Previous Checkmarx One Release Notes

FIXED

Salesforce

An attempt to create a support ticket would fail with the message Please set your priority even though a priority was selected.

FIXED

UI

Opening the Scanners tab for an empty project could take too long.

FIXED

UI

The scanners shown in the project details panel were listed in a wrong order.

FIXED

UI

The icons order for the KICS scanner in the results viewer has been adjusted to match the order displayed in Checkmarx SAST.

FIXED

Filtering

Fixed a few minor issues in the representation of filtering results in the project overview. The issues were mostly related to label alignment and the indication when selecting all scanners.

FIXED

Scanning

In rare cases, scanning was interrupted before reaching completion.

FIXED

Scanning

An attempt to assign a project to the application could fail with the error message Failed to get all Projects and their last scans.

FIXED

Scanning

Opening the SAST results could trigger an internal error and fail.

FIXED

Scanning

A slash symbol in the name of a feature branch causes the scan failure.

FIXED

Scan results

Raw errors are displayed when trying to group result by Source/Sink Nodes.

FIXED

Scan results

Incremental CxSAST scan result does not change severity and status.

UPDATE

Project Import

The Back button added to every step of the project import workflow allows you to return to a previous step for review or amendments:

UPDATE

User Management

You can now switch back to Checkmarx One from any inner page by clicking the new Back to Checkmarx One button.

UPDATE

JetBrains plugin

Selecting a project now automatically refreshes the list of available branches, allowing you to retrieve a specific branch and view its previous scans.

Entering a scan ID into the Search field will not only retrieve the results of the provided scan, but also automatically display the associated Project and Branch.

UPDATE

JetBrains plugin

Scan results can now be filtered by Severity, Status, and State.

NEW

UPDATE

User interface

The following list of minor user interface enhancements and updates is added to keep you apprised of all recent changes:

UPDATE

User details

The Phone number field does not appear any more in user details.

UPDATE

Pagination

The allowed number of items in Application and Projects lists has been increased. You can specify 10, 25, 50, 100 or 200 items per page. The default is 50 items per page.

FIXED

Project creation

The project creation workflow has been stabilized to exclude random internal errors.

FIXED

Homepage

Loading the platform homepage could result in an error if no projects are yet defined or all projects have been deleted.

FIXED

SCA integration

Instead of listing Web files only, such as js, js.map, json etc., an sca-webapp container could include some redundant content copied from irrelevant folders.

FIXED

Integrations

In rare cases, scans from CxIntegrations could remain queued for over 15 minutes.

NEW

Bitbucket integration

Bitbucket is the third native SCM integration platform supported by Checkmarx One. The integration automatically initiates a scan on a pull or push request.

NEW

Customer data security

To provide an extra layer of data protection, a unique customer master key (CMK) is now used to generate data encryption keys. Checkmarx One will either use the existing CMK, if available, or generate a new one.

UPDATE

Account Settings

To help users to know how to use Checkmarx One legally and correctly, the comprehensive text of the license is now integrated into the platform. To view it, navigate to Account Settings and click License.

UPDATE

User Management

The user details shown in the Users table have been enriched to include the following attributes:

UPDATE

GitLab Integration

Checkmarx One now provides actionable results of a scan during to a pull request from GitLab by updating the scan result summary in the pull request comment.

UPDATE

GitLab Integration

The imported projects data is now paginated for better user experience.

UPDATE

GitHub Integration

The imported projects data is now paginated for better user experience.

UPDATE

All SCM Integrations

The pull request comment has been redesigned with a scan report summary to provide a better user experience and actionable links.

UPDATE

API

A new API method is implemented to retrieve the scan results from all engines: SAST, SCA, KICS, and so on.

UPDATE

API

A new API attribute allows you to send a generated report to the specified email address.

UPDATE

Logs

Checkmarx One logs are now enriched with the data periodically retrieved from the following services:

FIXED

Scan results

Scan results do not include vulnerability descriptions.

FIXED

API

An attempt to run any API call related to results or result summary on an existing scan returns error 404.

