Skip to main content

Enterprise Updates

New Features and Enhancements

CxSAST (Application)

Scan metrics collection

CxSAST now saves scan meta data (including indicators of scan quality and results) allowing customers to measure KPIs, such as the quality, coverage, and performance of each scan.

For more information, refer to Configuring and Viewing Scan Metrics.

Identical scan handling

Customers with processes that automatically send similar or identical scans of a particular project to the scan queue, now have the option of preventing multiple scans of the same project. Once a scan project is in the queue, the additional scans of the same project will automatically be removed from the queue. The user has the option of specifying which one of the multiple scans will remain in the scan queue.

For more information, refer to Creating and Configuring a CxSAST Project.

User-defined scan data fields

When using APIs (REST/SOAP/OData), you can now enrich your scan data with your own customized data which will be displayed in your Dashboard and Reports. Using custom fields, you can add information such as Build IDs, Revision IDs, and Pull Request IDs, so you no longer have to rely just on timestamps to identify scans!

ELK log analysis

CxSAST logs, containing general system information, scan results, and scan processing data, can now be downloaded in the following formats:

  • Plain text

  • New JSON structured format

The JSON structured logs can be viewed and analyzed using ELK (Elastic Search, LogStash/Filebeat and Kibana) components. Kibana is one tool that allows users to review them. Note: The JSON logs are only available for some of the application logs related to the scan ID flow.

For more information, refer to Working with Logs.

Engine

New Improved Scan Flow configuration

The New Improved Scan Flow offers improved scan accuracy by reducing false positives and false negatives. It also improves scan performance in terms of scan time and memory consumption. Among the benefits is increased Engine supportability and maintainability. In the new flow, flow calculations are only performed during the queries phase if and only if they are needed, resulting in the improved performance.

For more information, refer to Configuring CxSAST Scan Flow Processes.

Upgrade to .NET Core 3.1

The following components are upgraded to .NET Core 3.1:

  • Access Control

  • Remediation Intelligence (RI) Service

  • CxEngine Service

  • Windows Engines

  • Scan Results Service

Secret Key detection with TruffleHog queries

You can now generate reports about secret key vulnerabilities detected in scanned projects. Using CxQL (Checkmarx Query Language) to emulate TruffleHog queries, Regex and High Shannon Entropy queries are performed on scan projects. Currently implemented for Java.

Configurable Default Sources Path

The default sources path was changed to “%temp” and can be modified using an environment variable. For more information please refer to Configuring the Default Sources Path.

Parameter Configuration Interface

The Access Control and CxEngine parameters that are currently being used are available for viewing and editing via Environment Properties under Windows Properties. This approach provides an interface for reconfiguring Access Control and CxEngine parameters at a later stage for users who wish to do so. For detailed information, see CxSAST Environment Variables.

Prometheus Basic Support

This release supports monitoring the status of SAST services running on each machine.

Languages & Frameworks

Apex

The Apex language and its frameworks, VisualForce Framework, Lightning Framework, and Lightning Component Framework have been redesigned using the latest engine technologies and bringing them in line with all other supported frameworks.

  • Apex Language:

    • This version introduces new and updated support on the latest versions of Apex

  • VisualForce, Lighting and Lighting Web Components Framework

    • This version introduces new and updated support on the latest versions of the frameworks

JavaScript

The Angular for JavaScript has been updated to keep up with the major release that spans the entire platform, including the Angular Material framework and the CLI.

  • Angular Framework

    • This version introduces new and updated support on the latest versions of Angular framework of JavaScript support.

TypeScript

The TypeScript has been improved to include more features released in the past versions, allowing us to improve our overall support.

  • TypeScript Language

    • This version introduces new and updated support on the latest versions of TypeScript.

Java

The Java and JSP framework has been improved to include more features released in the past versions, allowing us to improve our overall support.

  • Java Language

    • This version introduces new and updated support on the latest versions of Java.

  • JSP Framework

    • This version introduces new and updated support on the latest versions of JSP Java framework support.

.NET Core

The .Net Core has been improved to include more features released in the past versions, allowing us to improve our overall support.

  • .Net Core Language

    • This version introduces new and updated support on the latest versions of .Net Core for C#

Kotlin

The Kotlin support has been improved to include more features released in the past versions, allowing us to improve our overall support.

  • Kotlin Language

    • This version introduces new and updated support on the latest versions of Kotlin.

  • Spring Framework

    • This version introduces new and updated support on the latest versions of Spring Kotlin framework support.

C++

The C++ support was improved to include improved support in makefile and macros.

  • Provide a way to inspect and extract macros and include paths information from build files present in the project being scanned.

OWASP API Security Top 10: C#

Queries targeting API-related vulnerabilities were developed to reduce the number of false negative results in API projects while maintaining the level of accuracy of the queries.

OOTB Accuracy Content Pack:

Included right out of the box in the main version: JavaScript, Java, C#

Default Preset Optimizations

The Checkmarx Default preset has been optimized for improved accuracy.

Vulnerability Queries

There are new and updated vulnerability descriptions, queries, and queries according to presets for this version.

Access Control

Bulk user operations

Several new bulk user management operations are now available, such as modifying, enabling, and disabling user/roles, and deleting users.

UI improvements

Improvements in the UI, such as defining and sorting Roles and Teams.

CxEnterprise Web Portal Interface - M&O

The Apache Tomcat server version has been upgraded to 8.5.64.