Modern application security is most effective when embedded in the SDLC, not retrofitted. Checkmarx SAST Engine Pack 9.7.4 focuses on reliability, throughput, and usability improvements that reduce enterprise risk and improve adoption across CI/CD pipelines.
Faster Python Scans Through AST Stage Improvements
Python AST (Abstract Syntax Tree) parsing has been optimized for speed, especially on large repositories and mono-repos.
Enterprise impact:
Enables mandatory SAST gates across more pipelines without slowing release cycles.
Supports risk-based development by allowing frequent scans on critical branches.
Operational impact:
Python-heavy teams can scan every pull request without long waits.
Security engineers can run more frequent full-repo scans for continuous reporting.
Better Detection of Java Open Redirects
Enhanced rule logic improves detection of open redirect vulnerabilities in Java, including custom wrappers and utility methods.
Enterprise impact:
Reduces phishing and session hijacking risk.
Strengthens compliance evidence for regulated industries.
Operational impact:
Security engineers see previously undetected redirect flows.
Developers get precise findings to build standard secure redirect utilities.
More Stable C++ Scanning
Improvements prevent recursion and loops in DOM analysis for C++ codebases.
Enterprise impact:
Critical C++ systems (trading engines, embedded controllers, telecom stacks) can be scanned reliably.
Reduces operational risk from hung or failed CI/CD jobs.
Operational impact:
Overnight scans complete without timeouts.