1.6.43

🐛 Bug Fixes

• Fix for Null Pointer Exception in Release 1.6.42. @satyamchaurasiapersistent

1.6.42

🚀 Features

• Added feature to PDF as Bug-tracker. @satyamchaurasiapersistent
• Added feature to provide high-level logging for debugging. @satyamchaurasiapersistent
• Added feature to support for latest GitLab Schema. @satyamchaurasiapersistent
• Added feature to filter-out DEV and TEST dependency from SCA Results. @satyamchaurasiapersistent
• Added feature to Create SBOM reports. @itsKedar
• Added feature to categorise SCA packages by DEV or Production in JIRA. @itsKedar
• Added feature to create separate Project names for SAST & SCA. @itsKedar

🐛 Bug Fixes

• Fix for empty SCA recommended version column in PR request table. @itsKedar
• Fix for SAST Preset override. @satyamchaurasiapersistent
• Fix for authentication in Bitbucket if special characters present in username or password. @itsKedar
• Fix for branch issue if branch name started by refs/pull... . @satyamchaurasiapersistent
• Fix for Null pointer exception if SCA package is empty. @itsKedar
• Fix for Cxflow Security Vulnerability. @itsKedar
• Fix for overwrite issue of project custom fields in SAST. @satyamchaurasiapersistent
• Fix for SCA GQL link. @itsKedar
• Changed logic of calculating SCA Direct dependency previously it was computing vulnerability twice. @satyamchaurasiapersistent

Documentation

• Updated documentation for file exclusion in Github-Action. @satyamchaurasiapersistent
• Updated documentation for breaking build in AWS Code build. @satyamchaurasiapersistent
• Updated documentation for environment variables declaration for map fields in Github-Action. @itsKedar
• Updated documentation for generating JSON logs. @satyamchaurasiapersistent
• Updated documentation for JIRA ticket creation.@itsKedar
• Updated documentation for filter-status in cx-flow. @itsKedar

Note:

• We have changed logic of filtering out in-direct dependency. So instead of string now variable is Boolean. Please refer this link for more details : https://github.com/checkmarx-ltd/cx-flow/wiki/Thresholds-and-policies#sca--direct-dependency-

1.6.41

🚀 Features

• Added feature to add labels to Gitlab's issues per severity. @satyamchaurasiapersistent
• Added feature to support Higher versions of JAVA like JAVA 17 and JAVA 18. @satyamchaurasiapersistent
• Added feature to change status of comments in ADO. @satyamchaurasiapersistent
• Added feature to Pull request status change in webhook and CLI mode if exception occurs. @satyamchaurasiapersistent
• Added feature to uses different exit status for exceeding result thresholds. @satyamchaurasiapersistent
• Added feature to Support Jira Issue Summary for SCA Tickets. @itsKedar
• Added feature to disable "Scan submitted to Checkmarx" comment on Merge Request. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for exception details if --parse option is provided without the --f option. @itsKedar
• Fix for base project of branched project was not giving correct configuration. @itsKedar
• Fix for security Vulnerabilities in cx-flow. @itsKedar
• Fix for log always indicates team was not found and one is being created, even when team is there. @satyamchaurasiapersistent
• Migrated to latest version of docker Alpine. @itsKedar
• Fix for Cxflow waiting for infinite time if issue is from SAST. @satyamchaurasiapersistent
• Fix for deletion of local source code files in ScaResolver. @itsKedar and @warrior8792
• Fix for incorrectly Closing of JIRA Tickets. @itsKedar
• Fix for handling race condition when creating a project. @james-bostock-cx

Documentation

• Updated documentation for how to pass Merge-ID and Scan-ID. @itsKedar
• Updated documentation for --forcescan CLI parameter or config option to force a scan. @itsKedar
• Updated documentation for using Logstash with Cx-Flow. @itsKedar

1.6.40

🚀 Features

• Added feature to trace Secondary Locations path in Json report. @satyamchaurasiapersistent
• Added feature to stop checking from breaking Build if flag is true. @satyamchaurasiapersistent
• Added feature to remember SAST pre and post action id of project. @satyamchaurasiapersistent
• Added feature to extract SAST Scan ID as output variable which can be used in Jobs. @satyamchaurasiapersistent
• Added feature to create new team in SAST. @atheismann

