General
The General screen enables you to set the paths, folders, web server address, and language as well as other application specific settings and SMTP.
Server Settings
In the Server settings panel, you can set folder locations, maximum number of scans, default settings and automatic sign in.
...
- Reports Folder - Set the reports folder to save reports in (e.g. C:\CxReports)
- Results Folder - Set the results folder to save results in (e.g. C:\Program Files\Checkmarx\Checkmarx Jobs Manager\Results)
- Executables Folder - Set the executables folder to save executables in (e.g. C:\Program Files\Checkmarx\Executables)
Path to GIT client executable - Set the GIT client executable path (e.g. C:\Program Files\git\bin\git.exe).
Info The validation of 'git.exe' and 'p4.exe' is no longer mandatory in CxSAST when defining the 'Path to GIT client executable' and the 'Path to Perforce command-line client executable' parameters.
Path to P4 command line client executable - Set the Perforce client executable path (e.g. C:\Program Files\Perforce\p4.exe)
Info If you haven't already done so, download the P4 command line executable (HELIX P4: COMMAND-LINE) from: https://www.perforce.com/downloads/helix, run the .exe file making sure the installed files are placed into a directory that CxSAST can access (i.e. C:\Program Files\Perforce)". Use this same directory to fill the Path to P4 command line client executable parameter field.
- Maximum number of concurrent scans - Set the maximum number of concurrent scans a CxManager can run. This cannot exceed the licensed number of concurrent scans. Reducing the number of concurrent scans below the licensed amount can help to prevent the CxManager out of resources. The default is 2. CxScansManager service must be restarted before any changes to this setting will go into effect.
- Time remaining until task completion (min) - Set the time remaining until task completion (timer).
- Web Server Address - Set the web server address in order to access links in generated report from outside the organization.
- Long Path Support - Enables long path support for the CxSAST application. Enabling long path support is required on all CxEngines and all CxManagers. Without long path support the path of source file to be scanned is limited to 260 characters.
- Default Server Language - Set the default server language.
- Allow Auto Sign In - Enable/Disable auto sign in.
SMTP Settings
The SMTP settings panel enables you to set the host settings and default credentials of your SMTP.
...
- Host - Type in the host domain
- Port - Select a port number
- Encryption Type - Select the encryption type
- Email from Address - Notification by E-mail address
- Use Default Credentials - Enable/disable default credentials. If enabled the default credentials of the host machine are used
- User Name - Type in the user name
Password - Type in the password
OSA Settings
For more information about OSA Settings and Open Source Analysis (CxOSA) in general, see /wiki/spaces/CCOD/pages/1010565620 in the /wiki/spaces/CCOD/overview.
License Details
The License Details screen is divided into the following windows:
General
The General panel provides general license information.
...
| Info |
|---|
To request a new license, if you have not yet obtained a permanent license, copy your Hardware ID, which you will need in order to obtain a license from Checkmarx. Or, you can later obtain your hardware ID by using the shortcut in the Windows / Start menu Checkmarx folder. |
Supported Languages
The Supported Languages panel includes the supported languages used in default queries.
Capacity
The Capacity panel provides information about the number of users (combined roles), projects and engines available and in use in the system according to the current license.
...
- Users - Number of users available in the system (i.e. Server Managers, Service Provider Managers, Company Managers, Scanners and Reviewers)
- Auditors - Number of users available in the system that have auditing permissions and can run CxAudit (i.e Auditors Users)
- Projects - Number of projects available in the system
- Number of Concurrent Scans - Number of concurrent scans available in the system.
License Expiration Notification
The License Expiration Notification panel provides notification behavior settings for when your CxSAST license is about to expire.
...
Notification by E-mail - If checked, a notification email is automatically sent to the CxSAST Administrator User on a weekly basis, starting 90 days (defined in the database) before the actual license is set to expire.
Info The Notification by E-mail address is defined under under the E-mail Notifications parameter in Server SMTP Setting
Installation Information
The Installation Information screen povides a list of all the Cx components installed, the Installation Path, Version (with build), DNS, IP, Hotfix, and State.
...
| Info | ||||
|---|---|---|---|---|
| ||||
The latest queries pack version is also listed in cases where a Content Pack is installed. For more information about the Content Pack for your version, see the relevant version release notes section. |
External Services Settings
CxSAST offers additional tools for application security and development environments in order to improve secure coding and practices using external service providers. By activating this feature, a secure handshake is performed between your organization, Checkmarx external servers and the external service providers.
...
- Enable Codebashing - If selected, enables anonymous data collection in order to provide user analytics. The second checkbox, enables non-anonymous data collection in order to provide user analytics. This option, if selected, sends user details (email) to Codebashing for Analytics View.
Engine Server Management
Engine Server Management enables an interface for viewing real-time engine server status information that includes the number of engine servers in the system (active and offline), status of each engine server (scanning, idle, blocked, etc.) and location (URL) and scan size of each engine server. Direct action options (single) include register, edit, unregister and block/unblock engine servers.
...
| Field | Description |
|---|---|
Engine Sever Name | Name of the engine server |
| Status | Status of the engine server:
|
| Engine URL | URL of the engine server |
Scan Size | Engine server scan size |
Actions | Single actions: edit, unregister and block/unblock engine server |
Performing Engine Sever Management Actions
Once the Engine Management screen is displayed you can perform single actions.
Register a New Engine Server
You can register a new engine server to the system.
...
Click Update to save the changes. The new engine server is added to the engine List.
Edit an Existing Engine Servers Attributes
You can edit an existing engine server's attributes in the system.
...
Click Update to save the changes.
Unregister an Engine Server
You can unregister an existing engine server in the system.
...
| Info |
|---|
You cannot unregister an engine server that is currently running a scan. |
Block/unblock an Engine Server
You can block an engine server in the system. Blocking prevents the engine server from accepting any new scan requests from the system. Scans already requested from the system, before the engine server was blocked, will continue uninterrupted until completion.
...