Releases: checkmarx-ltd/cx-flow
Releases · checkmarx-ltd/cx-flow
1.7.02
Update version.txt
1.7.01
🚀 Features
- Added feature to Opting Out of Bitbucket comment notifications during PR. @satyamchaurasiapersistent
- Added feature to Jira description field overflow. @itsKedar
- Added feature to remove comment to the PR and it appears to the user error is PR while another scan is already in progress. @satyamchaurasiapersistent (Github Issue : #1254)
- Added feature to Critical Severity support for SAST and SCA in cxflow. @satyamchaurasiapersistent
- Added Feature to Support SCA Scan tag feature in CxFlow. @itsKedar
- Added feature to Mask GitHub personal access tokens in logs. @james-bostock-cx
🐛 Bug Fixes
- Security vulnerability Fix for Cxflow. @itsKedar
- Fix for Sarif Format: Maven modules are not treated as different artifacts. @satyamchaurasiapersistent
- Fix for Missing Rules in SARIF file. @satyamchaurasiapersistent
- Fix for mismatch in scanning criteria in Sarif Report. @satyamchaurasiapersistent (Github Url : #1250)
- Fix for Error while setting Project Level custom fields via cxflow GitHub Action. @itsKedar
- Fix for concurrent incremental scan issue. @satyamchaurasiapersistent
- Fix for File filtering with local clone. @itsKedar (Github Url : #1288)
- Fix for CxFlow Sarif output fails many validation tests. @satyamchaurasiapersistent (Github URL : #1329)
Documentation
- Updated documentation for FAQ docs for ADO work items issue. @itsKedar
1.7.0
🚀 Features
- Added feature to workflow change for submitting scans to avoid source location overwrite. (GH Issue URL : #1151)
- Added feature to flow of information from JIRA to SAST.
- Added feature to Set delete running scans as false.
- Added feature to include folder/files that need to be scanned in Cxflow. (GH Issue URL : #1300)
- Added new Logo of Checkmarx.
- Added DynamoDB support for sharding in Cxflow.
🐛 Bug Fixes
- Security vulnerability Fix for Cxflow. @itsKedar
- Fix for SCA Project link incorrect while using ScaResolver due to concurrency issue.
- Fix for Gitlab Bugtracker - add option to insert always new comment in mergeRequest instead of updating existing one. (GH Issue URL : #1120)
- Fix for Branching is broken when using a project name Groovy script. (GH Issue URL : #1312)
- Fix for Set security-severity in the SARIF SCA report to match the markdown and tags fields.
- Fix for signed integer overflow error.
Documentation
- Updated documentation for Add in the documentation GITLAB_ERROR_MERGE and GITLAB_BLOCK_MERGE.
- Updated documentation for application.xml issue in root directory of project.
- Updated documentation for cxflow variable enabled vulnerability scanner.
Support
- Added support of springboot 3 in Cx-flow.
- Added support for higher versions of JAVA (17,18,19,20) in cx-flow.
Note: We have stopped support of lower version of JAVA below JAVA 17.
1.6.46
🚀 Features
- Added feature to block PR Merge in Bitbucket. @satyamchaurasiapersistent
- Added feature to map custom result state as false positive. @satyamchaurasiapersistent
- Added feature to add email in json report. @itsKedar
- Added feature to test case to cover zip utility feature. @satyamchaurasiapersistent
🐛 Bug Fixes
- Fix for docker badge in cxflow github repository. @itsKedar
Documentation
- Updated documentation for ODATA query. @satyamchaurasiapersistent
- Updated documentation for application.xml issue in root directory of project. @itsKedar
1.6.45
🚀 Features
- Added feature to JIRA server PAT login. @itsKedar
- Added feature to Config as code support for SCA in cx-flow. @itsKedar
- Added feature to run private scans in CxFlow. @itsKedar
- Added feature to support draft pull request in GitLab. @satyamchaurasiapersistent
🐛 Bug Fixes
- Fix for System.Tags as an --alt-fields in ADO. @satyamchaurasiapersistent
- Fix for gitlab.cx-summary is not taken into account. @itsKedar
- Fix for Gitlab Project not found issue. @satyamchaurasiapersistent
- Fix for checkmarx cxflow github action couldn't run with other preset. @satyamchaurasiapersistent
Documentation
- Updated documentation for GibHub Action in a Self-hosted Environment. @satyamchaurasiapersistent
- Updated documentation for checkmarx Version parameter. @itsKedar
1.6.44
1.6.43
🐛 Bug Fixes
- Fix for Null Pointer Exception in Release 1.6.42. @satyamchaurasiapersistent
1.6.42
🚀 Features
- Added feature to PDF as Bug-tracker. @satyamchaurasiapersistent
- Added feature to provide high-level logging for debugging. @satyamchaurasiapersistent
- Added feature to support for latest GitLab Schema. @satyamchaurasiapersistent
- Added feature to filter-out DEV and TEST dependency from SCA Results. @satyamchaurasiapersistent
- Added feature to Create SBOM reports. @itsKedar
- Added feature to categorise SCA packages by DEV or Production in JIRA. @itsKedar
- Added feature to create separate Project names for SAST & SCA. @itsKedar
🐛 Bug Fixes
- Fix for empty SCA recommended version column in PR request table. @itsKedar
