Releases of July 2023

IaC is now integrated with ChatGPT, providing developers with natural language processing capabilities directly within the VS Code editor. This allows developers to analyze and understand code, get fix suggestions, and more.

The AI Guided Remediation feature is implemented as part of the Checkmarx VS Code extension. Users can access ChatGPT directly from the IDE to ask questions about code explanations, debugging, and fixing code errors. The feature is available for both the IaC Security results in Checkmarx One and for KICS Realtime scanning results.

For more information see AI Security Champion.

We have enhanced our Eclipse integration by adding support for scanning directly within the IDE. By running scans within Eclipse, developers can identify vulnerabilities at an early stage and mitigate the risk of security breaches.

Our Eclipse plugin now supports both Eclipse 2022 and 2019, ensuring compatibility across different versions of the IDE.

Furthermore, our Eclipse plugin encompasses all sub-features related to scans, providing comprehensive support for various types of security testing.

This release introduces a new feature that allows users to display Policy Management results via the command-line interface (CLI). With this enhancement, users can now receive immediate feedback on whether their scan violated the project policy.

The scan create method has been enhanced to include validation for policy violations. When initiating a scan, the system automatically checks if any policies have been violated.

After the scan is completed, the system invokes the Policy API and retrieves the status value. The status value can have the following states:

To provide users with real-time updates on the scan's evaluation status, the system will continuously poll the status value until it reaches either Completed or None. This ensures that users can stay informed about the progress of their scan and promptly address any policy violations identified.

The SAST scanner in Checkmarx One has been upgraded to version 9.5.5. This upgrade brings a range of improvements and enhancements to the scanner, providing a better experience and increased performance.

To maintain a robust security posture, Checkmarx One now enforces the mandatory rotation of passwords for service accounts. This applies specifically to the OAuth Client ID and Secret used as a service account. The frequency of password rotation for all client secrets, including the existing ones, has been set to 100 days, but can be customized based on user preferences and settings.

This feature is especially useful in scenarios where developers have left the organization, but their secret ID, defined in the pipeline, remains active. By periodically rotating the service account password, we can mitigate the risk of unauthorized access and ensure that only authorized individuals can perform actions like Checkmarx One scanning.

To keep users informed and prompt them to take action, we have implemented an email notification system. When it's time to replace the secret service account, an email will be sent to the user, providing a clear notification and instructions on how to update the service account's credentials.

SAST Remediation Advice is now available in the Eclipse IDE. This enables developers to receive actionable guidance on addressing security vulnerabilities directly within their Eclipse environment.

SAST Remediation Advice provides comprehensive information on identified vulnerabilities, along with specific recommendations on how to remediate them and with practical code samples to implement secure coding practices.

This release features an update to the user creation form and the OAuth Client creation form, introducing a new field called Other. This new field serves as a space where any additional information or details about the user can be provided.

The version of IAM is now prominently displayed in the user interface (UI) and is also accessible through the API. This information provides transparency and helps users stay informed about the specific IAM version they are using.

With the latest enhancement to Checkmarx One plugins, both for CI/CD integration and command-line interface (CLI), all policy violations detected during scans are now displayed. This ensures that no violations go unnoticed, enabling users to take immediate action to address them.

This version introduces a new service called analytics-datastore developed as an interface for storing and retrieving data from our new analytics storage in PostgreSQL.

IaC customers who hold both an IaC license and an API Security license, API-related risks will be shown in the API Security Result Viewer. It takes API Security assessment to the next level by providing in-depth details for each identified risk, including their association with specific endpoints.

Customers who hold only an IaC license will see a comprehensive overview of potential security gaps related to API endpoints in the IaC scan results. While the level of detail provided may be more generalized in this case, it still delivers valuable information that enhances the overall security posture.

To improve the risk assessment process, we have enabled users to change the state management of each API Documentation risk identified by API security in the scan results table. With this enhancement, users can determine the priority and address any false positives or other issues based on their domain knowledge and contextual understanding.

A similar feature has been implemented for risk severity management. Users now have the ability to modify the severity level of each identified risk in the API Documentation, based on their understanding of the potential impact and likelihood.

The capability to manage the severity of each API Documentation risk has been extended to the Global risks section. With this enhancement users can customize and adjust the severity level of individual risks in the Global risks view.