1.7.06

🚀 Features

• Added a feature to the SARIF report where different modules are no longer treated as different artifacts. @satyamchaurasiapersistent
• Added a feature to the SARIF format to address mismatch information between two fields. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fixed an issue where the file cx.sarif could not be uploaded as it was not valid SARIF. @satyamchaurasiapersistent
• Fixed a security vulnerability in CxFlow. @itsKedar
• Fixed an issue where a comment on a PR led to an error, stating that another scan was already in progress. @satyamchaurasiapersistent
• Fixed an issue where CxFlow was unable to create work items for ADO on-prem servers. @itsKedar
• Fixed an issue where the CxFlow SCA scan terminated with a "Null pointer" exception. @itsKedar
• Fixed an issue where CxFlow attempted to access a branch after a branch deletion event. @itsKedar
• Fixed an issue where CxFlow could not set multiple project custom field values with spaces in GitHub Actions. @itsKedar

Documentation

• Updated documentation regarding GitLab MR scan comments not reflecting the user who created the MR. @satyamchaurasiapersistent
• Updated documentation regarding scan attempts for branches that don't match the protected branch criteria when a webhook event comes from the repository's default branch. @satyamchaurasiapersistent
• Updated documentation for using Docker image execution, where SCA Resolver integration requires build tools installed or additional documentation. @itsKedar

1.7.05

🐛 Bug Fixes

• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for GitHub payload id causing integer overflow exception. @itsKedar and @satyamchaurasiapersistent

1.7.04

🚀 Features

• Added feature to allow symbolic links in cx-flow. @itsKedar (GitHub URL : #842)
• Added feature to add artifcat details in SAST report. @satyamchaurasiapersistent. (GitHub URL : #1252)
• Added feature to Stack traces logged as ERROR for valid failure scenarios spam the event logs. @itsKedar (GitHub URL : #1194)
• Added feature to support command line PR comments for Bitbucket Cloud and Bitbucket Server. @itsKedar (GitHub URL : #1125)
• Added feature to Map labels on bug trackers like Github Issues or Gitlab Issues in Cx-Flow. @itsKedar (GitHub URL : #1029)
• Added a feature to cancel in-progress scans in SAST if a timeout occurs. @satyamchaurasiapersistent
• Added a feature to Configure exclude vulnerability categories in CxFlow. @itsKedar
• Added a feature to download SCA and SAST report with critical severity in PDF report for CxFlow. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for Pull Request scan results should refresh after a second push to the same pull request for Cx-Flow. @itsKedar (GitHub URL : #1172)
• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for Interactive command handling targeting the CxFlow user's name for PR workflow kickstarting. @satyamchaurasiapersistent (GitHub URL : #831)
• Fix for removal of /cxrestapi when using checkmarx url from environment variable. @satyamchaurasiapersistent
• Fix for custom field value with a space. @itsKedar
• Fix for reduction of Cx-Flow messages in Pull request. @itsKedar
• Fix for Scan was taking almost 2 hours till then some token gets expired. @itsKedar.

Documentation

• Updated documentation on how to enable or disable the grouping of issues in the SARIF report. @satyamchaurasiapersistent (GitHub URL : #1330)
• Updated documentation on the project naming convention of CXFlow with more detailed information. @satyamchaurasiapersistent (GitHub URL : #1282)
• Updated documentation on the GITLABDASHBOARD. @satyamchaurasiapersistent (GitHub URL : #1326)

Note

• The current version of CX-Flow is experiencing issues with Azure DevOps On-Premise.

1.7.03

🚀 Features

• Added feature to perform first scan of branched project as incremental if parent project is already created in SAST. @satyamchaurasiapersistent and @itsKedar

1.7.02

🚀 Features

• Added feature to choose custom keystore in Cx-Flow. @satyamchaurasiapersistent
• Added feature to bitbucket git clone support in Bitbucket both cloud and server @itsKedar. (GitHub URL : #732)
• Added feature to project deletion on PR close event. @satyamchaurasiapersistent (GitHub URL : #556)
• Added feature to show vulnerability summary in Bug-tracker as PDF. @satyamchaurasiapersistent
• Added feature to accept self-sign certificate and SSL bypass in Cx-Flow. @satyamchaurasiapersistent
• Added Feature to ADO git clone feature @itsKedar (GitHub URL : #733)