NEW

Integrations

To enhance and enrich the workflow automation, the pull request and push event are now invoked by default upon completion of the project import from a source-control management tool.

NEW

KICS scans

Added support for “Category” field in the following API’s:

NEW

Scans workflow

Optimize scan workflow/scan mappings keys in Redis

NEW

Projects REST API

Exposed Projects REST API.

Added SCMRepoId in Checkmarx One Projects table for REST API and GRPC support.

NEW

Resource Management

Removed Resource Management → SAST engines tab.

NEW

KICS scans

Added the following missing/Invalid data to KICS scan summary page:

NEW

Project → Scan History tab

Added the following columns:

Added an Action Menu icon that includes Delete action:

NEW

Integration → GitHub pull request

FIXED

Applications

FIXED

Project Scanners tab

Results are not presented via Project Scanners tab → Widgets view

FIXED

Project Compliance tab

Visualization issue in the following scenario:

As a solution, the following was disabled in case there is no Compliance data:

FIXED

Project scan results

Project Total Results number is miscalculated

FIXED

KICS scan results

Project name is not presented in the KICS Results page title.

FIXED

Scans (All scan types)

Occasionally scans are “stuck” and stay in “Running” status for up to 12 hours.

FIXED

Scans

Occasionally scans are “stuck”.

The scans are created and saved, but don’t proceed.

FIXED

Scans workflow

Occasionally a scan workflow is displayed in a wrong order via the following:

FIXED

Scans workflow → Empty

Occasionally, when a scan workflow is empty, the web portal widget details are messed up.

FIXED

Repository path scans

Only 20 branches are displayed in the following scenario:

FIXED

Configuration files

Not able to upload a template of a configuration file to the system.

FIXED

Configuration files

Configuration file upload request is missing a “slash” in the request syntax.

FIXED

Security Vulnerabilities

JWT details were being sent and stored in Camunda cloud.

The JWT details contain customer data - Authentication and personal data in the token.

From now on, JWT token is no longer being sent to Camunda.

NEW

Dynamic Engines

Added a new feature - Dynamic Engines.

NEW

SAST scan limitation

All SAST scans are limited to 250K Lines Of Code.

Scanning Projects with files containing higher than 250K Lines Of Code will fail.

NEW

Scan Results

Add a new publisher service in order to publish scan results

NEW

Projects Import

Add Groups and Tags enablement to the Import Project wizard

NEW

Integrations - Scanners types support

Added support for different scanner types to Checkmarx One Integrations

FIXED

Scan fails on engine restart

Creating a Project and performing an Incremental scan for SAST, SCA, and KICS using a GIT repository URL sometimes fails due to engine restart.

FIXED

Project Compliance data

Compliance data is sometimes not presented when performing the following:

FIXED

User creation

When creating a new user containing special characters in the username, the following occurs:

NEW

RabbitMQ

NEW

Open a new support ticket

Integration with Salesforce for new tickets opening via Checkmarx One application

NEW

Github integration

Support multiple scanner types - SAST, SCA, KICS

NEW

Github integration

support Incremental scan configuration to import project

NEW

SCM integrations

Auto-fill repo URL when trying to manually scan a project which was imported from SCM

NEW

GitHub integration

Show repositories is not attached to “organization”

FIXED

SAST vulnerabilities

FIXED

SAST Incremental scan

SAST Incremental scan fails when it is the Project’s first scan

FIXED

SAST scans

FIXED

GitHub scans

GitHub scan fails in case the URL contains hyphen “-” character

FIXED

GitHub scans

GitHub scans failed on 'fetch-sources' failed to compress code

FIXED

GitHub scans

GitHub scans fails when using Webhooks

FIXED

KICS scans

FIXED

KICS scan results

FIXED

KICS Results API

KICS Results API retrieves wrong severity

FIXED

SCA Scans → Download logs

Clicking on “download logs” retrieve 404 error message

FIXED

SCA Results

FIXED

Project Scanners Tab

FIXED

Project Results page

After a successful SAST scan, Project Results page is not rendered when accessed via scanners tab (or using the “eye” icon in Scan History tab)

FIXED

Project Compliance page

After a successful scan, no data is presented in the Project Compliance tab

FIXED

Checkmarx One application crash

Checkmarx One application crashes after performing the following:

FIXED

config as code

config as code is not working after tenant was enabled

FIXED

A user with ast-viewer privileges is able to list the files on the server via the /api/scans/templates/{

file-name} API endpoint.

