Checkmarx Static Code Analysis (CxSAST)

Supported methods

The integration supports the following:

  • File Upload: The supported file format is XML.

  • Remote Connection: Download scan results using CxSAST web services. The data will be pulled from OData and REST API.

Configuration options are detailed below.

Configuration

Connection details

Enter the connection details for the server.

Protocol

Select the protocol for the connection (HTTPS or HTTP). (Default: HTTPS)

Server

The domain name or IP address of the server, such as cx.server.com.

Context Root

Top-level location where CxSAST is installed on a server. The value for this may be dependent on the configuration of an internal corporate proxy or where an administrator has installed CxSAST.

Credentials

Enter the credentials needed to authenticate to the server.

Username

Username authorized to connect with the server. This user should be able to download scan results for any anticipated project. The user should have permission for both OData and REST API. Any permission issue with OData API will try to supplement the same data through REST API.

Password

The password used to authenticate to the server

Synchronization

Enter details about connecting to the server.

This Verification server is hosted within a private network and cannot be reached directly by SD Elements.

Select this option if SD Elements does not have direct network access to the Checkmarx server.

For example, if you are using a hosted SD Elements instance but you want to integrate with an internal/protected Checkmarx system, choose this option and run the Remote Integration Agent to perform integration.

Advanced options

Enter advanced configuration options.

Bypass server certificate validation for HTTPS (insecure, only for testing purposes)

Check this option if you need to test a connection without the proper SSL/TLS certificates.

Sync frequency

Select how frequently SD Elements should retrieve scan results from the server. You can choose from the following options. The more frequently you run an import, the greater the performance impact on both SD Elements and the server. This is generally only a concern for large organizations running many imports at once.

Hourly, Daily, Weekly, or Monthly

The projects will import scan results automatically every hour, day, week, or month. Daily import is typically sufficient. However, you may want to select a more frequent interval if development moves quickly in your organization.

Manually

You must click the Import button on the Verification Integrations page to import the results. This is the default value.

Project details

Enter the information required to import scan results from a CxSAST project.

Project Name

The name of the project in Checkmarx. If a project name is not unique, "Project ID" should be used. Either this or "Project Name" should be provided.

Project ID

The ID of the project in Checkmarx. The preferred approach to finding a project as it is guaranteed to be unique. Either this or "Project Name" should be provided.

results matching ""

    No results matching ""