🐛 Bug Fixes

• Fix for JIRA on premise user assignment issue. @itsKedar
• Fix for vulnerable project name created in SAST. @satyamchaurasiapersistent
• Fix for security Vulnerabilities in cx-flow. @itsKedar
• Fix for GitHub PR decoration not escaping spaces. @itsKedar
• Fix for Null pointer Exception in lower version of JIRA On-premise. @itsKedar
• Fix for new version of SCA resolver uses Configuration.ini instead of Configuration.yml @itsKedar
• Fix for Links on Cx-SCA results show list of vulnerable packages instead of the specific vulnerable package. @itsKedar
• Fix for Scan-Resubmit override attribute. @itsKedar
• Fix for Cx-flow Should configure SAST as default value if user has not provided any value in enabled vulnerability scanner. @satyamchaurasiapersistent
• Fix for Checkmarx folder exclusion functionality. @satyamchaurasiapersistent
• Fix for ScaResolver custom parameters. @itsKedar

Documentation

• Updated documentation for blocking of GitLab pull request. @satyamchaurasiapersistent
• Updated documentation for Configure filter severity option using webhook parameter. @itsKedar
• Updated documentation with detailed instructions of using Jira credentials in cloud and on-premise. @itsKedar
• Updated documentation for using thresholds as environment variables. @itsKedar
• Updated documentation for steps to configure comment-script. @itsKedar
• Updated documentation for Running-CxFlow as a Windows-Service. @itsKedar
• Updated documentation to exclude folders from being resolved by ScaResolver. @itsKedar
• Updated documentation for Date format Exception in different versions of JAVA. @satyamchaurasiapersistent
• Updated documentation for passing MAP and List in CLI mode for Cx-flow. @itsKedar

1.6.39

🚀 Features

• Result table generated after pull request now collapsible. @awesomeBreeze
• Origin name reflects on SCA dashboard if scan performed through SCAResolver. @itsKedar
• Dev dependencies filter functionality added for SCA. @satyamchaurasiapersistent
• Documents restrict-results-to-branch property. @james-bostock-cx
• Functionality for deletion of files and logs generated by SCAResolver. @itsKedar
• Migration to latest GITLAB dashboard Schema v15.0.4 @satyamchaurasiapersistent
• ScaResolver add parameters functionality. @itsKedar
• Post back action ID configuration through configuration as code. @satyamchaurasiapersistent
• Functionality for adding scan comment through command line parameter. @satyamchaurasiapersistent

🐛 Bug Fixes

• Fix for Security Vulnerability in cx-flow. @itsKedar
• Fix for break build feature of SAST and SCA Threshold. @satyamchaurasiapersistent
• Fix for SCA not exploitable vulnerability in break build. @satyamchaurasiapersistent
• Fix For break build feature if GitHub pull request initiated for SCA. @satyamchaurasiapersistent
• Fix for SAST and SCA scanning Order issue in SCAresolver. @itsKedar
• Fix for default value updating on JIRA dashboard. @itsKedar
• Fix for Jira automatically closing issue when filter status configured. @itsKedar
• Fix for Jira Cloud API ENUM COPY issue. @itsKedar
• Fix for similarity id mapping to Jira dashboard. @itsKedar

Documentation

• Break build feature information updated in document. @satyamchaurasiapersistent
• Document properties for the waiting for branching to complete. @james-bostock-cx
• SCA Resolver Documentation (https://github.com/checkmarx-ltd/cx-flow/wiki/CxSCA-Integration#sca-resolver-additional-parameters-configuration) @satyamchaurasiapersistent

Notes

• Declaration of Enabled vulnerability scanners is mandatory for this release.

1.6.38

🐛 Bug Fixes

• Fix for JIRA Schema issue. @itsKedar

1.6.37

🚀 Features

• Security vulnerabilities fixed. @itsKedar
• Ability to run async scan that returns scan-id and then run the cxflow command later in pipeline and fetch/wait for results based on scanId. @itsKedar
• Jira 9.x+ support added to Cx-Flow. @itsKedar

🐛 Bug Fixes

• Fixed issues of branching is broken when using a project name Groovy script. @satyamchaurasiapersistent
• Fixed for issue adding repositories in the checkmarx but after some time these repositories gets deleted. @itsKedar.
• Fix for issue BitBucket creates parent branch project with malformed name. @satyamchaurasiapersistent
• Fix for issue GitLab merge requests create an endless loop of scans. @nidhi0512

Documentation

• Clarify documentation of regular expressions and protected branches @james-bostock-cx
• Break build, Async CLI Parameter, JIRA 9.x + Support documentation. @itsKedar

