Skip to main content

Checkmarx

CatalogScorecards

Summary

Checkmarx is an automated application security platform. It can be used to drive insights into security vulnerabilities and risk. We only support Checkmarx CxSAST.

Setup

In order to connect Cortex to your Checkmarx CxSAST instance, you’ll need to create a user with access to the sast_rest_api scope and add the username and password under Settings → Checkmarx. Additionally you will need the hostname of your Checkmarx CxSAST instance (including the protocol).

If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.

If you're using a self-hosted instance of Checkmarx, you'll need to verify that your Cortex instance is able to reach the Checkmarx instance.
We route our requests through a static IP address. Reach out to support at help@cortex.io to receive details about our static IP. If you're unable to directly whitelist our static IP, you can route requests through a secondary proxy in your network that has this IP whitelisted, and have that proxy route traffic to your Checkmarx instance.

Registration

Discovery

By default, Cortex will use your associated Git repository (e.g. repo-name) or the service tag as the "best guess" for the Checkmarx project name.

If your repository and service names don’t cleanly match the Checkmarx CxSAST project names or you have multiple Checkmarx projects for a service, you can add a Checkmarx project id or Checkmarx project name in the Cortex Service Descriptor.

Catalog Descriptor

If you need to override the automatic discovery, you can define the following block in your Cortex Catalog Descriptor.

x-cortex-checkmarx:
  projects:
    - projectId: 1234
    - projectId: 2345

Or

x-cortex-checkmarx:
  projects:
    - projectName: My Cool Project
    - projectId: 1234