Releases: checkmarx-ltd/cx-flow
Releases · checkmarx-ltd/cx-flow
1.7.11
Update version.txt
1.7.10
🐛 Bug Fixes
- Fixed SCA exploitable path issue with resolver when SAST project name contains spaces. @cx-ked-bhu
- Fixed ambiguity in the exclude-files parameter usage between SAST and SCA scans. @cx-ked-bhu
- Fixed an issue with Jasypt encryption failing under certain configurations. @cx-ked-bhu
- Fixed security vulnerabilities. @cx-ked-bhu
📝 Documentation
- Updated documentation for Jasypt Configuration. @cx-ked-bhu
Contributors
cx-ked-bhu
Assets 3
1.7.09
🚀 Features
- Added support for PR decoration comments in Azure DevOps. @cx-anjali-deore
- Introduced a new custom field (cvss-score) integration in JIRA. @cx-ked-bhu
🐛 Bug Fixes
- Fixed SAST SARIF severity mapping issue. @cx-ked-bhu
- Fixed failure in Parse mode where critical vulnerabilities are detected for SCA. @cx-ked-bhu
- Fixed PR decoration issue when using the RestrictResultsToBranch parameter. @cx-ked-bhu
- Added null check for SCA PackageId in GitLab Dashboard. @cx-ked-bhu
- Fixed SCA scan failure caused by missing support for NONE severity level. @cx-anjali-deore
- Fixed error when attempting to delete a non-existent CxSCA project. @cx-ked-bhu
- Added required header support for the scanWithSettings API. @cx-ked-bhu
- Fixed security vulnerabilities. @cx-ked-bhu
📝 Documentation
- Updated documentation for prerequisites and requirements. @cx-ked-bhu
Contributors
cx-anjali-deore and cx-ked-bhu
Assets 3
1.7.08
🚀 Features
- Added a feature to disable comments in cxflow using config file. [@satyamchaurasiapersistent]
🐛 Bug Fixes
- Fixed an issue of No merge request summary if scan-submitted-comment is set to false. @satyamchaurasiapersistent
Contributors
satyamchaurasiapersistent
Assets 3
1.7.07
🚀 Features
- Added a feature to support for base 64 encryption of JASYPT password. [@satyamchaurasiapersistent]
- Added a feature to make Cx-flow Interactive during PR creation for GitHub. [@satyamchaurasiapersistent]
- Added a feature to token based login for Cxflow. [@satyamchaurasiapersistent]
- Added a feature to Delete CxSCA projects when handling a branch deletion event. [@itsKedar]
- Added a feature to Enhance PR decoration when restricting results to branch. [@itsKedar]
- Added a feature to add modules information in SARIF report . [@satyamchaurasiapersistent]
- Added a feature to Enable Project Deletion/Cleanup using CLI mode . [@itsKedar]
🐛 Bug Fixes
- Fixed an issue of incorrect project naming if default branch not provided. @satyamchaurasiapersistent
- Fixed a security vulnerability in CxFlow. @itsKedar
- Fixed an issue where Thresholds violation and issue tracking not working on GitLab pipeline, empty finding counts. @itsKedar
- Fixed an issue where No merge request summary if scan-submitted-comment is set to false. @satyamchaurasiapersistent
- Fixed an issue where Groovy script fails to replace / within the branch name during merge, causing project branching logic issues. @satyamchaurasiapersistent
Documentation
- Updated documentation for configuration in GitHub Actions. @satyamchaurasiapersistent
- Updated documentation for BITBUCKETPULL. [@itsKedar]
Contributors
itsKedar and satyamchaurasiapersistent
Assets 3
1.7.06
🚀 Features
- Added a feature to the SARIF report where different modules are no longer treated as different artifacts. @satyamchaurasiapersistent
- Added a feature to the SARIF format to address mismatch information between two fields. @satyamchaurasiapersistent
🐛 Bug Fixes
- Fixed an issue where the file
cx.sarifcould not be uploaded as it was not valid SARIF. @satyamchaurasiapersistent - Fixed a security vulnerability in CxFlow. @itsKedar
- Fixed an issue where a comment on a PR led to an error, stating that another scan was already in progress. @satyamchaurasiapersistent
- Fixed an issue where CxFlow was unable to create work items for ADO on-prem servers. @itsKedar
- Fixed an issue where the CxFlow SCA scan terminated with a "Null pointer" exception. @itsKedar
- Fixed an issue where CxFlow attempted to access a branch after a branch deletion event. @itsKedar
- Fixed an issue where CxFlow could not set multiple project custom field values with spaces in GitHub Actions. @itsKedar
Documentation
- Updated documentation regarding GitLab MR scan comments not reflecting the user who created the MR. @satyamchaurasiapersistent
