Checkmarx plugin

With the Digital.ai Release Checkmarx plugin, you can trigger scans in Checkmarx for your application, verify scan results, and check compliance directly from the Digital.ai Release user interface.

Features

  • Create a Checkmarx: CxOSA - Check Compliance task
  • Create a Checkmarx: CxSAST - Check Compliance task
  • Create a Checkmarx: CxSAST Scan - Git task
  • Create a Checkmarx: CxSAST Scan - Svn task
  • Configure a CxOSA Scan Summary tile
  • Configure a CxSAST Scan Summary tile

Requirements

The Digital.ai Release Checkmarx plugin requires the following:

  • Checkmarx CxSAST versions 9.0.0 or 9.2.0

  • For older Checkmarx CxSAST versions such as 8.8.0 8.9.0 use version 9.8.0 of the Release Checkmarx plugin.

Set up a Checkmarx server

There are two locations where you can define a Checkmarx: Server configuration:

  • On a global level in Settings > Shared configuration
  • On a folder level in Design > Folders, under the Configuration tab of the desired folder

To set up a connection to a Checkmarx server:

  1. In Release, go to one of the two specified locations.
  2. Click Add button next to the Checkmarx: Server.
  3. In the Title field, specify a name for your Checkmarx server.
  4. In the URL field, specify the URL where to connect to the Checkmarx server.
  5. In the Username and Password fields, specify the login user name and password of the user on the server.

  6. If you are using a proxy connection, specify the host, port, username, password, and Domain in the Proxy section.

    Note: Domain is used for the NTLM proxy authentication

  7. To test the server connection, click Test.
  8. Click Save.

Add Checkmarx Server

Create a Checkmarx: CxSAST - Check Compliance task

The Checkmarx: CxSAST - Check Compliance task type verifies the level of the severity threshold for your project on the Checkmarx server. If the issues count is higher than the configured threshold for a task, the task fails. The task also automatically saves audit reporting information including risk values by severity and their thresholds as well as Checkmarx server and user information. This information can be accessed through Release audit reporting functionality.

To add a Checkmarx: CxSAST - Check Compliance task:

  1. In the release flow view of a release or a template, add a task of the type Checkmarx > CxSAST - Check Compliance.
  2. Open the added task and in the Server field, select the Checkmarx server connection.
  3. In the Project Name field, enter the name of your project from the Checkmarx server.
  4. In the Team field, enter the name of the team from the Checkmarx server.
  5. In the Scan ID field, enter the ID of the project scan for which you want to retrieve the results. If you do not specify the Scan ID, it will retrieve data for latest finished scan.
  6. In the High, Medium, and Low fields, add a maximum value for each severity threshold level.

Add CsSAST Compliance task

Create a Checkmarx: CxOSA - Check Compliance task

The Checkmarx: CxOSA - Check Compliance task type verifies the risk levels of the security and license thresholds for your project open source libraries. If the issues count is higher than the configured threshold for a task, the task fails. The task also automatically saves audit reporting information including risk values by severity and their thresholds as well as Checkmarx server and user information. This information can be accessed through Release audit reporting functionality.

To add a Checkmarx: CxOSA - Check Compliance task:

  1. In the release flow view of a release or a template, add a task of the type Checkmarx > CxOSA - Check Compliance.
  2. Open the added task and in the Server field, select the Checkmarx server connection.
  3. In the Project Name field, enter the name of your project from the Checkmarx server.
  4. In the Team field, enter the name of the team from the Checkmarx server.
  5. In the Scan ID field, enter the ID of the project scan for which you want to retrieve the results. If you do not specify the Scan ID, it will retrieve data for latest finished scan.
  6. In the High, Medium, and Low fields for the Security Risk Threshold, add a maximum value for each security risk threshold level.
  7. In the High, Medium, and Unknown fields for the License Risk Threshold, add a maximum value for each license risk threshold level. If the server cannot find the license for a library, it returns Unknown license type.

Add CxOSA Compliance task

Create a Checkmarx: CxSAST Scan - Git task

The Checkmarx: CxSAST Scan - Git task type triggers a scan on the Checkmarx server for your project from a specified Git repository.

To add a Checkmarx: CxSAST Scan - Git task:

  1. In the release flow view of a release or a template, add a task of the type Checkmarx > CxSAST Scan - Git.
  2. Open the added task and in the Server field, select the Checkmarx server connection.
  3. In the Project Name field, enter the name of your project from the Checkmarx server.
  4. In the Team field, enter the name of the team from the Checkmarx server.
  5. In the Preset field, specify the preset value to use for the scan from the Checkmarx server.
  6. In the Configuration field, specify the configuration value to use for the scan from the Checkmarx server.
  7. In the URL field, enter the URL of your Git repository.
  8. In the Branch field, enter the Git branch for you project.
  9. In the Username and Password fields, specify the login user name and password to connect to Git.
  10. In the Token field, enter the personal token to connect to Git. Note: If you used the username and password credentials, the token is not required.
  11. In the Timeout field, set the number of minutes for the scan timeout threshold. If the scan task execution time is higher than the threshold, the task fails.

