Releases: Checkmarx/ast-cli
Releases · Checkmarx/ast-cli
2.0.0_RC8: Resolving vulnerabilities detected by Checkmarx: (#195)
* Resolving vulnerabilities detected by Checkmarx: * Denial_Of_Service_Resource_Exhaustion in configuration.go line 123 * SSRF in client.go line 221 * Vulnerability configuration.go * Golang lint fixes.
2.0.0_RC7
2.0.0_RC6: - Renamed (--incremental-sast) to (--sast-incremental) (#190)
- Removed (--incremental-kics) and (--incremental-sca) - Removed BFL, actually hid the option so it can be brought back later - Renamed CX_SECRET to CX_CLIENT_SECRET - Renamed global param (--secret) to (--client-secret) - Added configure set option (cx_base_auth_uri) - Renamed configure set option (cx_token) to (cx_apikey) - Renamed configure set option (cx_ast_access_key_id) to (cx_ast_client_id) - Renamed configure set option (cx_ast_access_key_secret) to (cx_ast_client_secret) - Error when URL ending with / is encountered has been fixed - CLI was storing JWT in (credentials.json) file, this has been removed and now the JWT is only stored in memory and reset between runs. - Fixed (scan create) not showing error when bad auth encountered. The auth fail was being absorbed in (client.go). - (--scan-types) was throwing an error when spaces were present, ex: (sast, kics,sca). This should be resolved now. - The (configure show) command now shows the following environmen variables (BaseURI, BaseAuthURIKey, Client ID, Client Secret, APIKey, Proxy) - The (configure show) command now shows the "effect" value of the following properties (BaseURI, BaseAuthURIKey, Client ID, Client Secret, APIKey, Proxy). The "effective" value means it shows how the CLI sees the property after combining environment variables, config variabls and CLI arguments. These are the values that will be used by the CLI.
2.0.0_RC5: Bump golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13 (#189)
Bumps golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2.0.0_RC4: Feature/scan types (#185)
* Added support for KICS and SCA scans. * Added support incremental scans for SAST, KICS and SCA. * Removed uneeded variables.
2.0.0_RC2
2.0.0_RC1
1.0.0_RC5: Fix/circleci publish (#158)
* Testing circleci publish issues. * Restored the Circle CI ghr release process. Updated the CLI version to 1.0.0_RC6
v1.0.0_RC4: Feature/proxy config (#154)
* Added proxy to configuration options. Also fixed issue with
configurationfiles in Windows. Windows configuration files weren't
correctly handling CRLF.
* - Made all of the (configure set) commnds consistent with environment
variable names.
- Added proxy message when proxy is active.
- Fixed issues with Windows configuration files.
- Added Key/Secret/proxy to options that can be saved in configuration
file.
- Fixed help messages for (configure set) command.
* - Fixed issue with (--proxy) command not working
- Fixed issue where scan create would fail when user used variations on
project names like MyProject and myProject. All project names are
considered as lower case now when searching through list.
- Remove proxy configuration from (cx configure) interactive form.
* Corrected linting issue.
v1.0.0_RC3: Feature/updated filters (#143)
* Inclusions and exclusions are no provided with the '-g' command. * Inclusion and exclusion filters are now provided with the same '-g' option.