Skip to content

Releases: checkmarx-ltd/ServiceNowCxOne

GA_1.0.22

11 Oct 13:19
@nidhi0512 nidhi0512
GA_1.0.22
677ca58
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.22 Latest
Latest

Version(1.0.22)

  • Exploitable path if present in SCA scan will be mapped to Source Notes column of AVIT table.
  • Scan Synchronization field has been added in Configuration Page to filter Latest Scan of each Branch or Latest Scan of Primary Branch or Latest Scan across all branches.
  • Scan Results that will be imported can be filtered on the basis of Result States in Configuration page.
  • Scans that will be imported can be filtered on the basis of Scan Type in Configuration page.
  • To get Fixed findings of SAST and SCA scans Delta API will compare old scanId present in ServiceNow and latest scanId of the project.
  • Save and Test Credentials button in Configuration Page will validate the required permissions.
Assets 2
Loading

GA_1.0.21

14 Jun 05:52
@apoorvasingh5 apoorvasingh5
GA_1.0.21
90e6cf7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.21

CXSER-272 [CxOne] Addition of date filter in First Integration.
CheckmarxOne App List integration will import the project data from CxOne after the given start date
CXSER-279 [CxOne] SCA deltas
CheckmarxOne App Vul Item integration will compare the last 2 scan results and import the vulnerabilities for SCA
CXSER-302 [CxOne] Add Scan Origin, Source and Scan Type in the Synchronization
In CheckmarxOne Scan Summary integration added Scan Origin , Scan Source, Scan Type in xml as well as in processing script .
Table Name - sn_vul_app_vul_scan_summary
Column Name - scan_submitted_by
CXSER-276 [CxOne] Project Filter by id and Name
Project can be filter by projectId and By projectName, We can also exclude project by providing "exclude=" as prefix before project name as well as project Id.
CXSER-299 [CxOne] Primary Branch checkbox - Synchronize the primary branch only in imported projects with a branch set as primary
-CXSER-323 Restructuring the Integration code to fetch selected projects from discovered application to retrieve data.
-CXSER-334 Restructuring Scan Summary and App Vul Item integration to minimize the API call for getting projects lists while getting parameters.

Assets 2
Loading

GA_1.0.20

14 Mar 08:32
@apoorvasingh5 apoorvasingh5
GA_1.0.20
50ba9a3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.20

Version(1.0.20)

  • Branch info has been mapped to “Project Branch” field of AVIT table.
  • Primary Branch info is mapped to "Source Additional Info" field of Discovered Application table with Application Id.
  • If "Sync Only Primary Branch" is enabled from the configuration page. Then only the projects, scans, and vulnerabilities that are performed for the primary branch will be imported into respective integrations and tables.
  • For Findings of SAST scanner “Source AVIT” of AVIT table has been changed to combination of “Similarity Id” and "Result Hash" from CxOne to get the unique AVITs.
  • Washington DC support has been added to this version.
Assets 2
Loading

GA_1.0.18

06 Feb 05:41
@apoorvasingh5 apoorvasingh5
GA_1.0.18
08e4b1c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.18

Features in 1.0.18 version.

The Project tags information from CxOne will be mapped to the Source APM Id of Discovered Application Table of SNOW.

Vulnerabilities with Critical Severity if present in CxOne will be also imported

Plugin will skip the deleted scan Id and will not fail.

Assets 2
Loading

GA_1.0.17

11 Dec 05:56
@apoorvasingh5 apoorvasingh5
GA_1.0.17
8c13670
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.17

This version has addition of new DevOps Integration which will permits users with the DevOps Change Velocity license to view third-party scan summaries from Security Operations in DevOps. This integration is listed in the Vulnerability Integrations [sn_vul_integration_list] table, but there is no impact to existing Application Vulnerability Response.

Assets 2
Loading

GA_1.0.14

18 Oct 10:12
@apoorvasingh5 apoorvasingh5
GA_1.0.14
79e0b61
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.14
  1. Addition of new Scanner type IaC (KICS) from CxOne in Configuration Page which will bring up IaC scans and results.
  2. Addition of new Field “List of Project Ids” in configuration page to filter out only entered Projects.
  3. Addition of SAST Delta result API (It will compare last two scan from given Start Date in Integration Run and will bring up latest change).
  4. Making Outbound Log level Configurable.
Assets 2
Loading

GA_1.0.12

05 Sep 11:07
@apoorvasingh5 apoorvasingh5
GA_1.0.12
cb65f8d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.12

• Scan Summary Name column will have ‘sca or sast’ as prefix + scanId + Last scan date in AVIT table
• Addition of Application Id from CxOne(if present) to Snow, In Application Release table it is mapped to Source additional Info column and in Application Vulnerability Item Table it is mapped to Source additional Info column
• Addition of OWSAP Top 10 and SANS 25(if present in CxOne) info for SAST vulnerabilities in OWASP and Short Description column of Application Vulnerability Entry Table (sn_vul_app_vul_entry.LIST)
• Addition of sca_container risk if present will come under SCA scan in AVIT table.

Assets 2
Loading

GA_1.0.10

19 Jul 08:39
@apoorvasingh5 apoorvasingh5
GA_1.0.10
255b673
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
GA_1.0.10

This version contains below change and fixes

Addition of Contact Support Module
Authentication message is coming Once now.

What's Changed

Full Changelog: 1.0.8...GA_1.0.10

Contributors

apoorvasingh5
Assets 2
Loading

GA Release 1.0.8

27 Jun 15:48
@apoorvasingh5 apoorvasingh5
1.0.8
32857d6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
GA Release 1.0.8

This version contains below change and fixes

Addition of Vulnerability Threshold Level in Configuration Page
Addition of Branch info in AVIT table
Mapping of Project Name to App Release table instead of Project Id
Triaging in SNOW Mapping
Fix for Reuse of Access Token
Important Logs at Significant places
Removing extra API calls

Assets 2
Loading

CxOne-SNOW-1.0.7

19 Jun 13:53
@apoorvasingh5 apoorvasingh5
1.0.7
502628e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
CxOne-SNOW-1.0.7

This version has below fix
Change for result id to Similarity id in AVIT table
Addition of Project Name in source_additional_Info of AVIT table
State mapping in SNOW( for Not Exploitable, Proposed Not Exploitable, Confirmed, Urgent)
Mapping of State value in source_finding_state in AVIT table
Fix for scan with 0 vulns

Assets 2
Loading