WHAT IS THE CHECKMARX SCA MANAGEMENT OF RISK API?

It is the new API that replaces IgnoreVulnerability calls and allows structured vulnerability states with comments and audit history. It supports enterprise risk governance and DevSecOps automation.

WHY SHOULD ENTERPRISES MIGRATE FROM IGNOREVULNERABILITY?

The legacy approach lacks structured states and audit context. The new API enables standardized risk tracking, approval workflows, and compliance-ready reporting. Merito can manage this migration across pipelines and integrations.

HOW DOES THIS UPDATE IMPROVE DEVSECOPS PRACTICES?

Structured risk states allow policy-based release gating, synchronized ticket status, and clearer ownership. This strengthens CI/CD governance and reduces friction between development and security teams.

WHY DOES SUPPORT FOR PASSWORDS STARTING WITH A DASH MATTER?

Automated secret generators may produce credentials beginning with special characters. Supporting these reduces pipeline failures and allows stronger password policies without exceptions.

CAN CHECKMARX SCA STATES BE INTEGRATED WITH JIRA OR SERVICENOW?

Yes. The Management of Risk API allows synchronization of vulnerability states and comments with ticketing and ITSM platforms. Merito designs and implements these integrations for enterprise environments.

HOW CAN MERITO HELP WITH CHECKMARX SCA GOVERNANCE?

Merito provides SCA operating model design, API integration, CI/CD automation, risk reporting dashboards, and training to ensure structured vulnerability management aligns with enterprise SDLC governance.

WHAT ARE THE FIRST STEPS TO ADOPT THESE CHANGES?

Assess current API usage, update automation scripts, define standardized risk states, and test pipeline integrations. Merito can deliver an enterprise rollout plan and controlled migration.

Merito Company Logo

INTRODUCTION

This update for Checkmarx SCA standalone customers appears minor in versioning. In enterprise environments, it affects two areas that drive business outcomes: structured risk governance and pipeline reliability.

The shift from simple ignore actions to structured risk management strengthens auditability and executive reporting. Resolver improvements increase automation stability across complex CI/CD estates.

SHIFT FROM IGNOREVULNERABILITY TO MANAGEMENT OF RISK API

WHAT CHANGED

The legacy IgnoreVulnerability and UnignoreVulnerability APIs are being deprecated. The new Management of Risk API allows teams to:

Apply multiple vulnerability states such as Open, In Progress, Accepted Risk, Mitigated, False Positive
Attach comments and business context to each state change
Capture decision history programmatically

This transforms SCA triage into structured risk lifecycle management.

ENTERPRISE RISK AND GOVERNANCE IMPACT

CISOs and risk committees require evidence of active risk decisions. A binary ignore model does not reflect enterprise governance expectations.

With the Management of Risk API, organizations can:

Standardize vulnerability states across SCA programs
Enforce mandatory justification comments for Accepted Risk
Link decisions to ticket IDs, change records, or risk owners
Generate audit-ready logs for regulatory reviews

This supports enterprise risk frameworks and improves board-level reporting on open source exposure.

DEVSECOPS WORKFLOW INTEGRATION

Structured states enable stronger automation:

Checkmarx SCA Update vJanuary 2026: Enterprise Risk Governance and DevSecOps Impact

Related Product Release Updates

Black Duck SCA 2026.1.1: Enterprise Risk, SBOM Visibility, And DevSecOps Governance

How Checkmarx Agentic AI Changes AppSec Operations For Modern DevSecOps Teams

Checkmarx One 3.54 Update: Stronger Application Security Governance And CI/CD Integration

Previous and Next Product Release Updates

Black Duck SCA 2026.1.0 Enterprise Guide: Risk, Governance, and DevSecOps At Scale

TestRail 10.1 Enterprise Features: Data Residency, Smart Archiving, AI Controls, And CI/CD Traceability