FIXED

Checkmarx One Log in

Ability to enumerate tenant names for Checkmarx One application log in mechanism

FIXED

Checkmarx One Log in

Ability to enumerate user names for Checkmarx One application log in mechanism

FIXED

Checkmarx One Log in

Ability to use weak Passwords for Checkmarx One application log in mechanism

FIXED

Checkmarx One Log in

It is possible for a Tenant to list groups from other tenants by querying the affected URL

FIXED

Checkmarx One Log in

Change the new user “Welcome” email to include Checkmarx One URL

FIXED

Back Office

Cannot change admin password due to IAM_PASSWORD not applied during environment startup

FIXED

User Management

Cross-Tenant Group Assigning - Users that had permissions to manage projects could create projects and assign them groups that belonged to other tenants

FIXED

GitHub integration

Several User Interface improvements

NEW

SCA

Sharing API Keys with SCA web application

NEW

SCA result counters

Integrate SCA result counters using the Summary endpoint

NEW

SCA results service

NEW

SCA - Scanners page

Added SCA scan type to Scanners page - Mock data.

NEW

New aggregation API’s

Support for new aggregation API’s

NEW

New Scan Wizard

Adding Back option

NEW

Enable TLS connections for amqp

Extend RabbitUpdater configuration to support TLS connection.

NEW

Project page - Engines tab

Changed “Engines” tab in project page to “Scanners”

NEW

Project page - Right pane

Added the option to present scan types preview in case that a scan is in running/failed state.

NEW

Results service

Add SCA protobuf to results service

NEW

User Interface - Help menu

Added Documentation option to the Support icon options.

The button redirects the user to the Checkmarx One documentation space.

NEW

User Interface tests

Adding the following tests to the User interface tests coverage:

NEW

Maintenance and support

Added buffer for maintenance and support. This item is developed for maintenance and support to all pipeline and test-related items.

NEW

KICS Result

Added the following to KICS Result:

NEW

KICS result counters

Integrate KICS result counters using Summary endpoint

NEW

KICS Results Processing

Performed the following:

NEW

KICS - Results Viewer

Added KICS results to Result Viewer page

NEW

KICS Proto-buff

KICS Proto-buff Refactor

NEW

KICS - Quality tests

Creating quality test plan for KICS

NEW

Compliance feature

Add the following to the compliance page:

NEW

Compliance feature

Add compliance fields automation coverage

NEW

NATS notifications

Deprecate NATS notifications for all services

NEW

RabbitMQ event notifications

Handle the following events notifications in services by RabbitMQ:

NEW

Log in API

“organization” tenant is hardcoded for the log in procedure

NEW

System Tests

Add compliance page fields to system-test

NEW

Webhooks feature

PUT command doesn’t update the webhook active field to In-active state

NEW

Dynamic Engines

Performed the following:

NEW

Keycloak - Audit logs

Added Audit logs events to Keycloak

NEW

SCM Integrations

FIXED

Create a Project and scan a source file

The execution hangs (not consistency, happens from time to time).

FIXED

Assigning projects to applications

English proofing - Wording improvements

FIXED

Assigning projects to applications

Search field doesn't function

FIXED

Results Viewer

Results Viewer improvements

FIXED

Results Viewer

The user needs to see the code section when clicking on a vulnerability in order to see its details.

