Changed Features - Cortex CLOUD

Feature	Description
Threat Intelligence	Due to the deprecation of Autofocus, AutoFocus data will no longer appear in cases or issues.
Support for new Azure DevOps authorization methods	Following Azure's deprecation of existing authorization methods, you must now re-authorize Cortex Cloud applications – or onboard new ones – using Microsoft’s newly supported methods: Microsoft Entra ID or a personal access token (PAT). Applications that are not re-authorized will no longer function
Cortex CLI	Performance enhancement: The Cortex Cloud Application Security Code scanning engine has been upgraded to reduce execution times and improve resource efficiency for both local and CI/CD pipeline scans. Cortex CLI Certificate Authority (CA) configuration update: Cortex CLI now uses a single global setting for your Certificate Authority (CA), providing a centralized and consistent way to define trust. This unified configuration structure will be adopted by all modules in future releases. Global Flag and Environment Variable: You can now define the CA path using the global --ca-cert flag or the `CORTEX_CA_CERTIFICATE` environment variable. As this is a global setting, it must appear before the scan command in the CLI invocation. For example, `cortexcli --ca-cert $CORTEX_CA_CERTIFICATE code scan [flags]` Skip certificate verification: You can now skip SSL certificate validation using the `--no-cert-verify` flag or the `$CORTEX_NO_CERT_VERIFY` environment variable. Warning: This configuration is insecure and should only be used in development or testing environments where a valid CA certificate is unavailable Current limitation: Although configured globally, this CA setting is currently applied only to Cortex Cloud Application Security commands. Other modules will adopt this global setting in future updates Breaking change - Path removal: The previous configuration path has been removed. CA definitions must now be placed at the `root` level of your configuration. This new path is required: Old (deprecated): `code.ca-cert` New: `ca-cert` Action required: Update your commands and any variables used in CI/CD pipeline variables to use the new path. Failure to do so will cause Application Security scans to fail

Feature

Description

Threat Intelligence

Due to the deprecation of Autofocus, AutoFocus data will no longer appear in cases or issues.

Support for new Azure DevOps authorization methods

Following Azure's deprecation of existing authorization methods, you must now re-authorize Cortex Cloud applications – or onboard new ones – using Microsoft’s newly supported methods: Microsoft Entra ID or a personal access token (PAT). Applications that are not re-authorized will no longer function

Cortex CLI

Performance enhancement: The Cortex Cloud Application Security Code scanning engine has been upgraded to reduce execution times and improve resource efficiency for both local and CI/CD pipeline scans.

Cortex CLI Certificate Authority (CA) configuration update: Cortex CLI now uses a single global setting for your Certificate Authority (CA), providing a centralized and consistent way to define trust. This unified configuration structure will be adopted by all modules in future releases.

Global Flag and Environment Variable: You can now define the CA path using the global --ca-cert flag or the CORTEX_CA_CERTIFICATE environment variable. As this is a global setting, it must appear before the scan command in the CLI invocation. For example, cortexcli --ca-cert $CORTEX_CA_CERTIFICATE code scan [flags]
Skip certificate verification: You can now skip SSL certificate validation using the --no-cert-verify flag or the $CORTEX_NO_CERT_VERIFY environment variable. Warning: This configuration is insecure and should only be used in development or testing environments where a valid CA certificate is unavailable
Current limitation: Although configured globally, this CA setting is currently applied only to Cortex Cloud Application Security commands. Other modules will adopt this global setting in future updates
Breaking change - Path removal: The previous configuration path has been removed. CA definitions must now be placed at the root level of your configuration. This new path is required:
- Old (deprecated): code.ca-cert
- New: ca-cert
Action required: Update your commands and any variables used in CI/CD pipeline variables to use the new path. Failure to do so will cause Application Security scans to fail