1.7.02

Update version.txt

1.7.01

🚀 Features

• Added feature to Opting Out of Bitbucket comment notifications during PR. @satyamchaurasiapersistent
• Added feature to Jira description field overflow. @itsKedar
• Added feature to remove comment to the PR and it appears to the user error is PR while another scan is already in progress. @satyamchaurasiapersistent (Github Issue : #1254)
• Added feature to Critical Severity support for SAST and SCA in cxflow. @satyamchaurasiapersistent
• Added Feature to Support SCA Scan tag feature in CxFlow. @itsKedar
• Added feature to Mask GitHub personal access tokens in logs. @james-bostock-cx

🐛 Bug Fixes

• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for Sarif Format: Maven modules are not treated as different artifacts. @satyamchaurasiapersistent
• Fix for Missing Rules in SARIF file. @satyamchaurasiapersistent
• Fix for mismatch in scanning criteria in Sarif Report. @satyamchaurasiapersistent (Github Url : #1250)
• Fix for Error while setting Project Level custom fields via cxflow GitHub Action. @itsKedar
• Fix for concurrent incremental scan issue. @satyamchaurasiapersistent
• Fix for File filtering with local clone. @itsKedar (Github Url : #1288)
• Fix for CxFlow Sarif output fails many validation tests. @satyamchaurasiapersistent (Github URL : #1329)

Documentation

• Updated documentation for FAQ docs for ADO work items issue. @itsKedar

1.7.0

🚀 Features

• Added feature to workflow change for submitting scans to avoid source location overwrite. (GH Issue URL : #1151)
• Added feature to flow of information from JIRA to SAST.
• Added feature to Set delete running scans as false.
• Added feature to include folder/files that need to be scanned in Cxflow. (GH Issue URL : #1300)
• Added new Logo of Checkmarx.
• Added DynamoDB support for sharding in Cxflow.

🐛 Bug Fixes

• Security vulnerability Fix for Cxflow. @itsKedar
• Fix for SCA Project link incorrect while using ScaResolver due to concurrency issue.
• Fix for Gitlab Bugtracker - add option to insert always new comment in mergeRequest instead of updating existing one. (GH Issue URL : #1120)
• Fix for Branching is broken when using a project name Groovy script. (GH Issue URL : #1312)
• Fix for Set security-severity in the SARIF SCA report to match the markdown and tags fields.
• Fix for signed integer overflow error.

Documentation

• Updated documentation for Add in the documentation GITLAB_ERROR_MERGE and GITLAB_BLOCK_MERGE.
• Updated documentation for application.xml issue in root directory of project.
• Updated documentation for cxflow variable enabled vulnerability scanner.

Support

• Added support of springboot 3 in Cx-flow.
• Added support for higher versions of JAVA (17,18,19,20) in cx-flow.

Note: We have stopped support of lower version of JAVA below JAVA 17.

1.6.46

🚀 Features

• Added feature to block PR Merge in Bitbucket. @satyamchaurasiapersistent
• Added feature to map custom result state as false positive. @satyamchaurasiapersistent
• Added feature to add email in json report. @itsKedar
• Added feature to test case to cover zip utility feature. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for docker badge in cxflow github repository. @itsKedar

Documentation

• Updated documentation for ODATA query. @satyamchaurasiapersistent
• Updated documentation for application.xml issue in root directory of project. @itsKedar

1.6.45

🚀 Features

• Added feature to JIRA server PAT login. @itsKedar
• Added feature to Config as code support for SCA in cx-flow. @itsKedar
• Added feature to run private scans in CxFlow. @itsKedar
• Added feature to support draft pull request in GitLab. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for System.Tags as an --alt-fields in ADO. @satyamchaurasiapersistent
• Fix for gitlab.cx-summary is not taken into account. @itsKedar
• Fix for Gitlab Project not found issue. @satyamchaurasiapersistent
• Fix for checkmarx cxflow github action couldn't run with other preset. @satyamchaurasiapersistent

Documentation

• Updated documentation for GibHub Action in a Self-hosted Environment. @satyamchaurasiapersistent
• Updated documentation for checkmarx Version parameter. @itsKedar

1.6.44

🐛 Bug Fixes
Fix for Libcurl vulnerability . @itsKedar

1.6.43

🐛 Bug Fixes

• Fix for Null Pointer Exception in Release 1.6.42. @satyamchaurasiapersistent

1.6.42

🚀 Features

• Added feature to PDF as Bug-tracker. @satyamchaurasiapersistent
• Added feature to provide high-level logging for debugging. @satyamchaurasiapersistent
• Added feature to support for latest GitLab Schema. @satyamchaurasiapersistent
• Added feature to filter-out DEV and TEST dependency from SCA Results. @satyamchaurasiapersistent
• Added feature to Create SBOM reports. @itsKedar
• Added feature to categorise SCA packages by DEV or Production in JIRA. @itsKedar
• Added feature to create separate Project names for SAST & SCA. @itsKedar

