Am I reading the right user guide?
Am I reading the right user guide?
Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).
To access the relevant user guide to your environment, click on the "How to connect" button on the connector's setup page. Doing so will direct you to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.
Overview
About Checkmarx CxSAST
Checkmarx Static Application Security Testing (SAST) provides fast and accurate incremental or full scans and gives you the flexibility, accuracy, integrations, and coverage to secure your applications.
Why integrate Checkmarx CxSAST into the Vulcan platform?
The Checkmarx CxSAST by Vulcan integrates with the Checkmarx CxSAST platform to pull and ingest Code Project assets and their related vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Checkmarx CxSAST Details
Supported products | |
Category | Application Security - SAST |
Ingested asset type(s) | Code Projects |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Checkmarx SAST server URL: URL of your Checkmarx account.
Username and password: User with the following required roles and permissions to access the Checkmarx account:
Permissions: Odata API - use-odata
Roles: SAST Reviewer
manage-result-comment
manage-data-analysis-templates
generate-scan-report
export-scan-results
see-support-link
To learn how to assign roles and permissions, click here.
Client ID: The default value of your account.
Client Secret: The default value of your account. Insert new value only in case you know it was changed by your organization (otherwise, keep the default value).
Configuring the Checmarx CxSAST Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Checmarx CxSAST icon.
Set up the Connector as follows:
Enter the information you retrieved earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Checmarx CxSAST instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the Checmarx CxSAST icon shows Connected, the sync is complete.
Checmarx CxSAST in the Vulcan Platform
Viewing Checmarx CxSAST vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector/Source:
Go to the Vulnerabilities page.
Use the Search or Filter input box to select the Vulnerability Source or Connector filter.
Select Checmarx CxSAST from the vulnerability source/Connector list to filter results.
Click on any vulnerability for more vulnerability details.
Viewing Checmarx CxSAST assets in the Vulcan Platform
To view assets by Connector/Source:
Go to the Assets page.
Click on the relevant asset type tab (Code Project in this case).
Use the Search or filter input box to select Connector from the drop-down selection.
Select Checmarx CxSAST from the Asset source/Connector list to filter results and view all synced assets.
See the complete list of available asset filters per asset type
Taking Action on vulnerabilities and assets detected by Checmarx CxSAST
To take remediation action on vulnerabilities and assets detected by Checmarx CxSAST:
Go to the Vulnerabilities / Assets Page.
Click on the Search and Filter input box and select Connector from the drop-down selection.
Locate the Checmarx CxSAST option to view all synced vulnerabilities/assets.
Select the relevant Vulnerability/Asset.
Click Take Action.
Automating remediation actions on vulnerabilities detected by Checmarx CxSAST
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Checmarx CxSAST Connector.
From Checmarx CxSAST to the Vulcan Platform - Data Mapping
The Vulcan Platform integrates with Checmarx CxSAST through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.
Code Project fields mapping
Checmarx CxSAST field | Vulcan field | Value Example |
Project id | Uniqueness criteria |
|
Project name | Asset Name | 
|
Code Projects | Asset type |
|
SrcFileName | Asset codebase - Source (SAST) |
|
Line | Asset codebase - Location (SAST) |
|
Application Name | Asset details | 
|
Team Full Name | Asset Tags - Additional |
|
last scanned date | Last seen | 
|
asset_id vulnerability_id NodeId | Vulnerability instance uniqueness criteria |
|
Vulnerability detection date | Vulnerability instance first seen | 
|
latest detected scan date | Vulnerability instance Last seen | 2021-09-14T08:13:32.347Z |
Severity | Vulnerability instance score | High |
SrcFileName | Vulnerability instance location path | dvja-master/src/main/java/com/appsecco/dvja/controllers/Home.java |
QueryID | Unique Vulnerability uniqueness criteria | 1518 |
Query | Vulnerability title | SQL Injection |
Severity | Vulnerability score | High |
available vulnerability-specific data | Vulnerability details | 
|
Result Status, Result State | Vulnerability status | To Verify |
Severity | CVSS |
|
Result State | Vulnerability instance connection- additional information | High |
Fixed title | Fix - Title |
|
GeneralRecommendation | Fix - Description |
|
Vulnerability status mapping
Checmarx CxSAST Status | Vulcan Status |
(other statuses) | Vulnerable |
Fixed | Fixed |
- | Ignored - false positive |
Not Exploitable | Ignored risk acknowledged |
Vulnerability score mapping
Checmarx CxSAST score | Vulcan score |
High | 10 |
Medium | 6.5 |
Low | 3 |
Status Update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).
The table below lists how the status update mechanism works in the Checmarx CxSAST connector for the vulnerabilities and assets in the Vulcan Platform.
Update type in Vulcan | Mechanism (When?) |
The asset is archived | - Asset not found on the connector's last sync - Asset not seen for X days according to "Last Seen". |
The vulnerability instance status changes to "Fixed" | - If the vulnerability no longer appears in the scan findings.
|
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API Endpoints in Use
API version: x.x.x
API | Use in Vulcan | Permissions required |
/auth/identity/connect/token | Auth | access_control_api |
/help/projects | Projects | sast_api |
/cxrestapi/sast/scans?last=1&projectId={{ project_id }} | Last Scans | sast_api |
/reports/sastScan | Create Reports | sast_api |
reports/sastScan/{{ report_id }}/status | Report Status | sast_api |
/reports/sastScan/{{ report_id }} | Report Results | sast_api |
/auth/teams/{{ team_id }} | Teams | access_control_api |
Data Validation
Matching Data between Checkmarx CxSAST and Vulcan
Matching Assets
In Checkmarx:
Click on the relevant section or page where assets are displayed.
The number of assets displayed in Checkmarx should match the number of assets displayed in Vulcan under the "Assets" tab.
In Vulcan:
Matching Vulnerability Instances
In Checkmarx:
Click on a specific asset to view its details.
Navigate to the "Full Scan Results" section.
Click on the latest completed scan (scan history).
Click on the magnifying glass icon to view vulnerability details for that scan.
Count the incidents or vulnerabilities listed on this page.
In Vulcan:
Go to the "Vulnerabilities" section.
Compare the number of vulnerability instances (incidents) in Vulcan with the count obtained from Checkmarx.
The incidents count in Vulcan should match the vulnerability instances count in the vendor's platform.