- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Version 2.94
Version 2.94
Multi-Tenant release date: September 27, 2023
New features and enhancements
Code Repository integration enhancement
The integration with the Code Repository now allows a user to initiate a new integration project scan and designate the project with a private package, adding an extra layer of security and privacy to the project.
Pagination in GitHub
A pagination feature is now applicable to both GitHub Cloud and GitHub self-hosted instances, enabling users to better navigate through their organization listings. There is no longer any limitation on the number of organizations, and a search bar is available to help you locate a specific organization.
Ability to manually create branches during ZIP upload
Checkmarx One now allows you to manually create a branch within a project when uploading a ZIP file for scanning.
This addition provides the ability to identify which branch was scanned in the project history as well as differentiate and manage changes between the same ZIP uploads. This facilitates the development of bug fixes, the addition of new features, and the integration of new versions after thorough testing in an isolated environment.
Access Management Updates
API Key and OAuth Client Expiration Management
A tenant admin user can now configure settings that effect the expiration time for API Keys and OAuth Clients created in the tenant account. The settings are available on the General Settings screen of the Identity and Access management platform.
The admin can set the default expiration time for API Keys and OAuth Clients as any value between 30 to 365 days. In addition, the admin can activate enforcement of the specified expiration period, so that users won't be able to adjust the expiration time when they create a new API Key or OAuth Client.
IaC Updates
We have implemented a significant change in our Access Management system. Now, you are able to assign entities (Users and Groups) directly to resources (Tenant, Application, Project, and all associated elements like scans and results).
This update renders obsolete the previous access restrictions based on Groups assigned to Projects.
This version introduces three new Ansible queries to cover the following scenarios:
Identify hosts within your Ansible inventory that are accessible from the internet.
Check if your Ansible configuration settings permit unsafe lookups.
Identify Ansible playbooks or tasks that use HTTP for communication.
Starting with this release, IaC Security is able to run queries against GitHub workflows.
DAST Updates
A new feature enables users to search the environment table by the environment ID. A new column was added in order to filter by the environment ID.
Users are now able to incorporate scripting into their DAST scans. This allows them to customize attacks and login methods, providing greater flexibility and precision in securing their applications.
SCA Updates
SCA Results Viewer
The SCA results viewer is now fully integrated with the Checkmarx One platform. When you open the SCA Results page for a project, the Checkmarx One navigation pane remains visible on the left side of the screen and a back button is shown at the left side of the header bar. This makes it easy to navigate between SCA Results and other Checkmarx One elements.
Container Scanning
We have improved the process for identifying packages and vulnerabilities in containers, when running SCA scans in the cloud (this had previously been supported only when using SCA Resolver). We now use Syft to scan the image created by the container, yielding up to 4 times the number of results, while significantly decreasing scan time.
SCA Resolver Version 2.4.5
We released a new version of SCA Resolver with the following improvements:
Improved parsing support for CLI custom arguments.
Download the new version here.
CLI and Plugins Release of September 2023
CLI Version 2.0.57
Status | Item | Description |
|---|---|---|
FIXED | Async scans | Fixed issue with async scans. |
CLI Version 2.0.56
Status | Item | Description |
|---|---|---|
UPDATE | GO version | Updated code to GO version 1.21.1 in order to remediate a vulnerability. |
UPDATE | Unlimited results | We now return an unlimited number of results in the results summary (had been limited to 10k). |
FIXED | Contributor count | Fixed issue regarding incomplete contributor count results for BitBucket, Azure DevOps, GitHub and GitLab. This was accomplished using retires and timeout flags to overcome rate limits. We also added pagination for Azure DevOps. |
CLI Version 2.0.55
Status | Item | Description |
|---|---|---|
NEW | Ignore proxy | Added global flag |
FIXED | Policy Violation header | Fixed issue that contributors count for Azure DevOps hadn't been returning complete results. |
CI/CD Plugins
In September we released the following CI/CD plugin versions.
Azure DevOps - 2.0.26 (uses CLI v2.0.57)
Improvements and Bug Fixes
Status | Item | Platform | Description |
|---|---|---|---|
NEW | Ignore Proxies | Azure DevOps | Added an environment variable, "CX_IGNORE_PROXY", for ignoring proxies. Mark the variable as true to ensure that all Checkmarx One CLI commands run directly from the local machine. |
UPDATE | Included files | Azure DevOps | Added |
UPDATE | CLI version | Azure DevOps | Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability. |
Plugin | Marketplace | Code Repository | Documentation | Changelog |
|---|---|---|---|---|
Azure DevOps | https://marketplace.visualstudio.com/items?itemName=checkmarx.checkmarx-ast-azure-plugin | |||
GitHub Action | https://github.com/marketplace/actions/checkmarx-ast-github-action | |||
TeamCity | https://github.com/CheckmarxDev/checkmarx-ast-teamcity-plugin | |||
Jenkins |