🐛 Bug Fixes

• Fix for empty SCA recommended version column in PR request table. @itsKedar
• Fix for SAST Preset override. @satyamchaurasiapersistent
• Fix for authentication in Bitbucket if special characters present in username or password. @itsKedar
• Fix for branch issue if branch name started by refs/pull... . @satyamchaurasiapersistent
• Fix for Null pointer exception if SCA package is empty. @itsKedar
• Fix for Cxflow Security Vulnerability. @itsKedar
• Fix for overwrite issue of project custom fields in SAST. @satyamchaurasiapersistent
• Fix for SCA GQL link. @itsKedar
• Changed logic of calculating SCA Direct dependency previously it was computing vulnerability twice. @satyamchaurasiapersistent

Documentation

• Updated documentation for file exclusion in Github-Action. @satyamchaurasiapersistent
• Updated documentation for breaking build in AWS Code build. @satyamchaurasiapersistent
• Updated documentation for environment variables declaration for map fields in Github-Action. @itsKedar
• Updated documentation for generating JSON logs. @satyamchaurasiapersistent
• Updated documentation for JIRA ticket creation.@itsKedar
• Updated documentation for filter-status in cx-flow. @itsKedar

Note:

• We have changed logic of filtering out in-direct dependency. So instead of string now variable is Boolean. Please refer this link for more details : https://github.com/checkmarx-ltd/cx-flow/wiki/Thresholds-and-policies#sca--direct-dependency-

1.6.41

🚀 Features

• Added feature to add labels to Gitlab's issues per severity. @satyamchaurasiapersistent
• Added feature to support Higher versions of JAVA like JAVA 17 and JAVA 18. @satyamchaurasiapersistent
• Added feature to change status of comments in ADO. @satyamchaurasiapersistent
• Added feature to Pull request status change in webhook and CLI mode if exception occurs. @satyamchaurasiapersistent
• Added feature to uses different exit status for exceeding result thresholds. @satyamchaurasiapersistent
• Added feature to Support Jira Issue Summary for SCA Tickets. @itsKedar
• Added feature to disable "Scan submitted to Checkmarx" comment on Merge Request. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for exception details if --parse option is provided without the --f option. @itsKedar
• Fix for base project of branched project was not giving correct configuration. @itsKedar
• Fix for security Vulnerabilities in cx-flow. @itsKedar
• Fix for log always indicates team was not found and one is being created, even when team is there. @satyamchaurasiapersistent
• Migrated to latest version of docker Alpine. @itsKedar
• Fix for Cxflow waiting for infinite time if issue is from SAST. @satyamchaurasiapersistent
• Fix for deletion of local source code files in ScaResolver. @itsKedar and @warrior8792
• Fix for incorrectly Closing of JIRA Tickets. @itsKedar
• Fix for handling race condition when creating a project. @james-bostock-cx

Documentation

• Updated documentation for how to pass Merge-ID and Scan-ID. @itsKedar
• Updated documentation for --forcescan CLI parameter or config option to force a scan. @itsKedar
• Updated documentation for using Logstash with Cx-Flow. @itsKedar

1.6.40

🚀 Features

• Added feature to trace Secondary Locations path in Json report. @satyamchaurasiapersistent
• Added feature to stop checking from breaking Build if flag is true. @satyamchaurasiapersistent
• Added feature to remember SAST pre and post action id of project. @satyamchaurasiapersistent
• Added feature to extract SAST Scan ID as output variable which can be used in Jobs. @satyamchaurasiapersistent
• Added feature to create new team in SAST. @atheismann

🐛 Bug Fixes

• Fix for JIRA on premise user assignment issue. @itsKedar
• Fix for vulnerable project name created in SAST. @satyamchaurasiapersistent
• Fix for security Vulnerabilities in cx-flow. @itsKedar
• Fix for GitHub PR decoration not escaping spaces. @itsKedar
• Fix for Null pointer Exception in lower version of JIRA On-premise. @itsKedar
• Fix for new version of SCA resolver uses Configuration.ini instead of Configuration.yml @itsKedar
• Fix for Links on Cx-SCA results show list of vulnerable packages instead of the specific vulnerable package. @itsKedar
• Fix for Scan-Resubmit override attribute. @itsKedar
• Fix for Cx-flow Should configure SAST as default value if user has not provided any value in enabled vulnerability scanner. @satyamchaurasiapersistent
• Fix for Checkmarx folder exclusion functionality. @satyamchaurasiapersistent
• Fix for ScaResolver custom parameters. @itsKedar

Documentation

• Updated documentation for blocking of GitLab pull request. @satyamchaurasiapersistent
• Updated documentation for Configure filter severity option using webhook parameter. @itsKedar
• Updated documentation with detailed instructions of using Jira credentials in cloud and on-premise. @itsKedar
• Updated documentation for using thresholds as environment variables. @itsKedar
• Updated documentation for steps to configure comment-script. @itsKedar
• Updated documentation for Running-CxFlow as a Windows-Service. @itsKedar
• Updated documentation to exclude folders from being resolved by ScaResolver. @itsKedar
• Updated documentation for Date format Exception in different versions of JAVA. @satyamchaurasiapersistent
• Updated documentation for passing MAP and List in CLI mode for Cx-flow. @itsKedar