Checkmarx AST Scanner


Contributors Forks Stargazers Issues Install APACHE License


Logo

AST-JENKINS-PLUGIN

Allows the user to scan their source code using Checkmarx AST platform and provide the results as a feedback.
Explore the docs »

Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Key Features
  3. Usage
  4. Contribution
  5. Feedback
  6. License
  7. Contact

About The Project

The Checkmarx One Jenkins plugin enables you to integrate the full functionality of the Checkmarx One platform into your Jenkins pipelines. You can use this plugin to trigger Checkmarx One scans as part of your CI/CD integration.

This plugin provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository and uploads it to Checkmarx One for scanning. This provides easy integration with Jenkins while enabling scan customization using the full functionality and flexibility of the CLI tool.

The plugin code can be found here.

Key Features

  • Configure Jenkins pipelines to automatically trigger scans running all Checkmarx One scanners: CxSAST, CxSCA, IaC Security, Container Security, API Security, Secret Detection and Repository Health (OSSF Scorecard).

  • Supports integrating Checkmarx One build steps into FreeStyle or Pipeline projects

  • Supports use of CLI arguments to customize scan configuration, enabling you to:

    • Customize filters to specify which folders and files are scanned
    • Apply preset query configurations
    • Customize SCA scans using SCA Resolver
    • Set thresholds to break build
  • Send requests via a proxy server

  • Break build upon policy violation

  • View scan results summary and trends in the Jenkins environment

  • Direct links from within Jenkins to detailed Checkmarx One scan results

  • Generate customized scan reports in various formats (JSON, HTML, PDF etc.)

  • Generate SBOM reports (CycloneDX and SPDX)

  • Can be configured to automatically update to the latest CLI version

Prerequisites

  • A Jenkins installation LTS 2.263.1 or above (Supported Operating systems: Windows and Linux)

  • You have a Checkmarx One account and you have an OAuth Client ID and Client Secret for that account. To create an OAuth client, see Creating an OAuth Client for Checkmarx One Integrations.

Initial Setup

  • Verify that all prerequisites are in place.

  • Install the Checkmarx AST Scanner plugin and configure the settings as described here.

Usage

To see how you can use our tool, please refer to the Documentation

Contribution

  • Review the default CONTRIBUTING file and make sure it is appropriate for your plugin, if not then add your own one adapted from the base file

  • Refer to our contribution guidelines

Feedback

We’d love to hear your feedback! If you come across a bug or have a feature request, please let us know by submitting an issue in GitHub Issues.

License

Distributed under the MIT. See LICENSE for more information.

Contact

Checkmarx - CxOne Integrations Team

Find more integrations from our team here

© 2024 Checkmarx Ltd. All Rights Reserved.