🐛 Bug Fixes

• Fix for Security vulnerability fix for Cx-Flow. @itsKedar
• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for request of adding Similarity ID to new Line. @itsKedar (GitHub URL : #1343)
• Fix for JIRA not closing issues marked Not Exploitable in SAST. @itsKedar
• Fix for prscans not triggered issue. @satyamchaurasiapersistent
• Fix for filter dev, test & indirect dependencies discrepancy in SCA. @satyamchaurasiapersistent
• Fix for token leaks in logs. @itsKedar. (GitHub URL : #1341)
• Fix for information label issue for different bugtrackers in Cx-flow. @itsKedar. (GitHub URL : #1340)
• Fix for codeBashing Training Links issue in Cx-flow. @itsKedar (GitHub URL : #1342)

Documentation

• Updated documentation for removal of JAVA support notice. @itsKedar
• Updated support for branches in GitLab CI template. @FlorentinLedy

1.7.01

🚀 Features

• Added feature to Opting Out of Bitbucket comment notifications during PR. @satyamchaurasiapersistent
• Added feature to Jira description field overflow. @itsKedar
• Added feature to remove comment to the PR and it appears to the user error is PR while another scan is already in progress. @satyamchaurasiapersistent (Github Issue : #1254)
• Added feature to Critical Severity support for SAST and SCA in cxflow. @satyamchaurasiapersistent
• Added Feature to Support SCA Scan tag feature in CxFlow. @itsKedar
• Added feature to Mask GitHub personal access tokens in logs. @james-bostock-cx

🐛 Bug Fixes

• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for Sarif Format: Maven modules are not treated as different artifacts. @satyamchaurasiapersistent
• Fix for Missing Rules in SARIF file. @satyamchaurasiapersistent
• Fix for mismatch in scanning criteria in Sarif Report. @satyamchaurasiapersistent (Github Url : #1250)
• Fix for Error while setting Project Level custom fields via cxflow GitHub Action. @itsKedar
• Fix for concurrent incremental scan issue. @satyamchaurasiapersistent
• Fix for File filtering with local clone. @itsKedar (Github Url : #1288)
• Fix for CxFlow Sarif output fails many validation tests. @satyamchaurasiapersistent (Github URL : #1329)

Documentation

• Updated documentation for FAQ docs for ADO work items issue. @itsKedar

1.7.0

🚀 Features

• Added feature to workflow change for submitting scans to avoid source location overwrite. (GH Issue URL : #1151)
• Added feature to flow of information from JIRA to SAST.
• Added feature to Set delete running scans as false.
• Added feature to include folder/files that need to be scanned in Cxflow. (GH Issue URL : #1300)
• Added new Logo of Checkmarx.
• Added DynamoDB support for sharding in Cxflow.

🐛 Bug Fixes

• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for SCA Project link incorrect while using ScaResolver due to concurrency issue.
• Fix for Gitlab Bugtracker - add option to insert always new comment in mergeRequest instead of updating existing one. (GH Issue URL : #1120)
• Fix for Branching is broken when using a project name Groovy script. (GH Issue URL : #1312)
• Fix for Set security-severity in the SARIF SCA report to match the markdown and tags fields.
• Fix for signed integer overflow error.

Documentation

• Updated documentation for Add in the documentation GITLAB_ERROR_MERGE and GITLAB_BLOCK_MERGE.
• Updated documentation for application.xml issue in root directory of project.
• Updated documentation for cxflow variable enabled vulnerability scanner.

Support

• Added support of springboot 3 in Cx-flow.
• Added support for higher versions of JAVA (17,18,19,20) in cx-flow.

Note: We have stopped support of lower version of JAVA below JAVA 17.

1.6.46

🚀 Features

• Added feature to block PR Merge in Bitbucket. @satyamchaurasiapersistent
• Added feature to map custom result state as false positive. @satyamchaurasiapersistent
• Added feature to add email in json report. @itsKedar
• Added feature to test case to cover zip utility feature. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for docker badge in cxflow github repository. @itsKedar

Documentation

• Updated documentation for ODATA query. @satyamchaurasiapersistent
• Updated documentation for application.xml issue in root directory of project. @itsKedar

1.6.45

🚀 Features

• Added feature to JIRA server PAT login. @itsKedar
• Added feature to Config as code support for SCA in cx-flow. @itsKedar
• Added feature to run private scans in CxFlow. @itsKedar
• Added feature to support draft pull request in GitLab. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for System.Tags as an --alt-fields in ADO. @satyamchaurasiapersistent
• Fix for gitlab.cx-summary is not taken into account. @itsKedar
• Fix for Gitlab Project not found issue. @satyamchaurasiapersistent
• Fix for checkmarx cxflow github action couldn't run with other preset. @satyamchaurasiapersistent

Documentation

• Updated documentation for GibHub Action in a Self-hosted Environment. @satyamchaurasiapersistent
• Updated documentation for checkmarx Version parameter. @itsKedar

1.6.44

🐛 Bug Fixes
Fix for Libcurl vulnerability . @itsKedar