Release Notes 22.7

October 2022 - New Features, Enhancements, Improvements, and Bugs Fixed

New Features

1. SAML-based SSO for login

You can easily log in to CodeScan Cloud by setting up a Single Sign-On (SSO) through SAML-based third-party identity providers such as Okta, PingOne, and Microsoft Azure.

For more information, see Single Sign-On.

2. CSV Export tool for CodeScan Cloud

The ability to download a CSV file containing the issues has now been added. The CodeScan CSV issue export option can be found in the More menu. Prior to this release, this functionality was only accessible to CodeScan Self-Hosted users; however, we have now enabled support for Cloud users as well.

For more information, see Exporting Issues in CodeScan Cloud

3. New CodeScan Rule

CodeScan now has a new rule added to their Quality Profile called Do not use vulnerable packages, which checks for deprecated and outdated dependencies in the project and highlights the vulnerabilities available.


Scheduled Reports available for Project Branches

Previously, project reports were available for download for the main branches. With this update, we now support generating reports manually or by scheduling them for every project branch.

For more information, see Scheduled Reports

UX Enhancement

  1. The drop-down list for the entry of Rule Parameters has been introduced to the improved Activate in Quality Profiles page. You could only feed regular text into fields prior to this release.

Fig 1: Old Screen

Fig 2: New Screen

  1. With this update, the Add Member button on the Members page for all CodeScan versions is deleted.


  • This release includes significant security improvements. Updating is strongly recommended.

  • The existing metadata rules in CodeScan have been tweaked for SFDX compatibility.

  • Significant improvements in the ways GitHub is triggered within CodeScan.

Bugs fixed

  • Fixed a minor issue where the analysis would start for both branches when merging a feature branch into the master branch. This shouldn't happen as analysis should be initiated only on the master branch and not the feature branch.

  • Fixed an issue where the target branch's newly added code was not being fetched when the analysis was running.

  • Fixed an issue where users could view invalid grant type errors while running a pull request analysis.

  • Fixed an issue where users received a CE job timeout error in SonarQube's CE job.

Last updated