Skip to main content

Version 3.10

Multi-Tenant release date: April 1, 2024

New features and enhancements

Improved Scan Report

Improved scan report including new and enhanced KPIs for SAST, IaC and SCA scanners is now available.

  • To generate the improved report in the UI, enable the Generate improved scan report toggle in the Generate Report wizard (see more)

  • To trigger the report from the API, set the reportName parameter to improved-scan-report.

SAST enhancements

The SAST engine in Checkmarx One has been updated to version 9.6.4.

IaC enhancements

IaC v1.7.13 has been released with the following new features:

  • Parallel scanning

  • CWE information added to the common and dockerfile queries

  • New queries:

    • Cloudformation

      • DynamoDB Table Not Encrypted

      • ECS Cluster with Container Insights Disabled

      • API Gateway Access Logging Disabled

    • Docker compose

      • Shared Volumes Between Containers

    • Crossplane

      • ECS Cluster with Container Insights Disabled

    • Pulumi

      • ECS Cluster with Container Insights Disabled

    • NifCloud

      • Computing Has Public Ingress Security Group Rule

      • Computing Undefined Security Group To Instance

      • Computing Undefined Description To Security Group

      • RDB Has Backup Retention Less Than 2 Day

      • RDB Has Public DB Access

      • RDB Has Common Private Network

      • RDB Undefined Description To DB Security Group

      • Nifcloud RDB Has Public DB Ingress Security Group Rule

      • DNS Has Verified Record

      • ELB Has Common Private Network

      • ELB Listener Use HTTP Protocol

      • ELB Use HTTP Protocol

      • LB Listener Use HTTP Port

      • LB Use HTTP Port

      • LB Use Insecure TLS Policy ID

      • LB Use Insecure TLS Policy Name

      • NAS Has Common Private Network

      • NAS Undefined Description To NAS Security Group

      • NAS Has Public Ingress NAS Security Group Rule

      • Router Has Common Private Network

      • Router Undefined Security Group To Router

      • Vpn Gateway Undefined Security Group To Vpn Gateway

Resolved issues

  • Feedback app errors with Jira get priority REST API.

  • Decorating pull request for plugin azure failed with exception.

  • SSH scan failing because it is not detecting Tenant key.

  • 500 Internal Server Error when trying to open risk in scan results.

  • 500 Internal Server Error when trying to open risk in scan results.

  • Policy management did not allow policies with empty rules on evaluation.

  • Analytics - slowness to appear data from vulnerabilities.

  • Scan hangs when using config as code (/.checkmarx/config.yml).

  • Failed to install Checkmarx One Eclipse plugin version 2.0.8 on IDE version 12-2023.

  • Jenkins release documentation has incorrect version.

  • Eclipse plugin update incorrect vulnerability.

  • Language Mode is not behaving as the supposed default value multi.

  • The API Audit Trail brings an incorrect URL.

  • Download reports screen is saying that we don't have permissions to download project report.

  • Screen of a Supply Chain is grayed out like it was ignored.

  • All packages show "Unspecified License" in Global Inventory and Risks page.

  • Checkmarx One MT: Unable to download any SBOM report.

  • Deleting a query works but throws the HTTP error 502.

  • Fixed an issue that was making IaC Security Query Editor not giving proper feedback to the user during when trying to save or run a invalid rego query.

  • Customer JS scan is not working well.

  • Scan failed due to maximum message size between KICS-runner and repository store.

SCA Resolver Version 2.7.2 (Apr 18, 2024)

  • Added support for extracting .gz archives that contain .tar folder using the --extract-archives flag.

Download the new version here.

CLI and Plugins Release of April 2024

CLI Version 2.0.74

(There were no updates in version 2.0.73)

Status

Item

Description

UPDATED

Improved PDF report format

Improved the content and graphic presentation of the PDF scan report (generated using results show or scan create commands with --report-format pdf). Learn about the improved scan report here.