1.6.36

🚀 Features

• SCA Resolver Integration with Cx-Flow. @itsKedar
• Logging of issues along with detailed reason of a scan. @nidhi0512
• Disregarding Lows and Infos for the e-mail summary. @cx-leonelsanches
• Set the teamName obtained by the groovy script. @anderson-fachini
• Map latest scan custom fields to JIRA fields. @nidhi0512

🐛 Bug Fixes

• Snake-yaml vulnerability fix. @itsKedar
• GHR and GITHUB release fix. @satyamchaurasiapersistent
• SCA Vulnerability fix for application cx-flow. @itsKedar
• Fix for ignoring filter-severity in postback mode. @nidhi0512
• Big Fix for Git dashboard. @satyamchaurasiapersistent
• Code fix for SAST Migration from 8.9 to 9.4 @satyamchaurasiapersistent
• Fixed inconsistent project name for sca. @itsKedar
• Fixed for CxFlow adds the GitLab CI token to the repository URL in Jira issues created. @nidhi0512
• PR CLI branch filtering fix. @james-bostock-cx
• Fixed secondary rate limit. @itsKedar
• Fixed Jira team issue for sca. @itsKedar
• Fixed GitHub Summary length issue. @itsKedar
• Fixed SCA Resolver absolute path issue. @itsKedar

Documentation

• Added scope documentation for SCA Resolver. @itsKedar
• Gitlab integration documentation. @nidhi0512

Release 1.6.35

🚀 Features

• GitLab Dashboard Schema support v14.1.2@satyamchaurasiapersistent
• Functionality to control parallel threads in web-hook mode. @satyamchaurasiapersistent
• Break-Build only on direct-dependencies.@satyamchaurasiapersistent
• Branch filter in command line mode @james-bostock-cx
• E-mail Notifications Configuration Toggles @cx-leonelsanches
• Allow zip exclude via config as code @james-bostock-cx

🐛 Bug Fixes

• Bug-tracker not working for CLI mode.@nidhi0512
• Partially Remediated ADO Work Items Don't Update.@HussainS12
• GitLab pagination limitation.@satyamchaurasiapersistent
• Fix SAST Vulnerability Results.@HussainS12
• JIRA bug tracking with more than 1 product closes and re-opens tickets.@HussainS12
• ADO Work Items that have been partially remediated do not change to reflect remediation.@HussainS12
• CxFlow doesn't create issue if a same type vulnerability is flagged Not Exploitable within the same file.@itsKedar
• CxFlow closing Github issues before scan is complete.@HussainS12
• Github bug tracking with more than 1 product closes and re-opens tickets.@HussainS12
• ADO - bug tracking with more than 1 product closes and re-opens tickets.@HussainS12
• Redact passwords and tokens in log messages @james-bostock-cx
• Log zip-file exclusions at the TRACE level @james-bostock-cx
• Downgrading OGNL due to thymeleaf/thymeleaf-spring#203 @cx-leonelsanches
• Fixed Null pointer exception when user not defined any enabled-vulnerability-scanners.@satyamchaurasiapersistent

Documentation

• Added documentation for SCA zip scan.@nidhi0512
• Added scope documentation for Break Build direct dependency. @satyamchaurasiapersistent
• Added documentation for control of parallel threads. @satyamchaurasiapersistent
• Fixed documentation for GitLab Dashboard. @satyamchaurasiapersistent

1.6.34

🚀 Features

• Handled Project name with embedded # . @DadasoBanagar
• Added JAVA_HOME env variable in Dockerfile. @DadasoBanagar
• Don't group findings for sarif - GH Action Security Updates. @DhavalPatelPersistent
• Add support for after/before/failed scan email notifications. @james-bostock-cx

🐛 Bug Fixes

• Fixed pipeline kubernetes issue. @HussainS12
• Fixed recommended version in sca result summary. @HussainS12
• Corrected typo error from pen-to open. @DadasoBanagar
• Fixed case sensitive jira statuses. @james-bostock-cx
• Docker image now uses higher version of OpenJDK 1.8 @umeshwaghode

Documentation

• Added scope documentation. @DadasoBanagar
• Added documentation for cx-sast roles required by a user of cxflow. @HussainS12
• Fixed documentation for Scan Comment groovy script. @HussainS12
• Documentation for merge title and merge id in Wiki. @DhavalPatelPersistent
• Remove the references of codebashing from Wiki. @DhavalPatelPersistent
• Documentation update and addition of new sample yml files. @HussainS12