Skip to main content

Eclipse Plugin - Changelog

The following table lists the features and changes that have been implemented for the plugin with the relevant version release.

Plugin Version

Release Date

CLI Version


Bug Fixes


Nov 20, 2023


  • Added Podfile and Podfile.lock to the list of included files (when creating the zip archive for scanning).

  • Updated libraries in order to remediate security issues.

  • Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.


July 4,



  • You can now initiate scans directly from your eclipse IDE. This empowers developers to identify vulnerabilities and remediate them as they code.

    You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace.

    A sanity check is run to verify that the project and branch in your workspace match the project and branch that were scanned for this project. If a mismatch is detected, then a warning message is shown.


    This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings.

  • In the SAST results viewer, we added new tabs with additional info about each vulnerability.

    • Learn More - Gives detailed information about the the nature of the risk and their causes, as well as remediation recommendations.

    • Remediation Examples - Shows a sample of code that is subject to this vulnerability, followed by a remediated version of that code.

  • We now create nightly pre-release versions of this extension whenever we merge new code. The pre-release version can be installed from Marketplace.

  • Disabled triaging for SCA risks, because it hadn't been functioning properly.

  • Fixed issues with invalid thread access.


May 25, 2023


  • Added support for eclipse version 2019-03 (4.11) and above.

  • All references to "AST" (other than the name of the plugin) have been changed to use the new product name "Checkmarx One".

  • Fixed tooltip for Additional parameters so that the link points to new documentation portal.


Nov 10, 2022


General improvements and bug fixes


Oct 27, 2002


  • We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key.

  • In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Global Flags.

  • The filter setting were changed so that by default Not Exploitable and Proposed Not Exploitable vulnerabilities are filtered out of the display.


April 13, 2022


  • Added links to the relevant Codebashing lessons.

  • Automatically shows results for the latest scan of the project and branch that is currently open in the IDE.

  • Fixed problems loading result details when user clicks on several nodes in the tree structure in quick succession.


Mar 2, 2022


  • Added ability to filter results by vulnerability state.

  • Added license content for license approval during installation.


Feb 11, 2022


  • Improved the Attack Vector design

  • Minor bug fixes


Jan 26, 2022


  • Added ability to triage results directly from the IDE console

  • Added a brief description for SAST vulnerabilities

  • Updated UI elements to reflect the new Checkmarx branding (e.g., logo)


Nov 2, 2021


  • Import Checkmarx One scan results into your IDE

  • Show results from all scan types (CxSAST, CxSCA, and KICS)

  • Group results by severity or query name

  • Navigate from results directly to the vulnerable code in the editor

  • Vulnerable code is highlighted in the editor