Checkmarx

Checkmarx is a static application security testing (SAST) tool that helps developers identify and fix security vulnerabilities in their software code. It is designed to analyze the source code of web applications, mobile apps, and other software systems to detect potential security weaknesses, such as SQL injection, cross-site scripting (XSS), and buffer overflows.

Use the SEI Checkmarx SAST integration to integrate SEI with Checkmarx Static Analysis Solution (SAST).

Note: This SEI integration is under development. It provides limited integration support in its current state.

Configure the integration on cloud

  1. Select Integrations under Settings.

  2. Select Available Integrations, locate the Checkmarx SAST integration, and select Install.

  3. Configure and the integration:

    • Add the Checkmarx Instance URL

    • Add the checkmarx account Username

    • Enter your checkmarx account Password and click Next

    • Add a Name and Description for the integration

    • You can add Tags to identify the integration (optional)

  4. Once you have configured the integration, click Save.

Configure the integration using satellite

The steps for configuring the integration using satellite is similar to configuring the integration on cloud, with the exception of using satellite to communicate with the Checkmarx server.

Make sure to select the satellite integration checkbox while configuring the integration. Once you save the integration a satellite.yml file will be automatically generated and downloaded to your computer. Update it following the instructions here.

Here’s a sample satellite.yml file

satellite:
  tenant: foo
  api_key: <sei-api-key>
  url: 'https://testapi1.propelo.ai'
integrations:
  - id: '4678'
    application: cxsast
    url: 'https://sca.checkmarx.net'
    username: checkmarx-test

If you encounter any issues during the integration process, go to the Satellite integration Troubleshooting and FAQs.

Last updated