Skip to main content
All CollectionsConnectorsApplication Security (SCA/SAST/DAST)
Checkmarx CxSAST Connector (Rev. November 2023)
Checkmarx CxSAST Connector (Rev. November 2023)

Learn all about integrating CheckmarX CxSAST into the Vulcan Platform

Updated over 10 months ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Overview

About Checkmarx CxSAST

Checkmarx Static Application Security Testing (SAST) provides fast and accurate incremental or full scans and gives you the flexibility, accuracy, integrations, and coverage to secure your applications

Why integrate Checkmarx CxSAST into the Vulcan platform?

The Checkmarx CxSAST by Vulcan integrates with the Checkmarx CxSAST platform to pull and ingest Code Project assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Checkmarx CxSAST Details

Supported products

Checkmarx SAST

Category

Application Security - SAST

Ingested asset type(s)

Code Projects

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

  • Checkmarx SAST server URL: URL of your Checkmarx account.

  • Username: User with required permissions to access the Checkmarx account.

    • Permissions needed: Odata API, SAST Reviewer

  • Password: Username Password

  • Client ID: The default value of your account.

  • Client Secret: The default value of your account. Insert new value only in case you know it was changed by your organization (otherwise, keep the default value).

Configuring the Checmarx CxSAST Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Checmarx CxSAST icon.

  4. Set up the Connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Checmarx CxSAST instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  8. To confirm the sync is complete, navigate to the Connectors page. Once the Checmarx CxSAST icon shows Connected, the sync is complete.

Checmarx CxSAST in the Vulcan Platform

Viewing Checmarx CxSAST vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

    See the complete list of available vulnerability filters.

  3. Select Checmarx CxSAST from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing Checmarx CxSAST assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab (Code Project in this case).

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Checmarx CxSAST from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by Checmarx CxSAST

To take remediation action on vulnerabilities and assets detected by Checmarx CxSAST:

  1. Go to the Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the Checmarx CxSAST option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability/Asset.

  5. Click Take Action.

Automating remediation actions on vulnerabilities detected by Checmarx CxSAST

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Checmarx CxSAST Connector.

Learn all about Automation Playbooks in the Vulcan Cyber Platform.

From Checmarx CxSAST to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Checmarx CxSAST through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Code Project fields mapping

Checmarx CxSAST field

Vulcan field

Value Example

Project id

Uniqueness criteria

2

Project name

Asset Name

Code Projects

Asset type

code_project

SrcFileName

Asset codebase - Source (SAST)

dvja-master/src/main/java/com/appsecco/dvja/controllers/Home.java

Line

Asset codebase - Location (SAST)

34

Application Name
Last Scan ID
Lines of code scanned in last scan
Owner of last scan
Server
Team name

Asset details

Team Full Name

Asset Tags - Additional

/CxServer/vulcan.io

last scanned date

Last seen

asset_id

vulnerability_id

SrcFileName

Line

Vulnerability instance uniqueness criteria

Vulnerability detection date

Vulnerability instance first seen

latest scan date in which it was detected

Vulnerability instance Last seen

2021-09-14T08:13:32.347Z

Severity

Vulnerability instance score

High

SrcFileName

Vulnerability instance location path

dvja-master/src/main/java/com/appsecco/dvja/controllers/Home.java

Query

Unique Vulnerability uniqueness criteria

SQL Injection

Query

Vulnerability title

SQL Injection

Severity

Vulnerability score

High

Include anything available in the legacy, note the differences between the vulns types

Vulnerability details

Result Status, Result State

Vulnerability status

To Verify

Severity

CVSS

Result State

Vulnerability instance connection- additional information

High

Vulnerability status mapping

Checmarx CxSAST Status

Vulcan Status

(other statuses)

Vulnerable

Fixed

Fixed

-

Ignored - false positive

Not Exploitable

Ignored risk acknowledged

Vulnerability score mapping

Checmarx CxSAST score

Vulcan score

High

10

Medium

6.5

Low

3

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the Checmarx CxSAST connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the connector's last sync

- Asset not seen for X days according to "Last Seen".

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: x.x.x

API

Use in Vulcan

Permissions required

/auth/identity/connect/token

Auth

access_control_api

/help/projects

Projects

sast_api

/cxrestapi/sast/scans?last=1&projectId={{ project_id }}

Last Scans

sast_api

/reports/sastScan

Create Reports

sast_api

reports/sastScan/{{ report_id }}/status

Report Status

sast_api

/reports/sastScan/{{ report_id }}

Report Results

sast_api

/auth/teams/{{ team_id }}

Teams

access_control_api

Data Validation

Matching Data between Checkmarx CxSAST and Vulcan

Note 1: To ensure accurate testing results, please make sure to be logged into the Checkmarx CxSAST's UI using the same user credentials configured in Vulcan. This ensures consistency and eliminates permission and scoping issues.

Note 2: Due to time differences in synchronization, a 100% match in numbers might not always be achieved.

Matching Unique Vulnerabilities count

  1. In Checkmarx CxSAST:

    • Open a project’s scan results to view vulnerabilities found in an asset scan.

  2. In Vulcan:

    • Verify the number of vulnerabilities ingested.

Matching Assets count

  1. In Checkmarx Portal:

    • Open the Dashboard and observe the projects' state to note the total projects count. Vulcan does not ingest unscanned projects.

  2. In Vulcan:

    • Navigate to Code Projects to find the assets.

Matching Vulnerability Instances count

Goal: Match connections between a vulnerability and an asset in Checkmarx CxSAST with Vulcan.

  1. In Checkmarx Dashboard:

    • Click on the project name to see its info, including the number of vulnerabilities by severity breakdown.

  2. In Vulcan:

    • Check the number of vulnerabilities, including info level findings.



Related Articles
Snyk Connector (new revision)
Checkmarx One Connector
GitHub Code Scanning Connector (new revision)
GitLab Connector
Checkmarx CxSAST Connector (Rev. February 2024)
Did this answer your question?