8.5.0 Release Updates
New Features and Changes
Application
Category | Features |
---|---|
Setup | The new Checkmarx theme has been implemented into the latest version of the CxSAST installation and setup wizard. This has been redefined in order to match current Checkmarx branding. |
All Checkmarx icons (desktop and the Start menu) have been updated with the new Checkmarx logo in order to match the currently defined Checkmarx brand. | |
Supported Environments | Support for SQL Server 2016 |
Profile - Account Information | The CxSAST User Interface now supports French and Russian languages. The language selection option is available on the Account Information panel of the My Profile screen (My Profile > Account Information) and can be initiated by simply clicking on the Language drop-down and selecting the desired language. |
Management - Application Settings | The 'All' languages option has been removed from a number of areas in CxSAST in order to provide accurate license validation enforcement (i.e. not to scan Java when the license doesn’t support Java). This includes the Supported Languages panel (Management > Application Settings > License Details > Supported Languages) and also includes scan requests in REST APIs |
GOLang is now displayed on the Supported Languages panel of the License Details screen (Management > Application Settings > License Details > Supported Languages) in CxSAST. All languages are supported in CxSAST according to your Checkmarx license. | |
Management - Scan Settings | Four new predefined presets have been added to the presets list in the Preset Manager (Management > Scan Settings > Preset Manager):
|
Management - CxOSA | A new panel (OSA Settings) has been added to the General Settings window (Management > Application Settings > General). The OSA Settings panel provides the following fields:
|
Management - Connection Settings | A new Sign SAML IdP Requests option has been added to the SAML Configuration screen (Management > Connection Settings > SAML). This option, once enabled, assures that every request sent to the Identity Provider is signed with a Service Provider certificate. The SAML Version field has been removed from the SAML Configuration screen. |
Open Viewer - Scan Results | Two new compliance options (FISMA 2014 and NIST SP 800-53) have been added to the Scan Results Severity filter in the Open Code Viewer for CxSAST (Dashboard > Project State > Open Viewer > Scan Results Severity). |
Open Viewer - Scan Results | A new column (Number of Nodes) has been added to the Results panel in the CxSAST Code Viewer. This column provides the number of nodes in the attack vector provided by each result. Sorting, filtering and grouping options are available. This column is disabled by default and can be made available from the Columns selection tool. |
Scan Results | The version of the PCI DSS compliance has been updated, from v3.1 to v3.2, in all areas of the CxSAST application including the code viewer, presets, reports, etc. |
Report Generator | Two new categories (FISMA 2014 and NIST SP 800-53) have been added to the Report Generator (Dashboard > Project State > Create Report > Categories). |
Audit
Category | Features |
Setup | The new Checkmarx theme has been implemented into the latest version of the CxSAST installation and setup wizard. This change also reflects on the CxAudit installation and has been redefined in order to match current Checkmarx branding. |
Audit View | CxAudit now enables exporting queries. When exporting queries, CxAudit also provides the capability to select only those queries that have been modified instead of having to look for each query manually. |
CxQL Query Language | CxDebug method has been deprecated. It was replaced with "cxLog.WriteDebugMessage" as a way of writing debug messages. |
Integration & Plugins
Category | Features |
---|---|
Visual Studio IDE - Support | Added support for Visual Studio 2017 |
IDE Plugin - Eclipse | The CxSAST Eclipse Plugin (v8.5.0 and up) supports 4.7 (Oxygen) |
Bamboo Plugin - Support | The CxSAST Bamboo plugin has completed its testing phase and now supports Bamboo version 6.0 |
Bamboo Plugin - Scan Task | A new setting parameter (Schedule interval based full scans) has been added to the Configuring a Scan Task screen in Bamboo. Check enables the scheduling of interval based full scans, when running incremental scans. This new parameter allows you to define a time range (interval begin and end) in which all scans will be full scans. For example, this could be used to ensure that daily runs would be incremental scans and nightly builds will be full scans, without having separate jobs. This parameter is only available if the Enable incremental Scan option is enabled. |
Jenkins Plugin | Improved Jenkins user interface has been updated in accordance with all Checkmarx plugins. |
Jenkins Plugin (Pipeline) | New improved script generation option for Jenkins pipeline integration. |
TeamCity Plugin | You can now integrate CxSAST with any TeamCity code build step, enabling a TeamCity job/project to automatically initiate a CxSAST scan. Integration is achieved with our new CxSAST TeamCity plugin. Once downloaded from the central repository, the plugin is simple to install and configure. |
SonarQube Plugin | You can now integrate CxSAST with SonarQube enabling the display of current and trending security vulnerability information for a code project. Integration is achieved with our new CxSAST SonarQube plugin. Once downloaded from the central repository, the plugin is simple to install and configure. SonarQube is now available as beta for all customers. |
CLI Plugin - CxOSA | New functionality (CxOSA) has been added to the CxSAST CLI plugin:
|
Engine Auto Scaling API | New functionality (Engine Auto Scaling API) has been added to latest Checkmarx REST API library:
This allows you to dynamically provision and remove scan engines according to your ever changing scan capacity demands. Swagger examples can be found at - Swagger Examples |
Engine
Category | Features |
---|---|
Supported Languages and Frameworks | GOLang Beta Support:
|
Enhancements for Java:
| |
Enhancements for JavaScript:
| |
C# Support for New Structures:
| |
Improvements for ASP.NET MVC
| |
Improvements for ASP.NET Razor
| |
ASP.NET CORE Beta Support
| |
Improvements for Scala & Groovy
| |
General | Mobile support improvements (Android and iOS):
|
Support for scanning lambda expressions across languages (C#, Scala, Java) | |
Enhanced support to Polymorphism functionality | |
Vulnerability coverage enhancements for multiple languages | |
Engine licensing is now performed automatically by the Manager Server (Engine Servers no longer require a seperate license, but the license has to be copied from CxManager to each Engine). CxAudit still requires a local license file. | |
Resolved Issues
Category | Resolved Issues |
---|---|
Scan Improvements | Major advances in the engine providing significant reduction in false positives and false negatives across all supported languages. |
Engine | Major improvements and fixes for the following languages:
|
Known Limitations
Category | Known Limitations |
---|---|
Setup and Configuration | The SQL Express 2008 installation included in CxSAST is not supported by Windows 2016. In this case you will need to install a newer version of SQL Express separately before launching the CxSAST installation. |
LDAP Synchronization | If a user is created through LDAP synchronization, then the LDAP synchronization is disabled and then that user is manually moved to a higher role (company manager or higher) – the user may not get the new role’s privileges. |
CxOSA - Undetected Libraries & Match by Filename | Undetected libraries will report files in binary format (such as .dll & .jar), other files will not be reported. The reason for this is that WS saves undetected files in binary format only. Saving all file formats will infect the WS database. |
Bamboo Plugin – Fonts display | Installing the Bamboo plugin (8.42.0) will affect the fonts displayed in all Bamboo build reports on Mac OS machines. |
The release update is also available for download here - PDF