Skip to main content

Checkmarx SCA Release Notes November 2021

We are excited to announce important improvements in our Checkmarx SCA web application. We have added a new Policy Management feature that enables creation of customized compliance policies. We also added support for GO Language, and made various other improvements.

Key improvements

Policy Management

We added a Policy management feature that enables you to apply customized security rules to the open source packages in your Projects. This makes it easy to identify Projects that are non-compliant with your self-defined security policies. Each Policy consists of a series of rules that define a custom compliance threshold.

The system comes with default Policies that are automatically applied to all Projects in your account. You can also create custom Policies, which you then assign to specific Projects or apply “Globally” to all Projects in your account. For more info about Policies, see Policy Management.

6414041232.bmp

Support for Go Language

We added support for Go language projects, using manifest filesgo.mod and go.sum.

Notice

Currently, Go is only supported when using Checkmarx SCA Resolver. For Checkmarx SCA Resolver installation procedures, see Go Support in Checkmarx SCA.

Checkmarx SCA Resolver Updates

We have released several new versions of Resolver with a wide range of improvements and bug fixes. The most recent release is 1.5.57.

The following are some highlights from the recent releases:

  • The Checkmarx SCA Resolver installation files are created using a new method that adds the necessary dependencies to the zip for execution.

  • Windows binaries are now signed by Checkmarx

  • Added ability to export an SBOM report (CycloneDx format)

For additional details, see Checkmarx SCA Resolver Changelog.

6412730924.bmp

Bug Fixes

Status

Item

Description

FIXED

License correlation

Removed mistaken correlation for EPL 1.0.

FIXED

Hide failed scans

Fixed issue that couldn’t hide failed scans when the most recent scan succeeded.