Previous Checkmarx One Release Notes
Status | Item | Description |
---|---|---|
NEW | CI/CD tools | To provide support to the key CI/CD tools until official plugins are developed, Checkmarx One CLI scans are now integrated with the following:
A repository with a CLI integration example for each CI/CD tool is available. |
NEW | SCM | SCM project settings now support branch configuration. |
Release of December 05 2021
This release introduces the ability to configure scanner parameters for the SAST, SCA, and KICS at four different levels, multiple usability enhancements, and other improvements.
Key improvements
Scanners configuration
Scanner parameters for the SAST, SCA, and KICS are now configurable at four different levels that override each one:
Environment: Default configuration at the environment level.
Tenant: Default configuration for a specific tenant. It is derived from the environment scans configuration and can be overridden by the administrators only.
Project: Default configuration for a specific project to be applied to all the scans initiated on this project. The default project configuration is derived from the tenant scans configuration and can be overridden by users with the relevant role.
Config-as-Code: Checkmarx YAML file in the source repository (under
.checkmarx/config.yml
). These parameters are applied at the scan level.
![]() |
Risk indicator in the project overview
![]() |
A compact but informative risk indicator has been added to the project overview panel.
End-User License Agreement
To simplify and accelerate customer onboarding, the End-User License Agreement (EULA) is now automatically submitted for sign up to all Checkmarx One Cloud users.

Resolved issues
Status | Item | Description |
---|---|---|
FIXED | Salesforce | An attempt to create a support ticket would fail with the message |
FIXED | UI | Opening the Scanners tab for an empty project could take too long. |
FIXED | UI | The scanners shown in the project details panel were listed in a wrong order. |
FIXED | UI | The icons order for the KICS scanner in the results viewer has been adjusted to match the order displayed in Checkmarx SAST. |
FIXED | Filtering | Fixed a few minor issues in the representation of filtering results in the project overview. The issues were mostly related to label alignment and the indication when selecting all scanners. |
FIXED | Scanning | In rare cases, scanning was interrupted before reaching completion. |
FIXED | Scanning | An attempt to assign a project to the application could fail with the error message |
FIXED | Scanning | Opening the SAST results could trigger an internal error and fail. |
Release of November 09 2021
This landmark release introduces the game-changing functionality that enables our customers to fetch their scan results via the UI and use them outside Checkmarx One for intra corporate presentations and analysis. Read on to check out all of the great updates below.
Key improvements
Create scan reports in PDF and JSON format
Users can now generate reports for Completed or Partial scans via the UI. At the user’s discretion, the report may include the following sections: Scan Summary, Executive Summary, and Scan Results. After generating the report, it can be exported in PDF or JSON format.
To create a report, export an existing scan, specify which sections to generate, and then select the target format.

Azure DevOps SCM support

Checkmarx One is now able to scan your code base in Github, Gitlab, Bitbucket or Azure DevOps. To access the repository, provide its URL in scan settings.
Mapping Checkmarx One roles to Codebashing roles
In addition to Identity and Access Management (IAM) roles, you can now map Checkmarx One roles to Codebashing (CB) roles. CB roles are fetched from Codebashing and displayed in a separate tab of the Role Mapping dialog.

Resolved issues
Status | Item | Description |
---|---|---|
FIXED | Scanning | A slash symbol in the name of a feature branch causes the scan failure. |
FIXED | Scan results | Raw errors are displayed when trying to group result by Source/Sink Nodes. |
FIXED | Scan results | Incremental CxSAST scan result does not change severity and status. |
Release of October 31 2021
Key improvements
Enhancements to the KICS Results Viewer
The KICS Results Viewer now provides the ability to view state and severity changes and add notes to specific items.

Other improvements
Status | Item | Description |
---|---|---|
UPDATE | Project Import | The Back button added to every step of the project import workflow allows you to return to a previous step for review or amendments: ![]() |
UPDATE | User Management | You can now switch back to Checkmarx One from any inner page by clicking the new Back to Checkmarx One button. |
UPDATE | JetBrains plugin | Selecting a project now automatically refreshes the list of available branches, allowing you to retrieve a specific branch and view its previous scans. Entering a scan ID into the Search field will not only retrieve the results of the provided scan, but also automatically display the associated Project and Branch. |
UPDATE | JetBrains plugin | Scan results can now be filtered by Severity, Status, and State. |
Release Notes v2.0.29
Introducing Checkmarx One v2.0.29! Read on to check out all of the great updates below.
Key improvements
Activation email

In previous versions, a tenant owner email with the activation link remained valid for seven days.
