- Issue 12 - SCA compatibility
- The data field specification in the Wiki is updated with to reflect data fields used by OSA and/or SCA. The data concepts in OSA and SCA are slightly different, thus the data fields will reflect these differences.
- Using .Net 6.0
- Standalone execution has been supported for several versions, it is now the default. Wiki updates will reflect this default.
- Configuration file is now
cxanalytix.configfor all executables. - Configuration file search path has changed, please see the Wiki for details.
- Configuration format for 2.x is not backwards compatible with 1.x configuration files. You will need to re-configure 2.x.
- Transformers are now pluggable modules, please see Wiki for information about configuring SAST and SCA transformers.
- Outputs have always been pluggable modules, but selection is now more user friendly. See Wiki for details.
- Performance fix - throttle the API I/O calls during scan crawl resolution to use only the configured number of concurrent threads.
- Issue 142 - Correct the SinkFileName, SinkLine, SinkColumn values in the scan detail output.
- Issue 135 - Avoid repeatedly calling OSA endpoints if OSA is not licensed.
- Issue 109 - The user agent now shows API requests with CxAnalytix and version in the user agent string.
- As of v1.3.3, CxAnalytix is no longer compatible with SAST versions prior to 9.0.
- Memory leak in M&O client REST API code fixed.
- Added the
RetryLoopconfiguration to allow retries after timeout. - Stopped the attempt to load policies at startup if the M&O URL is not provided.
- Stability fixes for AMQP outputs.
- Dependency upgrades.
- Garbage collection tuning.
- Platform-specific tarballs are now created. This is to address the dynamic loading of DPAPI that .Net Core apparently doesn't handle well in cross-platform builds.
- Pseudo-transactions are now off by default.
- New data fields added to scan summary and scan detail records.
- Issue 85 - Malformed AMQP config written on first run, preventing subsequent runs without removing the malformed config and commenting out the AMQP config class references.
- Issue 10 - Output can now be routed to AMQP endpoints
- Issue 52 - Transactional writes have been implemented as Pseudo Transactions
- An issue with crawls aborting on SAST systems not licensed for OSA was re-introduced in 1.2.2 and has been fixed.
- Stability fix for cases where M&O did not return policy violations as expected
- Build change to not build self-contained; this was causing issues on some Linux distros
- Issue 57 - Filtering scans crawled via Team and Project regex matching
- Issue 17 - Updated the docker image to better support persisting the state files
- Fields added to the output records
- Project Information
- LastCrawlDate
- Policy Violation Details
- ViolationId
- Project Information
- A basic regression testing utility was added to test that data extraction is consistent between versions. This is primarily targeted for developer use.
- Issue 51 - Timestamp of date to check for last scan is recorded as the finish date of the last scan found during the current crawl rather than the date of the current crawl.
- Issue 53 - Authorization token refresh improvements
- Stealth fix during development - NodeLine would be excluded from the SAST Vulnerability Details record under certain conditions
- Issue 60 - A DB table row with a column containing a NULL value threw an exception and caused the DB crawl to end prematurely.
- New feature to extract audit events by crawling audit log tables in CxActivity and CxDB. This feature is limited to use in systems that can make a connection directly to the CxSAST DB.
- Issue 31 - No time delay between queries for report generation status.
- Issue 26 - OSA scan details incomplete or missing
- The rolling file log naming convention should cause daily log rotation as well as 100MB max log file sizes by default.
- Added the ability to dump all network I/O to the application log.
- Improved error handling and exception logging for troubleshooting purposes.
- Issues #21, 22 - Networking implementation caused issues on some versions of Windows server.
- Added EngineStart/EngineFinished fields to the scan summary; no-change scans will be indicated with DateTime.MinValue
- Issue #20: Date parsing error in non-US locale
- Issue #18: Error when attempting to retrieve policy violation data from SAST 9.0
- Dockerfile now available as a release artifact
- Docker base image pushed to Docker Hub as part of the build
- Issue #9: Resolve config values from environment variables (see the Wiki for CxConnection, CxCredentials, and CxAnalyticsService)
- Issue #6: Now compatible with SAST 9.0
- Issue #4: MongoDB is now available as an output destination.
- Issue #5: Add instance identifier to each record.
- Issue #7: Add project custom fields to the output.
- Output to flat log files
- Support for CxSAST 8.9 APIs