration from read/write privileges to Admin privileges
Users now have the option to upgrade their existing Read/Write privileges to Admin privileges within the Code Repository system. By doing so, users gain access to additional Webhook functionalities, enabling them to perform a wider range of actions and further enhance their workflow within the system.
Ability to modify scan tags
Users now have the flexibility to manually add or modify version releases for scans that were launched without a tag. This can be done conveniently in both the Resource Manager list view and the Project Scan History view after the scan has been completed. This enhancement allows for better organization and tracking of scans, ensuring accurate version information is associated with each scan.
IaC Security version upgrade
The IaC Security version has been upgraded to 1.7.0.
JIRA workflow integration logic enhancement
In JIRA, all statuses are categorized under To Do, In Progress, or Done. As part of our effort to streamline the user experience, we have removed the OPEN-STATUS and CLOSE-STATUS configuration fields. Instead, we now automatically consider all statuses in the To Do and In Progress categories as open-status, and all statuses in the Done category as close-status.
This update allows us to support custom states in a drop-down list, reducing the number of configuration steps required, and providing a more intuitive, user-friendly experience.
Resolved issues
The Re-import from SCM feature became unavailable
Regular scan was failing at the step of getting branches when using a BitBucket server
Migrate via New Project - Code Repository Integration
AST performance issue due to huge download footprint
Scan failing when dealing with chunk files of results
SSH URL and Tenant key detected during fetch branches but not scan
Repostore was filtering some extensions only with a ZIP upload
SCA issues were randomly missing in API results
Trying to diagnose and resolve for SCA scans having intermittent partial fail issues
Global Inventory was not displaying detail page of some Risks
Version 2.86.3 | Released on June 4
Lines of Code (LOC) Analysis support in IaC engine
Lines of Code (LOC) analysis is used in generating reports, calculating code density, and generating various charts. This functionality has now been extended to include the IaC engine. It is also a critical factor in determining the maximum LOC allowed in a tenant, with a limit of 9.5 million LOC in Q3.
Concurrent scan capacity enhancement
The concurrent scan capacity has been expanded to enhance performance and efficiency. The following updates have been implemented:
Max Concurrent scans on Checkmarx One per tenant: The system can now handle up to 1000 concurrent scans simultaneously, ensuring smooth operation without failures or significant latency in scan time. This capacity allocation is distributed:
50% of scans include SAST (Static Application Security Testing).
30% of scans include SCA (Software Composition Analysis).
30% of scans include IaC (Infrastructure as Code).
20% of scans include API Sec (API Security).
Scan throughput on Checkmarx One per tenant: The system can now process up to 10 new scan requests per minute, enabling faster initiation of scans and improved overall throughput.
Scan latency: The maximum waiting time for a scan in the queue has been optimized to 10 seconds, minimizing any potential delays and ensuring timely scan execution.
Support to Bitbucket Single Tenant in Code Repository integration
Code Repository integration now supports Bitbucket Single Tenant.
CLI and Plugins Release of June 2023
Version 2.0.50
Status | Item | Description |
|---|---|---|
FIXED | Manual limit | Fixed issue that the default limit no longer overrides the specified value when limit is set manually. |
Version 2.0.49
Status | Item | Description |
|---|---|---|
NEW | Remediation | Added ”AI Guided Remediation”, which harnesses the power of AI to help you to understand the vulnerabilities in your code, and resolve them quickly and easily. For more info, see chat,chat TipWhen sending source code to GPT, we protect your sensitive data by anonymizing all passwords and secrets before the content is sent. The query used to identify sensitive data can be seen here. TipCurrently supported only for IaC Security vulnerabilities. |
UPDATED | Project list | Increased the default limit for projects returned using the |
NEW | SBOM | Enabled SBOM reports for all tenant accounts. |
Version 2.0.48
Status | Item | Description |
|---|---|---|
NEW | SBOM | Added the ability to generate SBOM reports. SBOMs can be generated using CycloneDX or SPDX format. SPDX reports are output in JSON format, and CycloneDX can be output as JSON or xml. This can be done using the TipThis is a BETA feature. It is not yet supported for all tenant environments. |
FIXED | HTML summary | Fixed issue related to HTML summary output. |
CI/CD Plugins
In June we released the following CI/CD plugin versions.
Azure DevOps - 2.0.23 (uses CLI v2.0.50)
GitHub Actions Plugin - 2.0.19 (uses CLI v2.0.50)
Jenkins Plugin - 2.0.11-450.v39e936fcb_0c0 (uses CLI v2.0.48)
Improvements and Bug Fixes
Status | Item | Platform | Description |
|---|---|---|---|
NEW | Proxy environment variables | GitHub Actions, Azure DevOps | We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable. NoticeWe still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications. |
NEW | SBOM | Azure DevOps, GitHub Actions | Added the ability to generate SBOM reports. SBOMs can be generated using CycloneDX or SPDX format. SPDX reports are output in JSON format, and CycloneDX can be output as JSON or xml. This can be done using the |
NEW | Exploitable Path | Jenkins | We added the |
UPDATED | reports | Jenkins |
|
UPDATED | Project list | Azure DevOps, GitHub Actions | Increased the default limit for projects returned using the |
Plugin | Marketplace | Code Repository | Documentation | Changelog |
|---|---|---|---|---|
Azure DevOps | https://marketplace.visualstudio.com/items?itemName=checkmarx.checkmarx-ast-azure-plugin | |||
GitHub Action | https://github.com/marketplace/actions/checkmarx-ast-github-action | |||
TeamCity | https://github.com/CheckmarxDev/checkmarx-ast-teamcity-plugin | |||
Jenkins |
IDE Plugins
In June we released the following IDE plugin version:
Visual Studio Extension - 2.0.15 (uses CLI v2.0.48)
Improvements and Bug Fixes
Status | Item | Platform | Description |
|---|---|---|---|
NEW | Run scan from IDE | Visual Studio | You can now initiate scans directly from your Visual Studio IDE (in addition to existing support for this feature in VS Code and JetBrains). This empowers developers to identify vulnerabilities and remediate them as they code. You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace. A sanity check is run to verify that the project and branch in your workspace match the project and branch that were scanned for this project. If a mismatch is detected, then a warning message is shown. TipThis feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings. |
IDE Plugin Quick Links
Get Latest Version from Marketplace | Changelog | Documentation |
|---|---|---|
Checkmarx SCA
Notice
This section relates only to SCA releases that are relevant to users who consume SCA through the Checkmarx One platform. Release notes for the SCA standalone platform are available here.
Improvements and Bug Fixes
Status | Item | Description |
|---|---|---|
UPDATE | Exploitable Path | We added support for scanning cshtml files using the the Exploitable Path queries. |
SCA Resolver Releases
We released the following new version of SCA Resolver:
Notice
The complete changelog, and links to download SCA Resolver are available here.
Version 2.2.5
For Nuget, improved detection of package versions used by the framework at runtime.
For Bower, Improved dependency resolution.