Server Host Requirements (v8.9.0)
- Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.
For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.
In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | OS | Web Server | Other Software |
---|---|---|---|---|---|---|---|---|
Centralized (POC) | 200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) | Windows | IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or above (Run msiexec to check) .NET framework 4.7.1 |
500K | 16 GB | |||||||
Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan. * Scans of 1M LOC or more are | 2.8 GHz | 250 GB | Windows Server | IIS 7/7.5/8/8.5/10 | |
600K | 16 GB | |||||||
1.2M | 24 GB | 2.8 GHz | ||||||
2M | 40 GB | |||||||
3M | 56 GB | |||||||
4M | 72 GB | |||||||
Distributed - CxEngine (Production) For multiple CxEngine servers(for concurrent scans), each server should meet the requirements. | 200K | 6 GB | 4 (for 1 concurrent scan) Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores ) | Recommended: 2.8 GHz | 100 GB | NA | ||
600K | 12 GB | |||||||
1.2M | 20 GB | Recommended: 2.8 GHz | ||||||
2M | 32 GB | |||||||
3M | 48 GB | |||||||
4.5M | 72 GB | |||||||
Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB | IIS 7/7.5/8/8.5/10 | |||
Distributed - CxManager without Management & Orchestration Layer (Production) | 10 GB | 4 | 2.5 GHz | 250 GB | IIS 7/7.5/8/8.5/10 | |||
Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400 GB (recommended) | NA | MS SQL Server (Express not recommended) 2008/2012/2014/2016 |
** Note: GB RAM / LOC numbers for Javascript are higher.
Note that the Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning can not be used.
Cloud Environments
Note that for Cloud environment installations (AWS, etc.), these requirements may not be exactly the same as for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Server Hardening Checklist
The following security hardening recommendations for the Checkmarx installation are:
Checkmarx Application -
- Configure Checkmarx System Admin login from dedicated IP`s only
- Use SSL for HTTPS based browsing – prohibit using HTTP
- Use SAML based authentication for the system (replacing local users)
- If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)
- Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible
Application Hosting Servers -
- Follow NIST standard
- Use - https://www.ssllabs.com/ssltest/analyze.html for checking general security of the implementation.
For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.