FIXED

Results Viewer

Cannot open the list of vulnerabilities when filtering by Severity and Source File

FIXED

Projects page - running a scan

Running scan menu triggered from Projects page should be similar to one from Scans page

FIXED

Projects page - results tab

FIXED

Projects page - results tab

Cannot unselect “new” filter checkbox

FIXED

Projects page - KICS results

KICS results categories don’t fit the screen

FIXED

Project page - Compliance tab

Compliance tab data is empty after system was upgraded

FIXED

Project page - Right pane

When clicking on a project, scans with empty results should not be clickable (Right side pane).

FIXED

Project page - Right pane - Download logs

Clicking the “Download logs” button when there are no results leads to bad redirect.

The button must be greyed out.

FIXED

Project page - Right pane - Download logs

Download scan logs (both for SAST & KICS) - Get 403 Error

FIXED

Project page

Project showing “Assigned to application” even though it isn't

FIXED

Adding project to application

Checkmarx One user interface crashes after adding a new project to an application

FIXED

getProjects API

'Origin' field is missing

FIXED

Project Setting tab - Save button

After performing a change (Add tags, add group) & press Save, the button flicker and stay in "enable" state

FIXED

User Interface - Cosmetics

Several visual issues while resizing web browser window (Texts not aligned, fonts size).

FIXED

User Interface improvements

Long names are not fully displayed in the User Interface for the following:

FIXED

Incremental Scan

Incremental Scan fails in the following scenario:

FIXED

Incremental Scan

Incremental Scan fails in the following scenario:

FIXED

Multi scan types scan

During a scan execution, If the scan is opened from resources/scans it appears as completed.

FIXED

Log in window

User name field in the log in window is case sensitive

FIXED

Log in window

Enter button doesn’t work in tenant login window

FIXED

Scan window

Fetch Branches button is returning a wrong list of branch names

FIXED

Scan service

Scans fail due to result duplications

FIXED

Scan cancel

When canceling a scan, the status does not pass to failed

FIXED

Webhooks feature

Secret field is displayed as blank even when a secret exists

FIXED

User Management

User with if-in-group permissions cannot trigger scans

FIXED

Keycloak

Keycloak fails due to system tests during deployment

FIXED

Log in - Reset password feature

There is an unnecessary text in the reset password email that is being sent to the user

FIXED

BackOffice

During a new Tenant creation, it is not possible to configure alphanumeric symbols in the "Salesforce Account ID" field.

FIXED

BackOffice

After a new Tenant is created, the Email that the user receives has invalid matching between Account Name field and it's value.

NEW

Project sidebar

Added new KICS data widget (Mock).

KICS is an open source solution for static code analysis of Infrastructure as Code.

NEW

KICS engine results viewer

Added new KICS engine results viewer using (Mock data)

NEW

SAST sidebar widget

Added Download Logs button in the Project sidebar SAST widget.

Once clicking the button, the engine scan logs are downloaded to the client.

NEW

Back Office

Added support for multiple regions in Back Office

NEW

Back Office

Added the ability to create a special user type for a tenant called “Service User”.

This user has Admin permissions to temporary access the User Management console in order to open new service support cases.

This user will be automatically deleted after 1 day.

The user won’t be visible in the User Management user interface.

FIXED

Webhooks feature

Deleting a single webhook is not working

FIXED

Webhooks feature

When opening Project webhook settings an error message pops-up

FIXED

Branching feature

Minor UI uplifts:

FIXED

Scan result count

Until a scan is finished there is no need to present a result count

FIXED

Scan History

When scanning a zip file the scan screen presents the branch filter

FIXED

SAST sidebar widget

More Details link is not working from the SAST sidebar widget

NEW

Project statistics Engine screen

Added vulnerabilities by severity widget.

FIXED

Results viewer shows no scan after scanning zip source

Project Page shows no scans even though the scan finished successfully (as seen both in Resource Management and in the Projects table).

This occurs only with zip sources, leading to the suspicion that this relates to branching changes.

FIXED

Requests and sub-grouping

Fix requests and sub-grouping for the same vulnerabilities with different severities.

FIXED

Scan fails if results service fails to save results (or any other pipe that needs to fail the scan)

Scan service doesn't notify the workflow in case of the error. In such case there will be a successful scan without results or with partial results.