Version 3.1

Multi-Tenant release date: November 19, 2023

New features and enhancements

Support of fork scans

Checkmarx One now seamlessly supports fork scans, which are automatically initiated when a user merges their branch from the user repository into the original repository.

New API for migration to SCM

We have created a REST API to facilitate the migration of Checkmarx projects to SCM repositories. See API Documentation

SCA Updates

Improvements and bug fixes

Global Inventory Access Management

Access management is now applied to the SCA Global Inventory. When viewing the SCA Global Inventory screen, users will now see only packages and risks that were identified in Checkmarx One projects that they have permission to access.

Note

As with all entities in Checkmarx One, this only applies to users with group-related permissions such as view-projects-if-in-group. However, users with account level permission such as ast-viewer still have access to all projects in the account.

Persistent Filters

The filters applied to the Global Inventory page are now persistent, so that when you drill-down to see details for a package or a risk and then click the back button the filters on the Global Inventory page will remain in place.

Project Name

Fixed issue that changing project name in repo for a Checkmarx One project had caused errors for the SCA scanner.

SCA Resolver Releases

We released the following new versions of SCA Resolver:

Notice

The complete changelog, and links to download SCA Resolver are available here.

Version 2.5.13

Fixed issue that the MacOS artifact hadn't been published in prior versions (2.4.8, 2.5.2 and 2.5.11).

Version 2.5.11

We now only create a reports folder when the user actually generates a report.
Fixed the fingerprint calculation for JavaScript files.
For container scans, updated ImageResolver to version 3.0.31, which includes the following updates:
- We now scan yaml files, enabling detection of images inside docker-compose files and helm charts. This dramatically increases our coverage for detecting container images.
  Tip
  If you prefer to exclude these files from a scan, you can do so using the command --excludes "*.yaml".
- Improved detection of Java and IOS package inside images.
- Enabled running container scans via Checkmarx One CLI.
  This is done by using SCA Resolver in the CLI command, and setting the Resolver params as follows:
  - --scan-containers
  - --containers-result-path <base_folder_path>/.cxsca-container-results.json
    Tip
    <base_folder_path> must be identical to the value given for -s.
    The precise file name .cxsca-container-results.json must be used.
  Learn more about running container scans here

Version 2.5.2

We now sanitize the parameters passed to the package managers. We also added a flag, --disable-parameter-sanitization (and a config parameter), in case you would like to disable this feature.
Added a flag, --logs-path, for passing the logs directory name in the CLI command (in addition to existing support for setting it in the config file).
For container scans, we added a flag, --containers-cache-path (and a config parameter), for setting the path to the directory where the container images cache is written.
For CocoaPods, fixed the error that caused the scan to fail when the lock file parse failed for a dependency.

CLI and Plugins Release of November 2023

CLI Version 2.0.63

Status	Item	Description
UPDATED	Summary HTML	Made the summary HTML report responsive in order to improve display on narrow screens.
FIXED	gl-sast report	Fixed problem with the link to view reports for the recently added `gl-sast` report format.
FIXED	resultjson	Fixed problem that resultsJson report was always showing total count as zero.

Status

Item

Description

UPDATED

Summary HTML

Made the summary HTML report responsive in order to improve display on narrow screens.

FIXED

gl-sast report

Fixed problem with the link to view reports for the recently added gl-sast report format.

FIXED

resultjson

Fixed problem that resultsJson report was always showing total count as zero.

CLI Version 2.0.62

General improvements and bug fixes

CLI Version 2.0.61

Status	Item	Description
NEW	GitLab pull requests	Added a new `utils` command, `pr gitlab`, to decorate GitLab pull requests with results from Checkmarx One scans. For more info, see pr gitlab.
NEW	SAST reports in GitLab	Added a new report format `gl-sast` for generating reports for the SAST scanner in GitLab. This can be submitted for`--report-format` in the `scan create` and `results show` commands.
FIXED	Results summary	Fixed issue that result filters weren't being applied properly to the results summary.

IDE Plugins

In November we released the following IDE plugin version:

Eclipse Plugin - 2.0.8 (uses CLI v2.0.61)

Improvements and Bug Fixes

Status	Item	Platform	Description
UPDATED	Zip archive files	Eclipse	Added `Podfile` and `Podfile.lock` to the list of included files (when creating the zip archive for scanning).
FIXED	Libraries update	Eclipse	Updated libraries in order to remediate security issues.
FIXED	CLI version	Eclipse	Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.

IDE Plugin Quick Links

Get Latest Version from Marketplace	Changelog	Documentation
Visual Studio Code - Marketplace	Visual Studio Code Plugin - Changelog	Checkmarx One Visual Studio Code Extension (Plugin)
Visual Studio - Marketplace	Visual Studio Plugin - Changelog	Checkmarx One Visual Studio Extension (Plugin)
JetBrains - Marketplace	JetBrains Plugin - Changelog	Checkmarx One JetBrains Plugin
Eclipse - Marketplace	Eclipse Plugin - Changelog	Checkmarx One Eclipse Plugin

In this section: