Skip to main content

Checkmarx One Azure DevOps Plugin - Changelog

The following table lists the improvements and bug fixes that have been implemented for the Azure DevOps plugin with the relevant version release.

Plugin Version

Release Date

CLI Version

Improvements

Bug Fixes

2.0.31

Feb 21, 2024

2.0.67

  • Improved the "Results Summary" shown in the CLI output. The summary now shows vulnerabilities by severity level for each scanner separately, in addition to the overall totals.

  • Remediated vulnerabilities that we identified in our project.

  • Uses CLI version in which vulnerabilities affecting that project have been remediated.

2.0.30

Jan 16, 2023

2.0.64

  • Fixed issue that submitting --groups was interfering with project configuration (e.g., removing designation of primary branch).

  • Fixed issue that sarif reports had been failing when no vulnerabilities were identified.

2.0.29

Dec 11, 2023

2.0.63

  • Fixed issue with SCA risk management.

2.0.28

Nov 10, 2023

TEMPORARY VERSION

2.0.27

October 30, 2023

2.0.60

  • Added an output variable CxOneScanId, which can be used to reference the scan later on in the pipeline, e.g., to generate a report.

  • Fixed issue that when checking for policy violations times out it had been causing the CLI to return a fail status.

2.0.26

Sep 27, 2023

2.0.57

  • Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.

2.0.25

Sep 14, 2023

2.0.55

  • Added an environment variable, "CX_IGNORE_PROXY", for ignoring proxies. Mark the variable as true to ensure that all Checkmarx One CLI commands run directly from the local machine.

  • Added Podfile and Podfile.lock to the list of included files (when creating the zip archive for scanning).

2.0.24

July 28, 2023

2.0.53

  • Added information about violated policies to the scan summary output.

2.0.23

June 30, 2023

2.0.50

  • Enabled SBOM reports for all tenant accounts.

  • Increased the default limit for projects returned using the project list command to 10,000. (This enables Checkmarx One to effectively verify whether a project with the specified name already exists when a scan is initiated via CLI/plugin.)

2.0.22

June 12, 2023

2.0.48

  • Added the ability to generate SBOM reports. SBOMs can be generated using CycloneDX or SPDX format. SPDX reports are output in JSON format, and CycloneDX can be output as JSON or xml.

    Tip

    This is a BETA feature. It is not yet supported for all tenant environments.

  • We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.

    Notice

    We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

2.0.21

Apr 3, 2023

2.0.44

  • You can now designate a scan as a "Private Package" and assign a package version to it using the Additional Parameters options. Once a private package has been scanned, info about the risks affecting that package will be identified by SCA when that package version is used in any of your projects. You can download an article about private packages here.

  • We added the --exploitable-path flag to the Additional Parameters options. This enables you to designate whether or not Exploitable Path will run on this particular scan. When used, this overrides the designation made in the project settings.

    We also added a flag --sca-last-sast-scan-time, which enables you to specify the number of days that SAST scan results are considered valid for use in Exploitable Path (i.e., if there is no current SAST scan, how many days prior to the current SCA scan will Checkmarx One look for a SAST scan to use for analyzing Exploitable Path.)

    Warning

    The --sca-last-sast-scan-time flag is not yet fully supported and may not function as designed.

  • Improved memory usage when uploading zip files.

  • Added file extensions go.mod, go.sum, *.dart, and *.plist to the list of included files (when creating the zip archive for scanning).

2.0.20

Feb 24, 2023

2.0.42

  • Rollback change of product name, back to Checkmarx AST.

2.0.19

Feb 24, 2023

2.0.42

  • All references to AST have been changed to use the new product name "Checkmarx One".

  • Added option to generate reports in PDF format by setting --report-format to pdf. For PDF format reports, you can add the following additional flags:

    • Add the --report-pdf-email flag to specify email recipients.

    • Add the --report-pdf-options flag to specify which sections to include in the report. Options are: Iac-Security, Sast,Sca, ScanSummary, ExecutiveSummary, ScanResults.

2.0.18

Dec 7, 2022

2.0.37

  • The KICS scanner is now referred to in Checkmarx One as "IaC Security". All mentions of the scanner and the vulnerabilities identified by it, now refer to IaC Security.

  • The API Security scanner is now supported for use via the CLI. When running the scan create command, you can now add api_security to the list of scanners under --scan-types.

2.0.17

Nov 9, 2022

2.0.34

General improvements and bug fixes.

2.0.16

Oct 18, 2022

2.0.31

Added the option to authenticate with Checkmarx One using an API Key instead of using an OAuth Client.

Tip

When you authenticate using an API Key, there is no need to submit your account info (Base URL, Auth URL, Tenant name).

Learn how to generate an API Key here

2.0.15

Sep 19, 2022

2.0.29

General improvements and bug fixes

2.0.14

Sep 2, 2022

2.0.25

All documentation links now point to the new Checkmarx documentation portal at https://checkmarx.com/resource/documentation.

2.0.13

Aug 24, 2022

2.0.23

General improvements and bug fixes

2.0.12

Jul 14, 2022

2.0.21

Fixed issue caused by trying to generate results when no scan had run successfully.

2.0.11

Jul 5, 2022

2.0.21

  • General improvements and bug fixes

2.0.10

Jun 15, 2022

2.0.19

  • General improvements and bug fixes

2.0.9

Jun 2, 2022

2.0.18

  • Added support for Azure 2019

2.0.8

May 26, 2022

  • You can now add filters to the scan create command (to exclude files/folders from the scan) separately for each specific scanner. The flags for the new filters are: --sast-filter <string>, --kics-filter <string>, --sca-filter <string>. See scan create.

    Tip

    The existing flag --file-filter , which sets filters for the entire scan (for all scanners) is still in use.

  • You can now add an ssh key to a scan, using the flag --ssh-key <string> with the path to the ssh private key.

2.0.7

Apr 26, 2022

General improvements and bug fixes

2.0.6

Apr 26, 2022

2.0.16

General improvements and bug fixes

2.0.5

Apr 12, 2022

General improvements and bug fixes

2.0.4

Mar 2, 2022

2.0.13

  • Added new --sca-resolver-params flag to the scan create command. See documentation here.

  • Fixed problems with proxy connection.

2.0.3

Feb 11, 2022

2.0.12

  • In the scan create command, we renamed the format flag as scan-info-format.

  • Renamed the results command as results show command.

  • Updated UI elements to reflect the new Checkmarx branding (e.g., logo).

  • Fixed naming of agent for scans run via Azure DevOps to accurately reflect scan origin.

2.0.1

Jan 11, 2022

2.0.10

  • Added SummaryJSON reports.

  • Added the --scan-timeout <int> flag to the scan create command, enabling users to specify a time limit after which the scan will fail and terminate. See documentation here.

  • Updated UI elements to reflect the new Checkmarx branding (e.g., logo).

0.0.16

Nov 3, 2021

2.0.4

  • Updated CLI to version 2.0.4

  • Added branch parameter (required)

0.0.1

Jul 16, 2021

  • Automatically trigger SAST, SCA and KICS scans from Azure DevOps pipelines

  • Supports adding a Checkmarx One scan as a pre-configured task or as a YAML

  • Supports use of CLI arguments to customize scan configuration

  • Interface for viewing scan results summary and trends in the Azure environment

  • Direct links from within Azure to detailed Checkmarx One scan results and reports