Starting from this release, you can resend this email in case the user has not yet completed the activation process. To do it, select Resend Email in the three-dots menu. If the activation process is completed, the option will be greyed out.
Once a new email is sent, the previous link becomes invalid.
Other improvements
Status | Item | Description |
---|---|---|
NEW | ||
UPDATE | User interface | The following list of minor user interface enhancements and updates is added to keep you apprised of all recent changes:
|
UPDATE | User details | The Phone number field does not appear any more in user details. |
UPDATE | Pagination | The allowed number of items in Application and Projects lists has been increased. You can specify 10, 25, 50, 100 or 200 items per page. The default is 50 items per page. |
Fixes
Status | Item | Description |
---|---|---|
FIXED | Project creation | The project creation workflow has been stabilized to exclude random internal errors. |
FIXED | Homepage | Loading the platform homepage could result in an error if no projects are yet defined or all projects have been deleted. |
FIXED | SCA integration | Instead of listing Web files only, such as js, js.map, json etc., an sca-webapp container could include some redundant content copied from irrelevant folders. |
FIXED | Integrations | In rare cases, scans from CxIntegrations could remain queued for over 15 minutes. |
Release Notes v2.0.24
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | Bitbucket integration | Bitbucket is the third native SCM integration platform supported by Checkmarx One. The integration automatically initiates a scan on a pull or push request. |
NEW | Customer data security | To provide an extra layer of data protection, a unique customer master key (CMK) is now used to generate data encryption keys. Checkmarx One will either use the existing CMK, if available, or generate a new one. |
UPDATE | Account Settings | To help users to know how to use Checkmarx One legally and correctly, the comprehensive text of the license is now integrated into the platform. To view it, navigate to Account Settings and click License. |
UPDATE | User Management | The user details shown in the Users table have been enriched to include the following attributes:
|
UPDATE | GitLab Integration | Checkmarx One now provides actionable results of a scan during to a pull request from GitLab by updating the scan result summary in the pull request comment. |
UPDATE | GitLab Integration | The imported projects data is now paginated for better user experience. |
UPDATE | GitHub Integration | The imported projects data is now paginated for better user experience. |
UPDATE | All SCM Integrations | The pull request comment has been redesigned with a scan report summary to provide a better user experience and actionable links. |
UPDATE | API | A new API method is implemented to retrieve the scan results from all engines: SAST, SCA, KICS, and so on. |
UPDATE | API | A new API attribute allows you to send a generated report to the specified email address. |
UPDATE | Logs | Checkmarx One logs are now enriched with the data periodically retrieved from the following services:
|
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Scan results | Scan results do not include vulnerability descriptions. |
FIXED | API | An attempt to run any API call related to results or result summary on an existing scan returns error 404. |
Release Notes v2.0.20 - v2.0.20.3
New / Updated Features
Status | Item | Description | |
---|---|---|---|
NEW | KICS scans | Added the following missing/Invalid data to KICS scan summary page:
| |
NEW | Project → Scan History tab | Added the following columns:
Added an Action Menu icon that includes Delete action:
| |
NEW | Integration → GitHub pull request |
|
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Applications |
|
FIXED | Project Scanners tab | Results are not presented via Project Scanners tab → Widgets view |
FIXED | Project Compliance tab | Visualization issue in the following scenario:
As a solution, the following was disabled in case there is no Compliance data:
|
FIXED | Project scan results | Project Total Results number is miscalculated |
FIXED | KICS scan results | Project name is not presented in the KICS Results page title. |
FIXED | Scans (All scan types) | Occasionally scans are “stuck” and stay in “Running” status for up to 12 hours. |
FIXED | Scans | Occasionally scans are “stuck”. The scans are created and saved, but don’t proceed. |
FIXED | Scans workflow | Occasionally a scan workflow is displayed in a wrong order via the following:
|
FIXED | Scans workflow → Empty | Occasionally, when a scan workflow is empty, the web portal widget details are messed up. |
FIXED | Repository path scans | Only 20 branches are displayed in the following scenario:
|
FIXED | Configuration files | Not able to upload a template of a configuration file to the system. |
FIXED | Configuration files | Configuration file upload request is missing a “slash” in the request syntax. |
FIXED | Security Vulnerabilities | JWT details were being sent and stored in Camunda cloud. The JWT details contain customer data - Authentication and personal data in the token. From now on, JWT token is no longer being sent to Camunda. |
Release Notes v2.0.19.1
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | Dynamic Engines | Added a new feature - Dynamic Engines.
|
NEW | SAST scan limitation | All SAST scans are limited to 250K Lines Of Code. Scanning Projects with files containing higher than 250K Lines Of Code will fail. |
NEW | Scan Results | Add a new publisher service in order to publish scan results |
NEW | Projects Import | Add Groups and Tags enablement to the Import Project wizard |
NEW | Integrations - Scanners types support | Added support for different scanner types to Checkmarx One Integrations |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Scan fails on engine restart | Creating a Project and performing an Incremental scan for SAST, SCA, and KICS using a GIT repository URL sometimes fails due to engine restart. |
FIXED | Project Compliance data | Compliance data is sometimes not presented when performing the following:
|
FIXED | User creation | When creating a new user containing special characters in the username, the following occurs:
|
Release Notes v2.0.19
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | RabbitMQ |
|
NEW | Open a new support ticket | Integration with Salesforce for new tickets opening via Checkmarx One application |
NEW | Github integration | Support multiple scanner types - SAST, SCA, KICS |
NEW | Github integration | support Incremental scan configuration to import project |
NEW | SCM integrations | Auto-fill repo URL when trying to manually scan a project which was imported from SCM |
NEW | GitHub integration | Show repositories is not attached to “organization” |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | SAST vulnerabilities |
|
FIXED | SAST Incremental scan | SAST Incremental scan fails when it is the Project’s first scan |
FIXED | SAST scans |
|
FIXED | GitHub scans | GitHub scan fails in case the URL contains hyphen “-” character |
FIXED | GitHub scans | GitHub scans failed on 'fetch-sources' failed to compress code |
FIXED | GitHub scans | GitHub scans fails when using Webhooks |
FIXED | KICS scans |
|
FIXED | KICS scan results |
|
FIXED | KICS Results API | KICS Results API retrieves wrong severity |
FIXED | SCA Scans → Download logs | Clicking on “download logs” retrieve 404 error message |
FIXED | SCA Results |
|
FIXED | Project Scanners Tab |
|
FIXED | Project Results page | After a successful SAST scan, Project Results page is not rendered when accessed via scanners tab (or using the “eye” icon in Scan History tab) |
FIXED | Project Compliance page | After a successful scan, no data is presented in the Project Compliance tab |
FIXED | Checkmarx One application crash | Checkmarx One application crashes after performing the following:
|
FIXED | config as code | config as code is not working after tenant was enabled |
FIXED | A user with ast-viewer privileges is able to list the files on the server via the /api/scans/templates/{ file-name} API endpoint. | |
FIXED | Checkmarx One Log in | Ability to enumerate tenant names for Checkmarx One application log in mechanism |
FIXED | Checkmarx One Log in | Ability to enumerate user names for Checkmarx One application log in mechanism |
FIXED | Checkmarx One Log in | Ability to use weak Passwords for Checkmarx One application log in mechanism |
FIXED | Checkmarx One Log in | It is possible for a Tenant to list groups from other tenants by querying the affected URL |
FIXED | Checkmarx One Log in | Change the new user “Welcome” email to include Checkmarx One URL |
FIXED | Back Office | Cannot change admin password due to IAM_PASSWORD not applied during environment startup |
FIXED | User Management | Cross-Tenant Group Assigning - Users that had permissions to manage projects could create projects and assign them groups that belonged to other tenants |
FIXED | GitHub integration | Several User Interface improvements |
Release Notes v2.0.17 - v2.0.18
New / Updated Features
Status | Item | Description | |
---|---|---|---|
NEW | SCA | Sharing API Keys with SCA web application | |
NEW | SCA result counters | Integrate SCA result counters using the Summary endpoint | |
NEW | SCA results service |
| |
NEW | SCA - Scanners page | Added SCA scan type to Scanners page - Mock data.
| |
NEW | New aggregation API’s | Support for new aggregation API’s | |
NEW | New Scan Wizard | Adding Back option
| |
NEW | Enable TLS connections for amqp | Extend RabbitUpdater configuration to support TLS connection. | |
NEW | Project page - Engines tab | Changed “Engines” tab in project page to “Scanners”
| |
NEW | Project page - Right pane | Added the option to present scan types preview in case that a scan is in running/failed state. | |
NEW | Results service | Add SCA protobuf to results service | |
NEW | User Interface - Help menu | Added Documentation option to the Support icon options. The button redirects the user to the Checkmarx One documentation space.
