Releases: jenkinsci/checkmarx-plugin
Release_2024.2.3
• Fixed the issue, CxSCA team with value as 'All users' getting overridden for existing projects.
• Fixed the issue, ‘scaReportFormat:PDF’ parameter is present in SCA pipeline script by default even when ‘Generate CxSCA report’ checkbox is disabled.
• Fixed the issue, if first scan in pipeline/new project is asynchronous, it should not show 'failed scan' report if reports are not generated, or report of previous successful scan is not available.
• Fixed the issue of pipeline, build failing and showing failed report in case of asynchronous scan, when the previous synchronous scan fails or ‘enable vulnerability threshold exceed’ checkbox is checked but parent checkbox (Enable synchronous mode) is not checked.
• Added form validation for 'Enable vulnerability threshold' checkbox when CxSAST scan is not enabled.
• Fixed the issue, scan failing and showing error in logs, if both CxSAST and dependency scan are disabled.
• Removed dependency on the Swagger Call.
• Fixed the issue, unable to assign Scan Retention Rate to existing CxSAST project.
• Upgraded below libraries:
org.yaml:snakeyaml to 2.2
cx-client-common to 2024.2.3
commons-beanutils:commons-beanutils to 1.9.4
io.netty:netty-codec-http to 4.1.101.Final
org.apache.commons:commons-compress to 1.26.0
Release_2023.4.3
• Enhanced to use expected versions of SAST APIs
• Added support to Enable Policy Enforcement for SAST and SCA separately. (These two needs to be configured separately)
• Enhanced the plugin to display correct error message on Checkmarx reports screen if SCA scan policies are violated
• Added support for SAST Project Level Custom Fields
• Added support for SCA Project Custom Tags
• Added support for SCA Scan Custom Tags
• Allowed special characters in scan level and project level custom fields for SAST and SCA.
• Allowed special characters in Jenkins job name
• Added support to propagate vulnerability threshold exceed errors
• SCA Agent is no more supported
• Enhanced the plugin to support SCA URL in NoProxyHost
• Added support for Jenkins Server v2.375.4 and v2.414.3
• Fixed deserialization issue for API requests/responses
• Upgraded below libraries:
com.checkmarx:cx-client-common:2023.4.4
org.apache.commons:commons-compress:1.25.0
org.json:json:20231013
org.eclipse.jgit:org.eclipse.jgit:6.8.0.202311291450-r
com.google.guava:guava:32.1.1-jre
Release_2023.2.6
• Added functionality to generate Sca Report in various format i.e. PDF, XML, CSV, JSON, cyclonedxjson, cyclonedxxml files.
• Added functionality to generate reports in workspace directory of agent.
• Added functionality to generate SCA/OSA reports in workspace directory.
• ScaResolver integration is enhanced to make reuse of SAST specific parameters like project name, source code location, sast server url, credentials and result path. Sca resolver additional parameters is reserved for additional arguments as per sca resolver arguments syntax.
• Enhanced the functionality to provide option to select job status in case of CxSAST vulnerability threshold is crossed.
• Global setting SSL/TLS validation checkbox is enabled by default to enforce TLS/SSL server certificate validation by default.
• Set Scan retention rate for CxSAST Scan. Added support for CxSAST Scan Retention Settings while creating a project.
• Upgraded below libraries:
org.json:json:20230227
Release_2022.4.3
• Corrected config-as-code feature. Prior version failed to parse cx.config file.
• ‘overrideProjectSetting’ plugin parameter indicates whether preset, engineConfigurationId value will be saved on the SAST project.
• HTTP link to OSA scan results that appear in the plugin logs are corrected
• Enhanced default include/exclude pattern to exclude SCAResolver’s result files.
• Introduced ‘ABORTED’ as new value for parameters jobStatusOnError, vulnerabilityThresholdResult that will stop the pipeline immediately
• Fixed issue that the build was not marked failed for SCA Policy violations.
• Upgraded libraries.
Release_2022.3.3
Fixed NPE that occurs when customFields parameter is not defined in scripted pipelines. Does not impact Freestyle jobs.
Release_2022.3.2
- Suppress benign errors by default (for ex. duplicate scan or timeout error). This can be disabled by defined JVM property 'suppressBenignErrors=false'
- Special character validation for custom field
- Introduced presetId 0 that makes SAST use presetid of previous scan of that project. If it is a new project, preset gets defaulted at SAST to 'Checkmarx Default'
- Pipeline script can be configured with scaTeamId instead of scaTeamPath. scaTeamId takes precedence.
- CxOrigin value now contains Jenkin's Plugin Version
Release_2022.2.3
- Fixed issue related to Jenkins security warning.
- Fixed issue related to SCA Proxy selection.
Release_2022.2.1
• Fixed the issue where SCA scan with proxy does not work when SAST scan is not performed
• Fixed the issue where ScaResolver was not working Master/Slave config Windows/Linux
• Fixed The Scenario when Postscanaction id passed as 0 which was failing with NullPointerExeption
• Fixed for PostScanActions not enclosing arguments with quotes ("")
• Fixed for ‘Avoid duplicate project scans in queue' not work as expected
• Fixed Springshell vulnerability
Release_2022.1.3
- Fixed the CSRF and Permission check security issues documented in https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-1017
- The Post Scan Action parameter is now optional.
Release_2022.1.2
- Added SCA Resolver support
- Fixed issue in pipeline job so that groupId or teamPath , any of these can be provided.
- The below third party libraries have been upgraded
o Library “org.apache.logging.log4j:log4j-core” to 2.17.1.
o Library “org.apache.logging.log4j:log4j-api” to 2.17.1
o Library “org.apache.logging.log4j:log4j-slf4j-impl” to 2.17.1.