# Checkmarx

{% hint style="info" %}
Cortex connects to many third-party vendors whose system interfaces frequently change. As a result, integration behavior or configuration steps may shift without notice. If you encounter unexpected issues, check with your system administrator or refer to the vendor's documentation for the most current information. Additionally, integration sync times vary and are subject to scheduling overrides and timing variance.
{% endhint %}

## Overview

Checkmarx is an automated application security platform that checks source code for security vulnerabilities and compliance issues. Integrate Cortex with Checkmarx to drive insight into the vulnerabilities detected on your entities.

This integration is supported for [Checkmarx Static Application Security Testing (SAST)](https://checkmarx.com/cxsast-source-code-scanning/).

## How to configure Checkmarx with Cortex

### Prerequisites

Before getting started, create a user with access to the `sast_rest_api` scope.

{% hint style="warning" %}
If you're using a self-hosted instance of Checkmarx, you'll need to verify that your Cortex instance is able to reach the Checkmarx instance.\
\
We route our requests through a static IP address. Reach out to support at <help@cortex.io> to receive details about our static IP. If you're unable to directly allowlist our static IP, you can route requests through a secondary proxy in your network that has this IP allowlisted and have that proxy route traffic to your Checkmarx instance.
{% endhint %}

### Configure the integration in Cortex

1. In Cortex, navigate to the [Checkmarx settings page](https://app.getcortexapp.com/admin/integrations/checkmarx).
   * Click **Integrations** from the main nav. Search for and select **Checkmarx**.
2. Click **Add configuration**.
3. Configure the Checkmarx integration form:
   * **Username** and **Password**: Enter the username and password for the user with access to `sast_rest_api`.
   * **Host**: Enter the full URL of your Checkmarx instance.
4. Click **Save**.

To modify the integration configuration, see [Modifying an existing integration configuration](/ingesting-data-into-cortex/integrations.md#modifying-an-existing-integration-configuration).

## How to connect Cortex entities to Checkmarx

### Discovery

By default, Cortex will use your associated Git repository (e.g. `repo-name`) or the service tag as the "best guess" for the Checkmarx project name.

If your repository and entity names don’t cleanly match the Checkmarx CxSAST project names, or if you have multiple Checkmarx projects for a service, you can add a Checkmarx project ID (recommended) or a Checkmarx project name in the Cortex entity descriptor.

### Editing the entity descriptor

We recommend using the project ID as it is a unique identifier across projects.

Example using project IDs:

```yaml
x-cortex-checkmarx:
  projects:
    - projectId: 1234
    - projectId: 2345
```

Example using both project IDs and names:

```yaml
x-cortex-checkmarx:
  projects:
    - projectName: My Cool Project
    - projectId: 1234
```

## Using the Checkmarx integration

#### Entity pages

Once the integration is established, vulnerabilities pulled from Checkmarx will be available for each entity in the **Code and Security** block in the **Overview** tab.

While viewing an entity, click **Code & security > Checkmarx**. On this page, view the number of vulnerabilities per severity and a link directly to your Checkmarx instance.

### Scorecards and CQL

With the Checkmarx integration, you can create Scorecard rules and write CQL queries based on Checkmarx details.

See more examples in the [CQL Explorer](https://app.getcortexapp.com/admin/cql-explorer) in Cortex.

<details>

<summary>Check if Checkmarx project is set</summary>

Check if entity has a registered Checkmarx project in its entity descriptor. If there is a Checkmarx project name, we will try and make sure that the project exists in Checkmarx.

**Definition:** `checkmarx (==/!=) null: Boolean`

**Example**

In a Scorecard, you can write a rule to check whether an entity has a Checkmarx project set:

```
checkmarx != null
```

</details>

<details>

<summary>Checkmarx scan risk</summary>

Get the maximum scan risk among the entity's project's latest scans

**Definition:** `checkmarx.sastScanRisk(): Number`

**Example**

In a Scorecard, you can write a rule to verify that an entity has no Checkmarx projects where the latest scan risk is higher than 35:

```
checkmarx.sastScanRisk() < 35
```

</details>

<details>

<summary>Number of Checkmarx vulnerabilities</summary>

Get the count of all vulnerabilities for an entity's Checkmarx project's last scan

**Definition:** `checkmarx.numOfVulnerabilities(): Number`

**Example**

In a Scorecard, you can write a rule to verify that an entity has no vulnerabilities with a severity of `HIGH`:

```
checkmarx.numOfVulnerabilities(severity=["High"]) < 1
```

Verify that an entity has less than 5 vulnerabilities total:

```
checkmarx.numOfVulnerabilities() < 5
```

</details>

### View integration logs <a href="#still-need-help" id="still-need-help"></a>

## FAQs and troubleshooting

**Does Cortex support integrating with Checkmarx One?**

No, Cortex does not currently support Checkmarx one. Only Checkmarx SAST is supported for this integration.

## Still need help?[​](https://docs.cortex.io/docs/reference/integrations/aws#still-need-help) <a href="#still-need-help" id="still-need-help"></a>

The following options are available to get assistance from the Cortex Customer Engineering team:

* **Email**: <help@cortex.io>, or open a support ticket in the in app Resource Center
* **Slack**: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a `:ticket:` reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cortex.io/ingesting-data-into-cortex/integrations/checkmarx.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.