Releases of January 2022
Release of January 24 2022 (v36)
Status | Description |
|---|---|
NEW | The Feedback app functionality is now supported not only through a Webhook, but also through manual scans. |
Release of January 13, 2022 (v36)
New features and improvements
Status | Description |
|---|---|
NEW | In Checkmarx One integrations, the user is now set as the initiator and events are filtered by scan origin. |
NEW | In SCM import parameters, the organization name is now displayed separately from the username for better clarity. |
NEW | The Import wizard now allows filtering out the archived GitHub repositories. |
NEW | To make GitLab scan status comments more actionable, they will now contain links instead of plain text. |
Resolved issues
Status | Description |
|---|---|
FIXED | Resolved an issue that caused the failure of manual scans on old SCM projects with missing branches. |
Release of January 6 2022 (v35)
Status | Item | Description |
|---|---|---|
NEW | Plugins | Eclipse plugin enhancements:
|
NEW | Plugins | VS Code plugin enhancements:
|
NEW | Feedback Apps | This version introduces a new Feedback App that notifies Developers and AppSec engineers on Checkmarx findings via Slack. |
NEW | Feedback Apps | Another new Feedback App featured in this version provides automatic ticketing in GitHub Issues. With this Feedback App, GitHub issues are created, updated and closed after Checkmarx scan. |
NEW | KICS | KICS query descriptions now appear in the KICS results viewer. |
CLI and Plugins Release of January 26 2022
Released CLI Version 2.0.10
Key Improvements
Vulnerability Descriptions
The results output for SAST vulnerabilities now includes a brief description of the vulnerability.
Scan Timeout Flag
We added the --scan-timeout <int> flag to the scan create command, enabling users to specify a time limit after which the scan will fail and terminate. See documentation here.
New Report Type
We added an new type of report, SummaryJSON. This creates a JSON file with a summary of the vulnerabilities of each severity level.
Bug Fixes
Status | Item | Description |
|---|---|---|
FIXED | Config folder permissions | We fixed a problem with the permissions for accessing the configure command folder. |
CI/CD Plugins
New CI/CD Plugin Versions
In January we released the following CI/CD plugin versions. These plugin versions use CLI version 2.0.10.
TeamCity Plugin - Version 2.0.6 (Marketplace)
Github Action - Version v2.0.1 (Marketplace)
Azure DevOps Plugin - Version 2.0.1 (Marketplace)
Jenkins Plugin - Version 2.0.15
General Improvements
The following improvements apply to all of the CI/CD plugins.
Status | Item | Description |
|---|---|---|
NEW | Report type | You can now generate reports of a new type, |
NEW | Scan timeout | We added the |
UPDATE | Branding | Updated UI elements to reflect the new Checkmarx branding (e.g. logo). |
IDE Plugins
In January we released the following plugin versions. These plugin versions use CLI version 2.0.10.
Eclipse Plugin - Version 2.0.0
Visual Code - Version 0.0.9
JetBrains - Version 2.0.0
Key Improvements
Triaging Results
Checkmarx One tracks specific vulnerability instances throughout your SDLC. Each vulnerability instance has a ‘Predicate’ associated with it, which is comprised of the following attributes: ‘state’, ‘severity’ and ‘comments’. After reviewing the results of a scan, you have the ability to triage the results and modify these predicates accordingly. For more info about triaging results in Checkmarx One, see Managing (Triaging) Vulnerabilities.
For all IDE plugins, we now enable users to triage results directly from their IDE consoles. This makes it easy for developers to triage results and remediate the vulnerabilities all in one place.
General Improvements
The following improvements apply to all of the IDE plugins (unless specified otherwise).
Status | Item | Description |
|---|---|---|
NEW | SAST vulnerability descriptions | The IDEs now show a brief description for each SAST vulnerability in the results pane. |
NEW | Filter by state | For VS Code, there is now an option to filter the results tree by the state of the vulnerabilities. |
UPDATE | Branding | Updated UI elements to reflect the new Checkmarx branding (e.g. logo). |
UPDATE | UI improvements | General UI improvements in VS Code and JetBrains. |
CLI and Plugins Release of January 11, 2022
Released CLI Version 2.0.9
Key Improvements
Triaging Results
Checkmarx One tracks specific vulnerability instances throughout your SDLC. Each vulnerability instance has a ‘Predicate’ associated with it, which is comprised of the following attributes: ‘state’, ‘severity’ and ‘comments’. After reviewing the results of a scan, you have the ability to triage the results and modify these predicates accordingly. For more info about triaging results in Checkmarx One, see Managing (Triaging) Vulnerabilities.
We now provide a CLI command for triaging results. See full documentation here.
Fail Thresholds
The CLI now allows you to add a --threshold flag to a scan create command. This enables you to set thresholds that will cause the scan to fail. This can be used in a CI/CD workflow to break builds when excessive vulnerabilities are identified.
Thresholds are set separately for each type of scanner using the following format: <engine>-<severity>=<limit>
See full documentation here.
Threshold example:
./cx scan create --project-name DemoProject -s <Repository URL> --branch main --threshold sast-high=3;kics-high-1
Bug Fixes
Status | Item | Description |
|---|---|---|
FIXED | Sonar output | Fixed Sonar results output for a scan that contains only one SAST vulnerability. Removed SCA vulnerabilities from Sonar output. |
FIXED | Exit code | Return exit code 1 if “auth register” command fails. |
CI/CD Plugins
New Plugin
The new Checkmarx One Maven plugin enables you to interact with Checkmarx One directly from a Maven lifecycle phase. The plugin provides a wrapper around the Checkmarx One CLI Tool, enabling easy integration into Maven while using the full functionality and flexibility of the CLI tool. See documentation here.
Note
The plugin code can be found here.
New CI/CD Plugin Versions
In November we released the following plugin versions. All current plugin versions use CLI version 2.0.9.
TeamCity Plugin - Version 2.0.5 (Marketplace)
Github Action - Version v2.0.0 (Marketplace)
Azure DevOps Plugin - Version 2.0.1 (Marketplace)
Jenkins Plugin - Version 2.0.14
The following improvements apply to all of the CI/CD plugins.
Status | Item | Description |
|---|---|---|
NEW | Thresholds | Enables breaking builds by specifying a threshold for acceptable vulnerabilities. |
NEW | Sonar output | Enables exporting scan results directly to Sonar, enabling you to view the Checkmarx One results in your SonarQube or SonarCloud console. See documentation here. |
CLI Integrations for Additional CI/CD Platforms
We have created integration examples and documentation to help you to integrate Checkmarx One into popular CI/CD platforms using the Checkmarx One CLI Tool. See examples on GitHub.
Click on the links to see the documentation for the following platforms: