Since the EST morning of 2020-11-30, some of our tools fail to accept the Zscaler-rewritten cert chains. Using the “openssl s_client -connect SITE:443 -showcerts”, I could see that the self-signed Zscaler Root CA was missing from the chain (i.e. the chain started with a Zscaler intermediate cert signed by the Zscaler Root CA). I filed a support case 02644981 but received no confirmation (I was not even registered).
This is urgent as we have many builds using an external SaaS site for component analysis.