Releases of March 2022

Release of March 24

NEW

To avoid possible confusion and naming mismatch, the editing of project names for imported projects is now disallowed.

NEW

Auto scan is now enabled by default.

NEW

The SCM Import Cancel button in the User Interface works now.

NEW

Added the option in CLI to add the contributors name and changed user-count to contributor-count.

NEW

If the project does not exist in Checkmarx One, a new scan will not be initiated and the respective Webhook and repository will be removed.

NEW

Selected options can be now saved as part of project/workspace for Visual Studio.

NEW

Added an option in IDE to filter by Vulnerability type.

NEW

Added the State filter to the results in CLI.

NEW

Added the command ADO SCM to user-count in CLI.

NEW

Added the command Bitbucket SCM to user-count in CLI.

NEW

CLI now displays the SCM user contributor count for the last 90 days.

NEW

Best Fix Location is now retrieved via CLI and highlighted within the IDE for Eclipse.

NEW

The Codebashing link has been added for Eclipse.

Release of March 10

NEW

Newly added user credentials for accessing a Jira server are now validated by a connection test.

NEW

The results displayed in IDE can now be grouped by vulnerability type.

NEW

Not exploitable and tentatively not exploitable findings are now deselected by default in the IDE filters. In addition, the option name has changed from Filtered by to Filter.

NEW

A new scan create parameter has been added to handle all SCA resolver parameters. The following example illustrates its usage:

--sca-resolver-params "—scan-containers"

NEW

This version introduces the ability to audit logs for all tenant actions through API.

NEW

The VS Code integration now allows handling BFLs (Best Fix Locations).

NEW

In the VS Code and JetBrains integrations, the location on the attack vector is now highlighted and displays the best place to fix an issue.

NEW

A scan consisting of multiple scanners can now be completed even if one of the scanners has failed. The scan will be considered a partial scan.

NEW

To allow developers to triage findings within the IDE without having to log into Checkmarx One, the ability to pull information on the current state of a vulnerability and change its status has been added to Eclipse.

NEW

Only new or fixed vulnerabilities are now displayed in PR.

NEW

The SCM import process has been optimized to require the minimum amount of user privileges and roles.

Release of March 24

FIXED

Fixed an issue in Checkmarx One Feedback Apps Vulnerabilities Filters due to which State and Categories were not working as expected.

FIXED

When deleting a project from Checkmarx One, all types of failures in any step related to integrations from all SCMs are now ignored.

Release of March 10

FIXED

Fixed an issue that caused an error when validating a GitHub token.