- Checkmarx Documentation
- Checkmarx SCA
- Checkmarx SCA Release Notes
- Checkmarx SCA Release Notes December 2023
Checkmarx SCA Release Notes December 2023
Notice
These release notes relate to the SCA standalone product. Users who consume SCA through Checkmarx One should refer to the Checkmarx One release notes to see which SCA features have been released in Checkmarx One.
Warning
We are in the process of rolling out a new comprehensive Management of Risks service which will replace the current service. The new APIs are documented in Checkmarx SCA (REST) API - Management of Risk. The current APIs IgnoreVulnerability
and UnignoreVulnerability
will be deprecated soon. For more info, feel free to contact your Technical Account Manager.
Warning
For the SCA JFro plugin, version 1.1.9 and below will stop working on Feb. 29. To continue using this plugin, make sure to upgrade to version 1.1.10 before that date.
For the SCA Nexus plugin, version 1.1.5 and below will stop working on Feb. 29. To continue using this plugin, make sure to upgrade to version 1.1.6 before that date.
Malicious Packages in Container Scans
We now identify malicious packages in container scans. This is done by checking the container packages against our proprietary database of know malicious packages.
Warning
We currently identify malicious packages only among non-OS related packages.
A new column was added to the Container Packages screen indicating whether or not the package is malicious. For unsupported package types, "Unknown" is shown in the "Malicious" column.
Also, for vulnerabilities associated with malicious packages, the Container Vulnerabilities screen shows "Malicious" as a "Risk Factor".
SCA Resolver Version 2.5.15
We released a new version of SCA Resolver with the following improvements:
For Gradle, the processing of wildcards on Gradle multi-module scans has been improved.
For Python, pip is no longer presented as a dependency for all Python projects.
Download the new version here.