CLI Version 2.0.72

Status

Item

Description

NEW

Fast scan mode

Added a new flag, --sast-fast-scan, for running SAST scans in fast scan mode.

FIXED

About this vulnerability

Fixed issue with "About this vulnerability" links

FIXED

Log generation

Fixed problem generating logs using the scan logs command.

FIXED

Package managers

Added missing package managers for sca-realtime scans.

FIXED

Azure DevOps

Fixed issue that contributor-count was failing for Azure DevOps when a repo was disabled.

CLI Version 2.0.71

Status

Item

Description

NEW

Application name

Added a new flag --application-name to the scan create and project create commands. This enables users to assign the project to a specific application.

Tip

This is only effective when creating a new project and assigning it to an existing application.

NEW

Included files

Added Directory.Packages.props to the list of included files (when creating the zip archive for scanning).

CLI Version 2.0.70

Status

Item

Description

UPDATED

General

General improvements and bug fixes.

CI/CD Plugins

In April we released the following CI/CD plugin versions.

Improvements and Bug Fixes

Status

Item

Platform

Description

NEW

Fast scan mode

Azure DevOps, GitHub Actions, Jenkins

Added a new flag, --sast-fast-scan to the Additional Parameters, for running SAST scans in fast scan mode.

NEW

Application name

Azure DevOps, GitHub Actions, Jenkins

Added a new flag --application-name to the Additional Parameters, which enables users to assign the project to a specific application.

Notice

This is only effective when creating a new project and assigning it to an existing application.

NEW

Included files

Azure DevOps, GitHub Actions, Jenkins

Added Directory.Packages.props to the list of included files (when creating the zip archive for scanning).

NEW

Policy violations

GitHub Actions

Added policy violations to PR/MR decorations.

UPDATED

Improved PD report

GitHub Actions

Improved the content and graphic presentation of the PDF scan report generated using --report-format pdf in the additional_params. Learn about the improved scan report here.

IDE Plugins

In April we released the following IDE plugin version:

  • Eclipse - 2.0.9 (uses CLI v2.0.61)

  • VS Code - 2.9.0 (uses CLI v2.0.72)

Improvements and Bug Fixes

Status

Item

Platform

Description

UPDATED

AI Security Champion

VS Code

Changed the name of the AI Guided Remediation feature to AI Security Champion.

UPDATED

Codebashing links

VS Code

Moved the Codebashing links into the Description tab.

UPDATED

Scan date display

VS Code

Improved display of scan date in the Checkmarx One Results panel.

FIXED

Install

Eclipse

Fixed problem installing the plugin on newer versions of Eclipse.

FIXED

Vulnerability state

Eclipse

Fixed issue that changes made to vulnerability state weren't being shown on the correct vulnerabilities.

FIXED

Problem fix

VS Code

Fixed a problem that was introduced in the previous release.

FIXED

Remediated vulnerabilities

VS Code

Remediated vulnerabilities that we identified in our project.

FIXED

CLI version

VS Code

Uses new CLI version in which vulnerabilities affecting that project have been remediated.

FIXED

AI Security Champion

VS Code

In the AI Security Champion tab, we improved the formatting of the response, and fixed the description of the "Confidence" score to accurately explain the likelihood of the vulnerability being exploited.

IDE Plugin Quick Links

Get Latest Version from Marketplace

Changelog

Documentation

Visual Studio Code - Marketplace

Visual Studio Code Plugin - Changelog

Checkmarx One Visual Studio Code Extension (Plugin)

Visual Studio - Marketplace

Visual Studio Plugin - Changelog

Checkmarx One Visual Studio Extension (Plugin)

JetBrains - Marketplace

JetBrains Plugin - Changelog

Checkmarx One JetBrains Plugin

Eclipse - Marketplace

Eclipse Plugin - Changelog

Checkmarx One Eclipse Plugin

In this section: