2024.1.3 | The following enhancements have been made in the result viewer: Fetch the result state from the server according to user permissions. Supported Custom-result state feature, which will display to the user based on permission. Added the Select All option to the result state table. Using Keypress [ESC], you can close the Add/Edit comment popup. Support for Mandatory comments functionality based on SAST configuration for NE(Not Exploitable), PNE( Proposed Not Exploitable), and all states. The following UI improvements were made: Added pagination to the table. The user can resize each column in the results table. Display existing comments by hovering over the edit icon. Added Checkmarx logo. Added filter for columns to filter query results. Display a busy icon while updating bulk comments, results states, or assignees.
The following enhancements have been made to the attack vector viewer: Added Avoid Duplicate Scan in Queue Feature. Added plugin name and its version in user agent header which will display in SAST IIS logs or AWS ELB logs. Fixed count mismatch bug after updating result states as not exploitable. VSCode plugin only supports https SAST server when using a proxy.
| Supported SAST Versions: 9.4, 9.5, 9.6 OSA Support: Not supported SCA Support: Not supported Operating System: Windows. Linux. Mac SAML Support: CxSAST versions 9.4, 9.5, 9.6 Supported Tool Version: Visual Studio Code version 1.67.2 and higher
|
2023.2.3 | The following enhancements/ bug fixes have been made in the VS Code plugin: Supports Visual Studio Code latest version V1.80.2. The attack vector and results table reload upon clicking a vulnerability name. Removed > icon that appeared in front of the vulnerability name. The results table allows manual column resizing and displays all columns without a scroll bar when the screen is at its maximum size. The public documentation link for VS Code has been updated. The On Bind project's latest project is displayed first. Clicking Unbinding or Log Out clears the CX Scan Results tab. The Result Table and Attack Vector tabs open again when you click on any vulnerability name.
| Supported SAST Versions: 9.4, 9.5, 9.6 OSA Support: Not supported SCA Support: Not supported Operating System: Windows. Linux. Mac SAML Support: CxSAST versions 9.4, 9.5, 9.6 Supported Tool Version: Visual Studio Code version 1.67.2 and higher
|
2022.3.3 | | Supported SAST Versions: 9.3, 9.4, 9.5 OSA Support: Not supported SCA Support: Not supported Operating Systems: Windows, Linux, Mac SAML Support: CxSAST versions, 9.3, 9.4, 9.5 Supported Node JS version: 12.16.2 LTS version Supported Tool Version: Visual Studio Code version 1.67.2 and higher
|
2022.2.1 | | Supported SAST Versions: 9.2, 9.3, 9.4 OSA Support: Not supported SCA Support: Not supported Operating Systems: Windows, Linux, Mac SAML Support: CxSAST versions 9.2, 9.3, 9.4 Supported Node JS version: 12.16.2 LTS version Supported Tool Version: Visual Studio Code version 1.67.2
|
2022.1.2 | | Supported SAST Versions: 9.2, 9.3, 9.4 OSA Support: Not supported SCA Support: Not supported Operating Systems: Windows, Linux, Mac SAML Support: CxSAST versions 9.2, 9.3, 9.4 Supported Node JS version: 12.16.2 LTS version Supported Tool Version: Visual Studio Code version 1.60.2
|
2021.3.1 | Setting Single Sign On (SSO) login as default. The User name + Password login option can be enabled from the extension settings. To enable SAML Single Sign On (SSO), QF_VSCodeSAML must be installed. To do so, run 9.x.0.QF_VSCodeSAML.zip. 9.x stands for the CxSAST version, for example, 9.4. For additional information and instructions on enabling SAML Single Sign-On, refer to the relevant knowledge base article. Supports the configuration of the Certificate Authority (CA) certificate chain file path in the extension settings. This must be configured, when CxSAST is using a self-signed certificate. Menu items are renamed as follows: From 'Scan Current Folder' to 'Checkmarx: Scan Current Folder' From 'Scan Current File' to 'Checkmarx: Scan Current File' From 'Scan Workspace' to 'Checkmarx: Scan Workspace'
The extension can be configured to allow workspace-level scans only. For new projects, users can define projects as public or private. If a project is defined as private, scans performed are always private. The following enhancements have been made in the in result viewer: Added columns to show additional vulnerability details Vulnerabilities can be filtered based on different columns Triaging of vulnerabilities can be performed by changing the state of vulnerabilities Displaying a short description of the respective vulnerability.
| Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4 OSA Support: Not supported SCA Support: Not supported Operating Systems: Windows, Linux, MAC SAML Support: CxSAST versions 9.0, 9.2, 9.3, 9.4 Supported Node JS version: 12.16.2 LTS version Supported Tool Version: Visual Studio Code version 1.60.2
|
2020.3.1 | First generally available release Binding an existing project for scanning Creating a new project for scanning Executing a CxSAST scan Retrieving CxSAST results of scanned source code Displaying vulnerabilities in Result Table and Attack Vector views Saving CxSAST scan reports to an external JSON file Showing vulnerability query description Retrieving the last scan results of a bound project without running a scan Ability to disable 'Scan Any File/Folder' buttons Login - support credentials and SSO methods Supporting incremental and full scans Supporting private and public scans Unbinding project Silent mode - controls the number of popup messages displayed to the user Config as Code for selected attributes Result Table and Attack Vector are supported for Linux and MacOS as well
| Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4 OSA Support: Not supported SCA Support: Not supported Operating Systems: Windows Supported Node JS version: 12.16.2 LTS version Supported Tool Version: Visual Studio Code version 1.44
|
2020.2.1-Beta | Executing CxSAST scans Retrieving CxSAST scan results Displaying vulnerabilities in the Attack Vector view Saving CxSAST scan reports to external files Displaying vulnerability query description
| Certified SAST Versions: 8.9, 9.0 OSA Support: Not supported SCA Support: Not supported Operating Systems: Windows Supported Node JS version: 12.16.2 LTS version Supported Tool Version: Visual Studio Code version 1.44
|