The output property of this task is the Scan ID from the Checkmarx server. You can use this Scan ID to check the compliance of you project.

Add CxSAST Scan task

Create a Checkmarx: CxSAST Scan - SVN task

The Checkmarx: CxSAST Scan - SVN task type triggers a scan on the Checkmarx server for your project from a specified Git repository.

To add a Checkmarx: CxSAST Scan - SVN task:

  1. In the release flow view of a release or a template, add a task of the type Checkmarx > CxSAST Scan - SVN.
  2. Open the added task and in the Server field, select the Checkmarx server connection.
  3. In the Project Name field, enter the name of your project from the Checkmarx server.
  4. In the Team field, enter the name of the team from the Checkmarx server.
  5. In the Preset field, specify the preset value to use for the scan from the Checkmarx server.
  6. In the Configuration field, specify the configuration value to use for the scan from the Checkmarx server.
  7. In the URL field, enter the URL of your SVN repository.
  8. In the Port field, enter the port to connect to SVN.
  9. In the Branch field, enter the SVN branch for you project.
  10. In the Username and Password fields, specify the login user name and password to connect to SVN.
  11. In the Timeout field, set the number of minutes for the scan timeout threshold. If the scan task execution time is higher than the threshold, the task fails.

The output property of this task is the Scan ID from the Checkmarx server. You can use this Scan ID to check the compliance of you project.

Create a CxSAST Scan Summary tile

The CxSAST Scan Summary tile type creates a dashboard tile that displays the metrics of your selected project, configured for a CxSAST scan from the Checkmarx server.

To configure a CxSAST Scan Summary tile:

  1. Go to the release dashboard view of a release or to a custom dashboard from the Dashboards menu.
  2. Click Configure > Add tile > CxSAST Scan Summary.
  3. Click the gear icon to configure the added tile.
  4. In the Server field, select an existing Checkmarx server configuration.
  5. In the Project Name field, enter the name of your project from the Checkmarx server.
  6. In the Team field, enter the name of the project team to retrieve the metrics from the Checkmarx server.
  7. In the Scan ID field, enter the ID of the project scan for which you want to retrieve the metrics. If you do not specify the Scan ID, it will retrieve data for latest finished scan.
  8. Click Save.

The tile displays the metrics of your project configured for a CxSAST scan from the Checkmarx server or an error message if an error occurs.

Create a CxOSA Scan Summary tile

The CxOSA Scan Summary tile type creates a dashboard tile that displays the metrics of your selected project configured for a CxOSA scan from the Checkmarx server.

To configure a CxOSA Scan Summary tile:

  1. Go to the release dashboard view of a release or to a custom dashboard from the Dashboards menu.
  2. Click Configure > Add tile > CxOSA Scan Summary.
  3. Click the gear icon to configure the added tile.
  4. In the Server field, select an existing Checkmarx server configuration.
  5. In the Project Name field, enter the name of your project from the Checkmarx server.
  6. In the Team field, enter the name of the project team to retrieve the metrics from the Checkmarx server.
  7. In the Scan ID field, enter the ID of the project scan for which you want to retrieve the metrics. If you do not specify the Scan ID, it will retrieve data for latest finished scan.
  8. In the Risk Type field, select the type of risk for which you want to display metrics.
  9. Click Save.

The tile displays the metrics of your project configured for a CxOSA scan from the Checkmarx server or an error message if an error occurs.

CxOSA Summary tile

Release notes

Release Checkmarx plugin 10.0.0

Improvements

  • [ENG-2799] - Added support for Checkmarx CxSAST versions 9.0.0 or 9.2.0

Release Checkmarx plugin 9.8.0

Bug fixes

  • [ENG-866] - Fixed python vulnerabilities

Release Checkmarx plugin 9.7.1

Bug fixes

  • [ENG-866] - Fixed python vulnerabilities

Release Checkmarx plugin 9.5.0

Improvements

  • [XLINT-812] - Added automatic audit reporting to CxOSA - Check Compliance task and CxSAST - Check Compliance task.

Release Checkmarx plugin 8.5.0

  • Added compatibility with Release 8.5.0
  • Fixed Internet Explorer 11 Release Loading Issue