- Fix for SAST Preset override. @satyamchaurasiapersistent
- Fix for authentication in Bitbucket if special characters present in username or password. @itsKedar
- Fix for branch issue if branch name started by refs/pull... . @satyamchaurasiapersistent
- Fix for Null pointer exception if SCA package is empty. @itsKedar
- Fix for Cxflow Security Vulnerability. @itsKedar
- Fix for overwrite issue of project custom fields in SAST. @satyamchaurasiapersistent
- Fix for SCA GQL link. @itsKedar
- Changed logic of calculating SCA Direct dependency previously it was computing vulnerability twice. @satyamchaurasiapersistent
Documentation
- Updated documentation for file exclusion in Github-Action. @satyamchaurasiapersistent
- Updated documentation for breaking build in AWS Code build. @satyamchaurasiapersistent
- Updated documentation for environment variables declaration for map fields in Github-Action. @itsKedar
- Updated documentation for generating JSON logs. @satyamchaurasiapersistent
- Updated documentation for JIRA ticket creation.@itsKedar
- Updated documentation for filter-status in cx-flow. @itsKedar
Note:
- We have changed logic of filtering out in-direct dependency. So instead of string now variable is Boolean. Please refer this link for more details : https://github.com/checkmarx-ltd/cx-flow/wiki/Thresholds-and-policies#sca--direct-dependency-
1.6.41
🚀 Features
- Added feature to add labels to Gitlab's issues per severity. @satyamchaurasiapersistent
- Added feature to support Higher versions of JAVA like JAVA 17 and JAVA 18. @satyamchaurasiapersistent
- Added feature to change status of comments in ADO. @satyamchaurasiapersistent
- Added feature to Pull request status change in webhook and CLI mode if exception occurs. @satyamchaurasiapersistent
- Added feature to uses different exit status for exceeding result thresholds. @satyamchaurasiapersistent
- Added feature to Support Jira Issue Summary for SCA Tickets. @itsKedar
- Added feature to disable "Scan submitted to Checkmarx" comment on Merge Request. @satyamchaurasiapersistent
🐛 Bug Fixes
- Fix for exception details if --parse option is provided without the --f option. @itsKedar
- Fix for base project of branched project was not giving correct configuration. @itsKedar
- Fix for security Vulnerabilities in cx-flow. @itsKedar
- Fix for log always indicates team was not found and one is being created, even when team is there. @satyamchaurasiapersistent
- Migrated to latest version of docker Alpine. @itsKedar
- Fix for Cxflow waiting for infinite time if issue is from SAST. @satyamchaurasiapersistent
- Fix for deletion of local source code files in ScaResolver. @itsKedar and @warrior8792
- Fix for incorrectly Closing of JIRA Tickets. @itsKedar
- Fix for handling race condition when creating a project. @james-bostock-cx
Documentation
1.6.40
🚀 Features
- Added feature to trace Secondary Locations path in Json report. @satyamchaurasiapersistent
- Added feature to stop checking from breaking Build if flag is true. @satyamchaurasiapersistent
- Added feature to remember SAST pre and post action id of project. @satyamchaurasiapersistent
- Added feature to extract SAST Scan ID as output variable which can be used in Jobs. @satyamchaurasiapersistent
- Added feature to create new team in SAST. @atheismann
🐛 Bug Fixes
- Fix for JIRA on premise user assignment issue. @itsKedar
- Fix for vulnerable project name created in SAST. @satyamchaurasiapersistent
- Fix for security Vulnerabilities in cx-flow. @itsKedar
- Fix for GitHub PR decoration not escaping spaces. @itsKedar
- Fix for Null pointer Exception in lower version of JIRA On-premise. @itsKedar
- Fix for new version of SCA resolver uses Configuration.ini instead of Configuration.yml @itsKedar
- Fix for Links on Cx-SCA results show list of vulnerable packages instead of the specific vulnerable package. @itsKedar
- Fix for Scan-Resubmit override attribute. @itsKedar
- Fix for Cx-flow Should configure SAST as default value if user has not provided any value in enabled vulnerability scanner. @satyamchaurasiapersistent
- Fix for Checkmarx folder exclusion functionality. @satyamchaurasiapersistent
- Fix for ScaResolver custom parameters. @itsKedar
Documentation
- Updated documentation for blocking of GitLab pull request. @satyamchaurasiapersistent
- Updated documentation for Configure filter severity option using webhook parameter. @itsKedar
- Updated documentation with detailed instructions of using Jira credentials in cloud and on-premise. @itsKedar
- Updated documentation for using thresholds as environment variables. @itsKedar
- Updated documentation for steps to configure comment-script. @itsKedar
- Updated documentation for Running-CxFlow as a Windows-Service. @itsKedar
- Updated documentation to exclude folders from being resolved by ScaResolver. @itsKedar
- Updated documentation for Date format Exception in different versions of JAVA. @satyamchaurasiapersistent
- Updated documentation for passing MAP and List in CLI mode for Cx-flow. @itsKedar