| |
NEW | User Interface tests | Adding the following tests to the User interface tests coverage:
| |
NEW | Maintenance and support | Added buffer for maintenance and support. This item is developed for maintenance and support to all pipeline and test-related items. | |
NEW | KICS Result | Added the following to KICS Result:
| |
NEW | KICS result counters | Integrate KICS result counters using Summary endpoint | |
NEW | KICS Results Processing | Performed the following:
| |
NEW | KICS - Results Viewer | Added KICS results to Result Viewer page
| |
NEW | KICS Proto-buff | KICS Proto-buff Refactor | |
NEW | KICS - Quality tests | Creating quality test plan for KICS | |
NEW | Compliance feature | Add the following to the compliance page:
| |
NEW | Compliance feature | Add compliance fields automation coverage | |
NEW | NATS notifications | Deprecate NATS notifications for all services | |
NEW | RabbitMQ event notifications | Handle the following events notifications in services by RabbitMQ:
| |
NEW | Log in API | “organization” tenant is hardcoded for the log in procedure | |
NEW | System Tests | Add compliance page fields to system-test | |
NEW | Webhooks feature | PUT command doesn’t update the webhook active field to In-active state | |
NEW | Dynamic Engines | Performed the following:
| |
NEW | Keycloak - Audit logs | Added Audit logs events to Keycloak | |
NEW | SCM Integrations |
|
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Create a Project and scan a source file | The execution hangs (not consistency, happens from time to time). |
FIXED | Assigning projects to applications | English proofing - Wording improvements |
FIXED | Assigning projects to applications | Search field doesn't function |
FIXED | Results Viewer | Results Viewer improvements |
FIXED | Results Viewer | The user needs to see the code section when clicking on a vulnerability in order to see its details. |
FIXED | Results Viewer | Cannot open the list of vulnerabilities when filtering by Severity and Source File |
FIXED | Projects page - running a scan | Running scan menu triggered from Projects page should be similar to one from Scans page |
FIXED | Projects page - results tab |
|
FIXED | Projects page - results tab | Cannot unselect “new” filter checkbox |
FIXED | Projects page - KICS results | KICS results categories don’t fit the screen |
FIXED | Project page - Compliance tab | Compliance tab data is empty after system was upgraded |
FIXED | Project page - Right pane | When clicking on a project, scans with empty results should not be clickable (Right side pane). |
FIXED | Project page - Right pane - Download logs | Clicking the “Download logs” button when there are no results leads to bad redirect. The button must be greyed out. |
FIXED | Project page - Right pane - Download logs | Download scan logs (both for SAST & KICS) - Get 403 Error |
FIXED | Project page | Project showing “Assigned to application” even though it isn't |
FIXED | Adding project to application | Checkmarx One user interface crashes after adding a new project to an application |
FIXED | getProjects API | 'Origin' field is missing |
FIXED | Project Setting tab - Save button | After performing a change (Add tags, add group) & press Save, the button flicker and stay in "enable" state |
FIXED | User Interface - Cosmetics | Several visual issues while resizing web browser window (Texts not aligned, fonts size). |
FIXED | User Interface improvements | Long names are not fully displayed in the User Interface for the following:
|
FIXED | Incremental Scan | Incremental Scan fails in the following scenario:
|
FIXED | Incremental Scan | Incremental Scan fails in the following scenario:
|
FIXED | Multi scan types scan | During a scan execution, If the scan is opened from resources/scans it appears as completed. |
FIXED | Log in window | User name field in the log in window is case sensitive |
FIXED | Log in window | Enter button doesn’t work in tenant login window |
FIXED | Scan window | Fetch Branches button is returning a wrong list of branch names |
FIXED | Scan service | Scans fail due to result duplications |
FIXED | Scan cancel | When canceling a scan, the status does not pass to failed |
FIXED | Webhooks feature | Secret field is displayed as blank even when a secret exists |
FIXED | User Management | User with if-in-group permissions cannot trigger scans |
FIXED | Keycloak | Keycloak fails due to system tests during deployment |
FIXED | Log in - Reset password feature | There is an unnecessary text in the reset password email that is being sent to the user |
FIXED | BackOffice | During a new Tenant creation, it is not possible to configure alphanumeric symbols in the "Salesforce Account ID" field. |
FIXED | BackOffice | After a new Tenant is created, the Email that the user receives has invalid matching between Account Name field and it's value. |
Release Notes v2.0.14
New / Updated Features
Status | Item | Description | |
---|---|---|---|
NEW | Project sidebar | Added new KICS data widget (Mock). KICS is an open source solution for static code analysis of Infrastructure as Code.
| |
NEW | KICS engine results viewer | Added new KICS engine results viewer using (Mock data)
| |
NEW | SAST sidebar widget | Added Download Logs button in the Project sidebar SAST widget. Once clicking the button, the engine scan logs are downloaded to the client.
