Checkmarx only evaluates on Category of Security Issues NOT by the Occurrence of Security Issues
in progress
V
Vervain Anteater
The Checkmarx step only display and evaluate how many types of vulnerabilities identified by Checkmarx.
When I scan the project for the 1st time, I got 27 occurrences of SQL Injection: Java High Risk. Pipeline is failed because SQL injection is a new type of vulnerabilities for this pipeline.
The second time I run it, I got 28 occurrences of SQL Injection: Java High Risk. Pipeline is success because SQL Injection is an existing type of vulnerabilities.
In case, the product team is introducing another new occurrence of SQL injection. Harness policy is not able to catch this new vulnerability as SQL injection type already exist.
Log In
Pritesh Chandaliya
We did enable the FF for recognizing the new occurrences of an existing issue already on the morningstar account on 5 Dec 2024. Though we found a bug already and working actively on it. Will keep you posted. Thanks
Pritesh Chandaliya
in progress
Should be available by Oct 2024.
Pritesh Chandaliya
next fiscal quarter
We have prioritized this efforts for Q2, May to July 2024.
V
Vervain Anteater
Is there any update or more concrete timeline for this feature enhancement?
Y
Yolk Chickadee
Planned for 1H 2024.
V
Vervain Anteater
Beryl Dormouse will we have a short-term workaround solution?
B
Beryl Dormouse
planned
We are trying to solve this in two parts. The simplest solution that allows occurence differential to be used with OPA is planned for in Q4
B
Beryl Dormouse
under review