- Checkmarx Documentation
- Checkmarx One
- Release Notes
- Version 3.5
Version 3.5
Multi-Tenant release date: January 21, 2024
New features and enhancements
SAST engine upgrade
The SAST engine in Checkmarx One has been upgraded to version 9.6.2. For complete Release Notes, click here.
Fast Scan for SAST scanner
The new SAST engine aims to find the perfect balance between thorough security tests and the need for quick and actionable results. There’s no need to choose between speed and security. Alongside the Base Preset, we are thrilled to announce a new scan mode designed to speed up the scan: Fast Scan mode.
Fast Scan mode decreases the scanning time of projects by up to 90%, making it faster to identify relevant vulnerabilities and enable continuous deployment while ensuring that security standards are followed. This will help developers tackle the most relevant vulnerabilities.
Warning
To expedite the results retrieval, the scanning process has been optimized to reduce the number of stages and flows involved in the scan. With this enhancement, the queries related to Fusion are not executed and results will not be generated when using the new mode.
You may also notice impact on the API Security scanner results.
For more information on Fast Scan, refer to this page. To learn how to configure Fast Scan in Checkmarx One, see here.
SCA risks recalculation
We've introduced a new feature that allows you to recalculate SCA risks without resubmitting your source code for scanning.
Checkmarx One leverages the dependencies identified in the previous scan of the project and re-assesses the risks affecting your project based on the current data (e.g., new vulnerabilities identified in the package, new Policies applied to the project, changes in risk states, etc.).
To trigger a scan recalculation, click the Recalculate button on the SCA results screen for the relevant project. Results from scan recalculation are shown as a separate scan.
Version field in Jira Feedback App
The Jira Feedback App now includes a custom field displaying the schema type version on Jira tickets.
Tabular data export in CSV format
Tabular data can now be exported in the form of CSV files. This functionality is accessible in the Projects list, Scans list, and Applications list.
Group sorting in Code Repository integration
With the latest update to the Code Repository Integration, groups in the integrated repositories are now sorted automatically, providing users with a structured and easily accessible view. The Search functionality allows users to quickly find the required group.
Automatic creation of pull requests
The manual steps in Checkmarx One for applying suggested vulnerability fixes have been automated by implementing automatic creation of pull requests. Automatic pull requests are applicable only for projects imported via the Code Repository Import process, using API tokens.
Resolved issues
IDE Plugin displaying only the first 10K Informational results.
The number of vulnerabilities on the Checkmarx One projects page (and others) for SCA does not align with the number of vulnerabilities found or match the reports.
Encountering a
500 - Internal server errorwhen clicking on a project from one application.CLI plugin failure with the error
panic: runtime error: slice bounds out of range [1:0]when attempting to create a SARIF report.In certain cases CSV report generation could fail.
Synchronization problem between the scan and SBOM.
Incorrect query severity persists after saving it.
Inability to edit query severity after creating or overriding a query per tenant.
CLI and Plugins Releases of January 2024
CLI Version 2.0.65
Status | Item | Description |
|---|---|---|
NEW | AI Guided Remediation for SAST | We added AI Guided Remediation for SAST vulnerabilities. Use the WarningThe command for AI Guided Remediation for IaC Security vulnerabilities has changed from WarningThis feature needs to be enabled for your organization's account by a Checkmarx admin user. |
UPDATED | Added supported file type | Added file extension *.cmp to the list of included files (when creating the zip archive for scanning). |
CLI Version 2.0.64
Status | Item | Description |
|---|---|---|
UPDATED | Contributor count | Added the |
FIXED | Groups | Fixed issue that submitting |
FIXED | Sarif report | Fixed issue that sarif reports had been failing when no vulnerabilities were identified. |
CI/CD Plugins
In December we released the following CI/CD plugin versions.
Improvements and Bug Fixes
Status | Item | Platform | Description |
|---|---|---|---|
FIXED | Groups | Azure DevOps, TeamCity, GitHub Action | Fixed issue that submitting |
FIXED | Sarif reports | Azure DevOps, TeamCity, GitHub Action | Fixed issue that sarif reports had been failing when no vulnerabilities were identified. |
Plugin | Marketplace | Code Repository | Documentation | Changelog |
|---|---|---|---|---|
Azure DevOps | https://marketplace.visualstudio.com/items?itemName=checkmarx.checkmarx-ast-azure-plugin | |||
GitHub Action | https://github.com/marketplace/actions/checkmarx-ast-github-action | |||
TeamCity | https://github.com/CheckmarxDev/checkmarx-ast-teamcity-plugin | |||
Jenkins |
IDE Plugins
In January we released the following IDE plugin version:
Visual Studio Extension - 2.0.18 (uses CLI v2.0.64)
Improvements and Bug Fixes
Status | Item | Platform | Description |
|---|---|---|---|
FIXED | KICS Auto Scanning | Visual Studio | Fixed issue that KICS Auto Scanning had been running even when the feature was disabled. |
FIXED | Libraries update | Visual Studio | Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability. |
IDE Plugin Quick Links
Get Latest Version from Marketplace | Changelog | Documentation |
|---|---|---|