| |
NEW | Back Office | Added support for multiple regions in Back Office | |
NEW | Back Office | Added the ability to create a special user type for a tenant called “Service User”. This user has Admin permissions to temporary access the User Management console in order to open new service support cases. This user will be automatically deleted after 1 day. The user won’t be visible in the User Management user interface. |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Webhooks feature | Deleting a single webhook is not working |
FIXED | Webhooks feature | When opening Project webhook settings an error message pops-up |
FIXED | Branching feature | Minor UI uplifts:
|
FIXED | Scan result count | Until a scan is finished there is no need to present a result count |
FIXED | Scan History | When scanning a zip file the scan screen presents the branch filter |
FIXED | SAST sidebar widget | More Details link is not working from the SAST sidebar widget |
Release Notes v2.0.22.3
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | Integrations | To enhance and enrich the workflow automation, the pull request and push event are now invoked by default upon completion of the project import from a source-control management tool. |
Release Notes v2.0.20.4
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | KICS scans | Added support for “Category” field in the following API’s:
|
NEW | Scans workflow | Optimize scan workflow/scan mappings keys in Redis |
NEW | Projects REST API | Exposed Projects REST API. Added SCMRepoId in Checkmarx One Projects table for REST API and GRPC support. |
NEW | Resource Management | Removed Resource Management → SAST engines tab. |
Release Notes v2.0.20 - v2.0.20.3
New / Updated Features
Status | Item | Description | |
---|---|---|---|
NEW | KICS scans | Added the following missing/Invalid data to KICS scan summary page:
| |
NEW | Project → Scan History tab | Added the following columns:
Added an Action Menu icon that includes Delete action:
| |
NEW | Integration → GitHub pull request |
|
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Applications |
|
FIXED | Project Scanners tab | Results are not presented via Project Scanners tab → Widgets view |
FIXED | Project Compliance tab | Visualization issue in the following scenario:
As a solution, the following was disabled in case there is no Compliance data:
|
FIXED | Project scan results | Project Total Results number is miscalculated |
FIXED | KICS scan results | Project name is not presented in the KICS Results page title. |
FIXED | Scans (All scan types) | Occasionally scans are “stuck” and stay in “Running” status for up to 12 hours. |
FIXED | Scans | Occasionally scans are “stuck”. The scans are created and saved, but don’t proceed. |
FIXED | Scans workflow | Occasionally a scan workflow is displayed in a wrong order via the following:
|
FIXED | Scans workflow → Empty | Occasionally, when a scan workflow is empty, the web portal widget details are messed up. |
FIXED | Repository path scans | Only 20 branches are displayed in the following scenario:
|
FIXED | Configuration files | Not able to upload a template of a configuration file to the system. |
FIXED | Configuration files | Configuration file upload request is missing a “slash” in the request syntax. |
FIXED | Security Vulnerabilities | JWT details were being sent and stored in Camunda cloud. The JWT details contain customer data - Authentication and personal data in the token. From now on, JWT token is no longer being sent to Camunda. |
Release Notes v2.0.19.1
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | Dynamic Engines | Added a new feature - Dynamic Engines.
|
NEW | SAST scan limitation | All SAST scans are limited to 250K Lines Of Code. Scanning Projects with files containing higher than 250K Lines Of Code will fail. |
NEW | Scan Results | Add a new publisher service in order to publish scan results |
NEW | Projects Import | Add Groups and Tags enablement to the Import Project wizard |
NEW | Integrations - Scanners types support | Added support for different scanner types to Checkmarx One Integrations |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Scan fails on engine restart | Creating a Project and performing an Incremental scan for SAST, SCA, and KICS using a GIT repository URL sometimes fails due to engine restart. |
FIXED | Project Compliance data | Compliance data is sometimes not presented when performing the following:
|
FIXED | User creation | When creating a new user containing special characters in the username, the following occurs:
|
Release Notes v2.0.19
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | RabbitMQ |
|
NEW | Open a new support ticket | Integration with Salesforce for new tickets opening via Checkmarx One application |
NEW | Github integration | Support multiple scanner types - SAST, SCA, KICS |
NEW | Github integration | support Incremental scan configuration to import project |
NEW | SCM integrations | Auto-fill repo URL when trying to manually scan a project which was imported from SCM |
NEW | GitHub integration | Show repositories is not attached to “organization” |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | SAST vulnerabilities |
|
FIXED | SAST Incremental scan | SAST Incremental scan fails when it is the Project’s first scan |
