Configuring the Connection to a Source Control System (v9.3.0 and up)
One of the options for source locations is Source Control. Selecting this option enables you to select and connect to one of the following source control types:
- TFS
- SVN
- GIT
- Preforce
To connect to a source control system, do the following:
1. When creating a project, select Source Control as location for the source code to be scanned.
2. Click <Select>. The Source Control window is displayed with a drop down menu to select the desired source control type.
Files inside a zip file that are located inside a repository are not sent for scanning. Extract the content of the zip file to the repository before scanning.
Defining Source Control for TFS
1. Select TFS from the drop-down. The TFS Connection Details panel is displayed.
2. The TFS Connection Details panel includes the following parameters:
- Repository URL - the repository URL address (Supports HTTP and HTTPS, i.e. <protocol>://<site name>:<port>/tfs/<Collection> (must point to the repository named <Collection>)).
- Port Number - the port number
- Required Authentication - select to enforce authentication
- User Name - the user name (required with enforced authentication)
- Password - the password (required with enforced authentication)
3. Click <OK>.
Defining Source Control for SVN
1. Select SVN from the drop-down. The SVN Connection Details panel is displayed.
2. The SVN Connection Details panel includes the following parameters:
- Repository URL - the repository URL address (Supports HTTP, HTTPS and SSH private/public key infrastructure, i.e. <protocol>://<server_ip>/<repository_name>)
- Port Number - the port number
- Required Authentication - select to enforce authentication
- User Name - the user name (required with enforced authentication)
- Password - the password (required with enforced authentication)
- SHH Authentication - select to use secure authentication with SSH
3. Selecting SHH Authentication displays the following additional parameters:
- Private Key Text - add private key text
- Private Key File - select and upload a private key file
Checkmarx does not support SSH keys with a passphrase.
For best results, use ssh-keygen, per these instructions, and not PuTTYgen.
4. Click <OK>.
Defining Source Control for GIT
Requirements for using GIT repository:
- Download GIT Installation Package and perform the installation on CxSAST Manager Server (use installation defaults)
- Define Path+ exe file in CxSAST Management > Application Settings > General > Path to GIT Client Executable (i.e. C:\Program Files\Git\bin\git.exe).
1. Select GIT from the drop-down. The GIT Connection Details panel is displayed.
2. The GIT Connection Details panel includes the following parameters:
- Repository URL - the repository URL address (Supports HTTP, HTTPS, i.e. <protocol>://<user>:<password>@<server_ip>/<repository_name>.git or SSH private/public key infrastructure, i.e. git@<git_site>:<user_name>/<repository_name>.git).
If your repository URL contains the character "@", replace it with "%40" (html encoding) before inserting the URL.
For tip to find your GIT Repository URL refer to GitHub - Tips on Finding Git / GitHub Repository URLs
- Authentication - select an authentication method.
For more information about the various athentication methods, please refer to Configuring a Project with Git Integration
3. Click Test Connection. Once the 'Connection Successful' message is displayed you can continue.
- GitHub Scan Automation - select to include GitHub Integration.
4. Enter the GitHub repository owner and collaborator credentials into the relevant User Name and Password fields.
- The GitHub user with repository owner authorization will be used for creating and using a GitHub WebHook (see GitHub Webhooks).
- The GitHub user with repository collaborator authorization is used to create commit comments.
5. Configure the Event threshold. A scan in Checkmarx CxSAST will be initiated only after this number of events has occurred, since the last triggered scan.
By default, the event threshold value is set to 5, because triggering a scan after fewer events may overload the system. If the user specifies a lower number, a warning message is displayed.
6. Click <Validate Webhook Credentials> to confirm authentication to the GitHub webhooks works correctly. A 'Server Connection Verified Successfully' message is displayed.
7. Click <OK> to complete procedure.
For more information about the various options for GitHub integration, please refer to GitHub Integration
Defining Source Control for Perforce
Currently CxSAST is unable to scan code from any system that contains symbolic links.
1. Select Perforce from the drop-down. The Perforce Connection Details panel is displayed.
The Perforce Connection Details panel includes the following parameters:
- Repository URL - the repository URL address (i.e. SSL:<server_ip> or <server_ip>)
- Port Number - the port number
- User Name - the user name
- Password - the unique password
- Browsing Mode - select Depot (for shared file repositories) or Workspace (for grouped file repositories).
2. Click <OK>.
To set the Perforce client executable path, refer to the Path to P4 command line client executable parameter in the Server Settings.
You can now continue to configure the project.
For All connections - Connection between CxManager Server and 3rd party repo server is done with the credentials that are configured to the CxPool IIS Application Pool.
.
Read more:
- Creating and Configuring a CxSAST Project (v9.4.0 and up)
- Creating and Configuring a CxSAST Project (v9.3.0)
- Creating and Configuring a CxSAST Project (v9.0.0 to v9.2.0)
- Creating and Configuring a CxSAST Project (v8.9.0)
- Creating and Configuring a CxSAST Project (v8.8.0)
- Configuring Open Source Analysis