Release_2025.4.1

What's Changed

• PLUG-2253: Implement Jenkins policy link by @cx-riyaj-shaikh in #164
• [Jenkins] Move async log to Create CxSAST Scan section (PLUG-2678) by @cx-riyaj-shaikh in #165
• Added detailed exception logging by @cx-tejal-thorat in #166
• Resolved the defect 2749 by @cx-tejal-thorat in #167
• Resolved the defect 2760 by @cx-tejal-thorat in #168
• Update client common version by @cx-tejal-thorat in #169
• Integration to Master by @cx-tejal-thorat in #170

New Contributors

• @cx-riyaj-shaikh made their first contribution in #164
• @cx-tejal-thorat made their first contribution in #166

Full Changelog: Release_2025.3.1...Release_2025.4.1

Release_2025.3.1

• Enhanced compatibility with the latest Jenkins version.
• Upgraded third-party dependencies to address security vulnerabilities.
• Added support for spdxJsonFormat in the CxSCA scan report output.
• Resolved issue with cyclonedxJsonFormat in the CxSCA report generation.

Release_2024.3.2

• Enhanced to provide support to Critical Severity.
• Enhanced to show SAST server Engine Pack Version in the logs.
• Enhanced to send plugin name and plugin version in the API request header.
• Enhanced to support Jenkins version 2.462.1.
• Upgraded third party libraries to fix vulnerabilities

Release_2024.2.3

• Fixed the issue, CxSCA team with value as 'All users' getting overridden for existing projects.
• Fixed the issue, ‘scaReportFormat:PDF’ parameter is present in SCA pipeline script by default even when ‘Generate CxSCA report’ checkbox is disabled.
• Fixed the issue, if first scan in pipeline/new project is asynchronous, it should not show 'failed scan' report if reports are not generated, or report of previous successful scan is not available.
• Fixed the issue of pipeline, build failing and showing failed report in case of asynchronous scan, when the previous synchronous scan fails or ‘enable vulnerability threshold exceed’ checkbox is checked but parent checkbox (Enable synchronous mode) is not checked.
• Added form validation for 'Enable vulnerability threshold' checkbox when CxSAST scan is not enabled.
• Fixed the issue, scan failing and showing error in logs, if both CxSAST and dependency scan are disabled.
• Removed dependency on the Swagger Call.
• Fixed the issue, unable to assign Scan Retention Rate to existing CxSAST project.
• Upgraded below libraries:
org.yaml:snakeyaml to 2.2
cx-client-common to 2024.2.3
commons-beanutils:commons-beanutils to 1.9.4
io.netty:netty-codec-http to 4.1.101.Final
org.apache.commons:commons-compress to 1.26.0

Release_2023.4.3

• Enhanced to use expected versions of SAST APIs
• Added support to Enable Policy Enforcement for SAST and SCA separately. (These two needs to be configured separately)
• Enhanced the plugin to display correct error message on Checkmarx reports screen if SCA scan policies are violated
• Added support for SAST Project Level Custom Fields
• Added support for SCA Project Custom Tags
• Added support for SCA Scan Custom Tags
• Allowed special characters in scan level and project level custom fields for SAST and SCA.
• Allowed special characters in Jenkins job name
• Added support to propagate vulnerability threshold exceed errors
• SCA Agent is no more supported
• Enhanced the plugin to support SCA URL in NoProxyHost
• Added support for Jenkins Server v2.375.4 and v2.414.3
• Fixed deserialization issue for API requests/responses
• Upgraded below libraries:
com.checkmarx:cx-client-common:2023.4.4
org.apache.commons:commons-compress:1.25.0
org.json:json:20231013
org.eclipse.jgit:org.eclipse.jgit:6.8.0.202311291450-r
com.google.guava:guava:32.1.1-jre

Release_2023.2.6

• Added functionality to generate Sca Report in various format i.e. PDF, XML, CSV, JSON, cyclonedxjson, cyclonedxxml files.
• Added functionality to generate reports in workspace directory of agent.
• Added functionality to generate SCA/OSA reports in workspace directory.
• ScaResolver integration is enhanced to make reuse of SAST specific parameters like project name, source code location, sast server url, credentials and result path. Sca resolver additional parameters is reserved for additional arguments as per sca resolver arguments syntax.
• Enhanced the functionality to provide option to select job status in case of CxSAST vulnerability threshold is crossed.
• Global setting SSL/TLS validation checkbox is enabled by default to enforce TLS/SSL server certificate validation by default.
• Set Scan retention rate for CxSAST Scan. Added support for CxSAST Scan Retention Settings while creating a project.
• Upgraded below libraries:
org.json:json:20230227

Release_2022.4.3

• Corrected config-as-code feature. Prior version failed to parse cx.config file.
• ‘overrideProjectSetting’ plugin parameter indicates whether preset, engineConfigurationId value will be saved on the SAST project.
• HTTP link to OSA scan results that appear in the plugin logs are corrected
• Enhanced default include/exclude pattern to exclude SCAResolver’s result files.
• Introduced ‘ABORTED’ as new value for parameters jobStatusOnError, vulnerabilityThresholdResult that will stop the pipeline immediately
• Fixed issue that the build was not marked failed for SCA Policy violations.
• Upgraded libraries.

Release_2022.3.3

Fixed NPE that occurs when customFields parameter is not defined in scripted pipelines. Does not impact Freestyle jobs.

Release_2022.3.2

• Suppress benign errors by default (for ex. duplicate scan or timeout error). This can be disabled by defined JVM property 'suppressBenignErrors=false'
• Special character validation for custom field
• Introduced presetId 0 that makes SAST use presetid of previous scan of that project. If it is a new project, preset gets defaulted at SAST to 'Checkmarx Default'
• Pipeline script can be configured with scaTeamId instead of scaTeamPath. scaTeamId takes precedence.
• CxOrigin value now contains Jenkin's Plugin Version

Release_2022.2.3

1. Fixed issue related to Jenkins security warning.
2. Fixed issue related to SCA Proxy selection.