FIXED | SAST scans |
|
FIXED | GitHub scans | GitHub scan fails in case the URL contains hyphen “-” character |
FIXED | GitHub scans | GitHub scans failed on 'fetch-sources' failed to compress code |
FIXED | GitHub scans | GitHub scans fails when using Webhooks |
FIXED | KICS scans |
|
FIXED | KICS scan results |
|
FIXED | KICS Results API | KICS Results API retrieves wrong severity |
FIXED | SCA Scans → Download logs | Clicking on “download logs” retrieve 404 error message |
FIXED | SCA Results |
|
FIXED | Project Scanners Tab |
|
FIXED | Project Results page | After a successful SAST scan, Project Results page is not rendered when accessed via scanners tab (or using the “eye” icon in Scan History tab) |
FIXED | Project Compliance page | After a successful scan, no data is presented in the Project Compliance tab |
FIXED | Checkmarx One application crash | Checkmarx One application crashes after performing the following:
|
FIXED | config as code | config as code is not working after tenant was enabled |
FIXED | A user with ast-viewer privileges is able to list the files on the server via the /api/scans/templates/{ file-name} API endpoint. | |
FIXED | Checkmarx One Log in | Ability to enumerate tenant names for Checkmarx One application log in mechanism |
FIXED | Checkmarx One Log in | Ability to enumerate user names for Checkmarx One application log in mechanism |
FIXED | Checkmarx One Log in | Ability to use weak Passwords for Checkmarx One application log in mechanism |
FIXED | Checkmarx One Log in | It is possible for a Tenant to list groups from other tenants by querying the affected URL |
FIXED | Checkmarx One Log in | Change the new user “Welcome” email to include Checkmarx One URL |
FIXED | Back Office | Cannot change admin password due to IAM_PASSWORD not applied during environment startup |
FIXED | User Management | Cross-Tenant Group Assigning - Users that had permissions to manage projects could create projects and assign them groups that belonged to other tenants |
FIXED | GitHub integration | Several User Interface improvements |
Release Notes v2.0.17 - v2.0.18
New / Updated Features
Status | Item | Description | |
---|---|---|---|
NEW | SCA | Sharing API Keys with SCA web application | |
NEW | SCA result counters | Integrate SCA result counters using the Summary endpoint | |
NEW | SCA results service |
| |
NEW | SCA - Scanners page | Added SCA scan type to Scanners page - Mock data.
| |
NEW | New aggregation API’s | Support for new aggregation API’s | |
NEW | New Scan Wizard | Adding Back option
| |
NEW | Enable TLS connections for amqp | Extend RabbitUpdater configuration to support TLS connection. | |
NEW | Project page - Engines tab | Changed “Engines” tab in project page to “Scanners”
| |
NEW | Project page - Right pane | Added the option to present scan types preview in case that a scan is in running/failed state. | |
NEW | Results service | Add SCA protobuf to results service | |
NEW | User Interface - Help menu | Added Documentation option to the Support icon options. The button redirects the user to the Checkmarx One documentation space.
| |
NEW | User Interface tests | Adding the following tests to the User interface tests coverage:
| |
NEW | Maintenance and support | Added buffer for maintenance and support. This item is developed for maintenance and support to all pipeline and test-related items. | |
NEW | KICS Result | Added the following to KICS Result:
| |
NEW | KICS result counters | Integrate KICS result counters using Summary endpoint | |
NEW | KICS Results Processing | Performed the following:
| |
NEW | KICS - Results Viewer | Added KICS results to Result Viewer page
| |
NEW | KICS Proto-buff | KICS Proto-buff Refactor | |
NEW | KICS - Quality tests | Creating quality test plan for KICS | |
NEW | Compliance feature | Add the following to the compliance page:
| |
NEW | Compliance feature | Add compliance fields automation coverage | |
NEW | NATS notifications | Deprecate NATS notifications for all services | |
NEW | RabbitMQ event notifications | Handle the following events notifications in services by RabbitMQ:
| |
NEW | Log in API | “organization” tenant is hardcoded for the log in procedure | |
NEW | System Tests | Add compliance page fields to system-test | |
NEW | Webhooks feature | PUT command doesn’t update the webhook active field to In-active state | |
NEW | Dynamic Engines | Performed the following:
| |
NEW | Keycloak - Audit logs | Added Audit logs events to Keycloak | |
NEW | SCM Integrations |
|
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Create a Project and scan a source file | The execution hangs (not consistency, happens from time to time). |
FIXED | Assigning projects to applications | English proofing - Wording improvements |
FIXED | Assigning projects to applications | Search field doesn't function |
FIXED | Results Viewer | Results Viewer improvements |
FIXED | Results Viewer | The user needs to see the code section when clicking on a vulnerability in order to see its details. |
FIXED | Results Viewer | Cannot open the list of vulnerabilities when filtering by Severity and Source File |
FIXED | Projects page - running a scan | Running scan menu triggered from Projects page should be similar to one from Scans page |
FIXED | Projects page - results tab |
|
