Azure DevOps Plugin Change Log

The following table lists the features and changes that have been implemented for the plugin with the relevant version release. To obtain the plugin, go to the plugin download section

VersionChanges/FeaturesAdditional Information
2021.4.4
  • Added support for a mechanism that avoids duplicate scans.
  • Added support for scan level custom fields (for CxSAST 9.4).
  • Enabled users to select the source configuration.
  • Enabled users to select Post Scan Action (for CxSAST 9.3 and higher).
  • Updated the CxSAST Service endpoint point connection to enter Preset and Team to override the parameters stored in the pipeline.
  • Updated the CxSCA Service endpoint connection to enter the Access Control URL, the Web App URL and the CxSCA account.
  • Renamed the CxSAST and CxSCA Service endpoint connections to Checkmarx SAST and Checkmarx SCA respectively.
  • Added support to define periodic full scans after a number of incremental scans that you can specify.
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019 and 2020
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2021.4.3

Added support for self-signed certificates configured in CxSAST. Below are the parameters to configure the SAST and SCA certificate chain path:

  • For CxSAST - sastCaChainFilePath
  • For CxSCA - scaCaChainFilePath
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2021.2.17

CxSCA enhancements and fixes:

  • Added support for project creation
  • Added support for team assignment
  • Added support for Exploitable Path. This utility requires the CxSCA Agent
  • Added support for config files and environment variables. This requires the CxSCA Agent
  • A new option has been added to enforce CxSCA policies and break the build based on violated policies
  • Added support to include the source code
  • The plugin deletes now the zip file from the temporary folder after the scan has been completed

Additional enhancements and fixes:

  • Support for special characters as part of Dev-Azure project names has been added.
  • Added support for CxOriginUrl
  • Added support for OverrideProjectSettings
  • The scan result image is now properly showing the threshold compliance
  • Added the possibility to add a comment to the scan in the logs
  • Elapsed time’ is now indicating the elapsed time. Previously, it indicated the absolute time instead
  • An issue has been fixed that caused the 'origin' header to exceed the maximum length
  • An issue has been corrected that caused the TLS verification being disabled when logging in
  • Removed support for the older Ado Task versions. Only the latest version of the plugin is now supported.
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2021.2.13
  • Added support for Proxy Auto Config (PAC) proxy.
  • Enabled proxy configuration from the plugin’s user interface
  • Proxy credentials can be configured as pipeline variables. This does not apply to PAC Proxy.
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2020.4.14
  • Fixed SCA proxy with no authentication
  • Fixed the SAST Origin Value for the local TFS server
  • Fixed the SAST project settings override with regards to creating a new project. This addition is relevant for SAST 9.3.
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2020.4.10
  • Proxy support
  • Fix for CxSAST project settings override. This is relevant for use with CxSAST 9.3.
  • Updated the original value to include the domain name
  • Fix for CxSCA login scopes
  • Fix for CxSCA project names that are not case sensitive
  • Fixed the link to CxSCA scan results
  • Supports the EU datacenter for CxSCA
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2020.3.11
  • Prevents source code from being sent to the SCA cloud service.
  • Sending Manifest and Fingerprints only to the SCA cloud service.
  • Causes the build to fail, if the lower threshold is set to zero and a low number of vulnerabilities are found.
  • Fixed cases when scans were aborted, if the SCA URL ended with / , for example https://sca.cxsca.net/ 
  • Supported SAST Versions: 8.9, 9.0, 9.2
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2020.2.86
  • Added support for CxSCA
  • Displays the CxSCA dashboard
  • Saves the CxSCA responses as json files
  • Improved and redesigned the user interface
  • Certified SAST Versions: 8.9, 9.0
  • OSA Support: N/A
  • SCA Support: Supported
  • Supported Tool Versions:
    • Dev Azure (cloud version)
    • TFS 2019
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
2020.2.12
  • Policy Enforcement support
  • Sending Origin as ‘VSTS’ in SAST scan request
  • Task versioning support
  • Fixed the issue that caused the incremental scan to fail without code change
  • Certified SAST Versions: 8.9, 9.0
  • OSA Support: N/A
  • Supported Tool Version
    • Dev Azure (cloud version),
    • TFS 2019
    • TFS 2018
    • TFS 2017 (up to version 3.1),
    • Windows and Linux agents.
  • Node JS Version: 6.10.3 and higher.
2019.4.1
  • Ability to break the build according to the OSA policy status
  • Added support for Linux agents
  • Checkmarx tab is now hidden from build results if pipeline doesn't contain a Checkmarx task
  • Added support for globstar (**) in 'Include/Exclude Wildcard Patterns' setting for additional flexibility
    - E.g. to exclude .tmp and .bak files at all directory levels, the following pattern should be used: '!**/*.bak, !**/*.tmp'
    - See the help text for this setting for more details.
  • The user running the CxSAST Azure DevOps plugin scan must have both 'Scanner' and 'Reviewer' role permissions.
  • A parameter 'Enable Project’s Policy Enforcement' enables breaking the build by both CxSAST policies upon policy violation. This parameter can now be defined for CxSAST.
  • CxOSA is no longer supported via the Azure DevOps plugin.
  • Certified SAST Versions: 8.9, 9.0
  • OSA Support: N/A
  • Supported Tool Versions:
    • DevAzure (cloud version)
    • TFS 2019
    • TFS 2018
    • TFS 2017 (latest v3.1)
    • Windows and Linux agents
  • Node JS version: 6.10.3 and higher
8.9.0
  • Ability to break the build according to the OSA policy status

8.8.0
  • Plugin name has been changed from ‘CxSAST MS-VSTS’ to ‘CxSAST Azure DevOps’
  • Report UI displays both New and Recurrent vulnerabilities in the bar chart
  • Ability to abort scan on timeout
  • Ability to deny the creation of new projects
  • Ability to set a scan comment

8.7.0
  • Embed OSA core library into the Checkmarx CI plugins
  • Support scanning of the NPM package.json
  • Support scanning of Maven POM.XML files

8.6.0
  • First release with CxOSA
  • First release with a graphical report (Bar Chart)
    (identical to Bamboo and Teamcity)

8.51
  • Custom Preset
  • Proxy Support