- Updated documentation regarding scan attempts for branches that don't match the protected branch criteria when a webhook event comes from the repository's default branch. @satyamchaurasiapersistent
- Updated documentation for using Docker image execution, where SCA Resolver integration requires build tools installed or additional documentation. @itsKedar
Contributors
itsKedar and satyamchaurasiapersistent
Assets 3
1.7.05
🐛 Bug Fixes
- Security vulnerability Fix for Cxflow. @itsKedar
- Fix for GitHub payload id causing integer overflow exception. @itsKedar and @satyamchaurasiapersistent
Contributors
itsKedar and satyamchaurasiapersistent
Assets 3
1.7.04
🚀 Features
- Added feature to allow symbolic links in cx-flow. @itsKedar (GitHub URL : #842)
- Added feature to add artifcat details in SAST report. @satyamchaurasiapersistent. (GitHub URL : #1252)
- Added feature to Stack traces logged as ERROR for valid failure scenarios spam the event logs. @itsKedar (GitHub URL : #1194)
- Added feature to support command line PR comments for Bitbucket Cloud and Bitbucket Server. @itsKedar (GitHub URL : #1125)
- Added feature to Map labels on bug trackers like Github Issues or Gitlab Issues in Cx-Flow. @itsKedar (GitHub URL : #1029)
- Added a feature to cancel in-progress scans in SAST if a timeout occurs. @satyamchaurasiapersistent
- Added a feature to Configure exclude vulnerability categories in CxFlow. @itsKedar
- Added a feature to download SCA and SAST report with critical severity in PDF report for CxFlow. @satyamchaurasiapersistent
🐛 Bug Fixes
- Fix for Pull Request scan results should refresh after a second push to the same pull request for Cx-Flow. @itsKedar (GitHub URL : #1172)
- Security vulnerability Fix for Cxflow. @itsKedar
- Fix for Interactive command handling targeting the CxFlow user's name for PR workflow kickstarting. @satyamchaurasiapersistent (GitHub URL : #831)
- Fix for removal of /cxrestapi when using checkmarx url from environment variable. @satyamchaurasiapersistent
- Fix for custom field value with a space. @itsKedar
- Fix for reduction of Cx-Flow messages in Pull request. @itsKedar
- Fix for Scan was taking almost 2 hours till then some token gets expired. @itsKedar.
Documentation
- Updated documentation on how to enable or disable the grouping of issues in the SARIF report. @satyamchaurasiapersistent (GitHub URL : #1330)
- Updated documentation on the project naming convention of CXFlow with more detailed information. @satyamchaurasiapersistent (GitHub URL : #1282)
- Updated documentation on the GITLABDASHBOARD. @satyamchaurasiapersistent (GitHub URL : #1326)
Note
- The current version of CX-Flow is experiencing issues with Azure DevOps On-Premise.
Contributors
itsKedar and satyamchaurasiapersistent
Assets 3
1.7.03
🚀 Features
- Added feature to perform first scan of branched project as incremental if parent project is already created in SAST. @satyamchaurasiapersistent and @itsKedar
Contributors
itsKedar and satyamchaurasiapersistent
Assets 3
1.7.02
🚀 Features
- Added feature to choose custom keystore in Cx-Flow. @satyamchaurasiapersistent
- Added feature to bitbucket git clone support in Bitbucket both cloud and server @itsKedar. (GitHub URL : #732)
- Added feature to project deletion on PR close event. @satyamchaurasiapersistent (GitHub URL : #556)
- Added feature to show vulnerability summary in Bug-tracker as PDF. @satyamchaurasiapersistent
- Added feature to accept self-sign certificate and SSL bypass in Cx-Flow. @satyamchaurasiapersistent
- Added Feature to ADO git clone feature @itsKedar (GitHub URL : #733)
🐛 Bug Fixes
- Fix for Security vulnerability fix for Cx-Flow. @itsKedar
- Security vulnerability Fix for Cxflow. @itsKedar
- Fix for request of adding Similarity ID to new Line. @itsKedar (GitHub URL : #1343)
- Fix for JIRA not closing issues marked Not Exploitable in SAST. @itsKedar
- Fix for prscans not triggered issue. @satyamchaurasiapersistent
- Fix for filter dev, test & indirect dependencies discrepancy in SCA. @satyamchaurasiapersistent
- Fix for token leaks in logs. @itsKedar. (GitHub URL : #1341)
- Fix for information label issue for different bugtrackers in Cx-flow. @itsKedar. (GitHub URL : #1340)
- Fix for codeBashing Training Links issue in Cx-flow. @itsKedar (GitHub URL : #1342)
Documentation
- Updated documentation for removal of JAVA support notice. @itsKedar
- Updated support for branches in GitLab CI template. @FlorentinLedy
Contributors
FlorentinLedy, itsKedar, and satyamchaurasiapersistent