FIXED | Projects page - results tab | Cannot unselect “new” filter checkbox |
FIXED | Projects page - KICS results | KICS results categories don’t fit the screen |
FIXED | Project page - Compliance tab | Compliance tab data is empty after system was upgraded |
FIXED | Project page - Right pane | When clicking on a project, scans with empty results should not be clickable (Right side pane). |
FIXED | Project page - Right pane - Download logs | Clicking the “Download logs” button when there are no results leads to bad redirect. The button must be greyed out. |
FIXED | Project page - Right pane - Download logs | Download scan logs (both for SAST & KICS) - Get 403 Error |
FIXED | Project page | Project showing “Assigned to application” even though it isn't |
FIXED | Adding project to application | Checkmarx One user interface crashes after adding a new project to an application |
FIXED | getProjects API | 'Origin' field is missing |
FIXED | Project Setting tab - Save button | After performing a change (Add tags, add group) & press Save, the button flicker and stay in "enable" state |
FIXED | User Interface - Cosmetics | Several visual issues while resizing web browser window (Texts not aligned, fonts size). |
FIXED | User Interface improvements | Long names are not fully displayed in the User Interface for the following:
|
FIXED | Incremental Scan | Incremental Scan fails in the following scenario:
|
FIXED | Incremental Scan | Incremental Scan fails in the following scenario:
|
FIXED | Multi scan types scan | During a scan execution, If the scan is opened from resources/scans it appears as completed. |
FIXED | Log in window | User name field in the log in window is case sensitive |
FIXED | Log in window | Enter button doesn’t work in tenant login window |
FIXED | Scan window | Fetch Branches button is returning a wrong list of branch names |
FIXED | Scan service | Scans fail due to result duplications |
FIXED | Scan cancel | When canceling a scan, the status does not pass to failed |
FIXED | Webhooks feature | Secret field is displayed as blank even when a secret exists |
FIXED | User Management | User with if-in-group permissions cannot trigger scans |
FIXED | Keycloak | Keycloak fails due to system tests during deployment |
FIXED | Log in - Reset password feature | There is an unnecessary text in the reset password email that is being sent to the user |
FIXED | BackOffice | During a new Tenant creation, it is not possible to configure alphanumeric symbols in the "Salesforce Account ID" field. |
FIXED | BackOffice | After a new Tenant is created, the Email that the user receives has invalid matching between Account Name field and it's value. |
Release Notes v2.0.14
New / Updated Features
Status | Item | Description | |
---|---|---|---|
NEW | Project sidebar | Added new KICS data widget (Mock). KICS is an open source solution for static code analysis of Infrastructure as Code.
| |
NEW | KICS engine results viewer | Added new KICS engine results viewer using (Mock data)
| |
NEW | SAST sidebar widget | Added Download Logs button in the Project sidebar SAST widget. Once clicking the button, the engine scan logs are downloaded to the client.
| |
NEW | Back Office | Added support for multiple regions in Back Office | |
NEW | Back Office | Added the ability to create a special user type for a tenant called “Service User”. This user has Admin permissions to temporary access the User Management console in order to open new service support cases. This user will be automatically deleted after 1 day. The user won’t be visible in the User Management user interface. |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Webhooks feature | Deleting a single webhook is not working |
FIXED | Webhooks feature | When opening Project webhook settings an error message pops-up |
FIXED | Branching feature | Minor UI uplifts:
|
FIXED | Scan result count | Until a scan is finished there is no need to present a result count |
FIXED | Scan History | When scanning a zip file the scan screen presents the branch filter |
FIXED | SAST sidebar widget | More Details link is not working from the SAST sidebar widget |
Release Notes v2.0.13
New / Updated Features
Status | Item | Description |
---|---|---|
NEW | Project statistics Engine screen | Added vulnerabilities by severity widget. ![]() |
Bug Fixes
Status | Item | Description |
---|---|---|
FIXED | Results viewer shows no scan after scanning zip source | Project Page shows no scans even though the scan finished successfully (as seen both in Resource Management and in the Projects table). This occurs only with zip sources, leading to the suspicion that this relates to branching changes. |
FIXED | Requests and sub-grouping | Fix requests and sub-grouping for the same vulnerabilities with different severities. |
FIXED | Scan fails if results service fails to save results (or any other pipe that needs to fail the scan) | Scan service doesn't notify the workflow in case of the error. In such case there will be a successful scan without results or with partial results. |
CLI and Plugins Release of November 2021
Released CLI Version 2.0.4
Key Improvements
Automatic Retry
Users can now configure global flags to enable automatic retry of scans upon initial connection failure. You can specify the maximum number of retry attempts and the delay interval.
