We would like to share with you a new and exciting CxSAST capability: Security Content Packs.
Out-of-the-box accuracy has always been a key evaluation criteria for CxSAST. In order to maintain our market leadership, we continue to invest significant resources in maintaining and improving the accuracy of CxSAST findings.
Hotfixes and content packs are cumulative and include previous hotfix/content package updates.
Compatibility and Versioning
Ruleset Content Packs are released for CxSAST product versions, which are already generally available and widely used. Ruleset Content Pack data is compatible with a specific CxSAST product version. Because of this, it uses the CxSAST product version it is compatible with (3 numbers), and suffixed by the internal build number (4th number). The compatibility dependency exists due to CxQL and other internal versions. The content of the Ruleset Content Packs is automatically included in the following GA release of CxSAST.
In order to see wich Content Pack version is installed on your server(s), from within the CxSAST portal, navigate to Managment > Application Settings > Installation Information > Checkmarx Queries Pack.
Out-of-the-box improvements are delivered through a new mechanism called Ruleset Content Pack. All Ruleset Content Packs are cumulative, i.e. Ruleset Content Pack 8.9.0.x is similar to installing all Ruleset Content Packs of 8.9.0 prior to 8.9.0.x, by the order of their release. The Ruleset Content Packs Installer checks the SAST installed version and Ruleset Content Pack version, and allows for installation if there is a compatibility with the SAST version and installed Ruleset Content Pack.
The Ruleset Content Pack is installed on the CxManager machines, unless otherwise indicated. In a distributed environment, the Ruleset Content Pack does not need to be installed on engine machines, just on the CxManager machine (which has access to the database). Once installed, the content pack can be uninstalled with the dedicated uninstaller in the package.
The installer can also be executed in CLI (silent) mode, similarly to Hotfix installation.
Each Ruleset Content Pack includes improvements to queries, and optionally also to presets. Technically, these changes are delivered through DB upgrade scripts which affect relevant tables.
Detailed content descriptions can be found using the links below: