The New Delivery Model for Checkmarx SAST

Checkmarx SAST 9.4 will be the cornerstone for a new delivery model for Checkmarx SAST. In this new delivery model, we will release a new Engine Pack every two months rather than releasing a full Checkmarx SAST release. With the new Engine Packs you will receive the following:

  • Updates on Languages and Frameworks

  • Queries (like Content Packs today)

  • Core engine changes

An Engine Pack is a minor-minor release and will be tagged 9.4.x, for example 9.4.1, 9.4.2, or 9.4.3.

Notice

An Engine Pack only updates the above. The application, portal and manager are not updated at all when installing a new Engine Pack. However, the Engine Pack must also be installed on the CxManager host to update the SQL database.

  • The Windows package includes

    • An installer that includes only the engine changes, such as changes to the engine service and to the agent.

    • A queries updater that is similar to the Content Pack updating mechanism, without the configuration section.

  • The Linux package includes a new Docker image.

Important Notes

  • Engine Packs are cumulative

  • The upgrade path is only through Checkmarx SAST 9.4 and up

  • Engine Packs can be rolled back to the previous Engine Pack release

  • Engine configurations will be merged to new Engine Pack installation

  • In distributed environments, besides installing the Engine Packs on the CxEngine or CxAudit host, the Engine Packs must also be installed on the CxManager host to update the SQL database. For details, see

    Running the Engine Pack Installation on a CxManager Host.

For information on how to install an Engine Pack, refer to Installing CxSAST Engine Packs.

For information about a particular Engine Pack, refer to one of the following pages.