Flag | Default | Description |
---|---|---|
| 3 times | Automatically retry requests to Checkmarx One upon connection failure. Specify the maximum number of retry attempts. |
| 3 seconds | Time between retries in seconds. Used together with |
Assign Groups and Add Tags During Scan Creation
Users can now add tags and assign the scan to a Checkmarx One “group” (for user management) as part of the “scan create” command.
./cx scan create -s . --project-name mynewproject --project-groups mygroup
Additional Improvements
Status | Item | Description |
---|---|---|
UPDATED | Integration tests | Integration tests now have 80% coverage. |
UPDATED | Branch flag | Branch flag is now required. |
UPDATED | Async mode | The flag for running scans in asynchronous mode was changed from |
UPDATED | Homebrew | When installing the CLI through homebrew, |
Plugin Updates
In November we released the following plugin versions. All current plugin versions use CLI version 2.0.4.
TeamCity Plugin - Version 2.0.4
Github Action - Version v0.29
Azure Plugin - Version 0.0.16
Jenkins Plugin - Version 2.0.13
Eclipse Plugin - Pre-release 1.0.0
Visual Code - Version 0.0.8
JetBrains - Version 0.0.5
Key Improvements
New Eclipse Plugin
We released a new plugin for Eclipse, enabling you to import results from a Checkmarx One scan directly into your Eclipse IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.
Main Features
Import Checkmarx One scan results into your IDE
Show results from all scan types (CxSAST, CxSCA, and KICS)
Group results by severity or query name
Navigate from results directly to the vulnerable code in the editor
Vulnerable code is highlighted in the editor
Specify Branch Name
When running scans in our CI/CD plugins, users are now required to specify the branch of the Project in Checkmarx One. This is in addition to specifying the Project name.
Additional Improvements and Bug Fixes
Status | Item | Description |
---|---|---|
Visual Studio Code Plugin | ||
UPDATED | Output Logs | Shows logs of Checkmarx One results in Output tab |
UPDATED | Clear button | Added a Clear button to Projects tab, enabling clearing the current selection and results. |
UPDATED | Tests | Added integration tests and UI tests |
FIXED | Line and column display | Fixed display of line and column in the Details section to match the line and column shown in the editor |
JetBrains Plugin | ||
UPDATED | Filter results | Added buttons in the sidebar of the Checkmarx pane to filter vulnerabilities by severity |
FIXED | No repository | Fixed issue when opening a JetBrains project that doesn’t have a repository |
Viewing the Scanners Tab (API Security)
The Scanners tab provides a multi-scanner overview on the API Security, SAST, SCA and KICS scanners that have been used for the last completed scan within a project. The results for each scanner type are presented in a separate screen using dedicated widgets for the results analysis. The example illustrated here uses SAST and API Security as scanners.
The first screen image illustrates the SAST scan results and the second one illustrates the API Security scan results.


The table below lists and explains the respective widgets for the API Security results.
Widget | Description |
---|---|
Detected APIs | The number of detected APIs in the code. This scan detected 8 APIs in the code. |
Sensitive Data APIs | The number of APIs with at least one sensitive data attribute. This scan detected sensitive data attributes in 7 out of the 8 detected APIs. Additional information on sensitive data is available in the table below. |
Results by Risk | The number of sensitive data attributes according to their risk. In the illustrated example, API Security detected 5 vulnerabilities of which 2 were of high risk and 3 of medium risk. ![]() |
Results by Vulnerabilities | A list of sensitive data attributes with an indicator on how often each of these sensitive data attribute was detected. In the illustrated example, API Security detected Parameter Tampering twice and three more once each. ![]() |
<View Results> | Click to switch to the Risks table. |
The Sensitive Data categories and parameters are listed below.
Category | Parameters |
---|---|
Name | firstname, surname, familyname, fullname, name |
Personal Data | birthday, dob, dateofbirth, phone, mobile, email, socialsecurity, ssn, driverslicense |
Address | address, zipcode |
Bank | credit, cardnumber, account |
Secrets | credentials, secret, auth, apikey, pass, pwd, password |
The Risks table lists the risks and provides additional information as outlined in the table below. Additional information on viewing scan results in depth, refer to Viewing API Results.

Parameter | Description |
---|---|
Severity | Indicates the risk severity as follows:
|
Risk Name | The name of the risk. |
Status | Indicates the status of the risk a follows:
|
Endpoint Path | The path of the endpoint where the API is located in which the risk was detected. |
Method | The method of the API as follows: GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE |
Data Origin | Indicates where the risk was detected, for example inside the code. |
Risk Discovered | The date when the risk was detected. |