CxSAST System Architecture Overview (v9.3.0)

The CxSAST system consists of the following components:


CxSAST supports the following clients (user interfaces):

  • Web Portal - provides an intuitive web interface to create, manage and analyze code scan projects in CxSAST.
  • CxAudit - provides the capability to create or customize analysis queries for use in CxSAST.
  • API - provides the capability for developers to create unique client implementations using the available APIs.
  • CLI - provides a command line interface for the CxSAST functionality and CI scenarios.
  • IDE Plugins - provide scanning and integrated scan result navigation directly from the IDE development environment.
  • CI Plugins - provide integration to CxSAST compatible plugins (e.g. Jenkins) for CI/CD scenarios.


CxSAST includes the following server components:

  • WS (IIS Web Service) - controls CxManager actions (i.e. initiating scans, viewing results and generating reports). Access Control manages roles and users.
  • CxManager - manages and integrates system components, performs all system functions utilizing the IIS Web and Result services.
  • Management & Orchestration (Optional) - manages security risk and orchestrates policy management, and includes remediation intelligence for unified findings, helping to drive decision across the organization based on actionable data.
  • ActiveMQ – manages messaging queues.
  • CxEngine - performs the code scans.
  • Database - stores scan results and system settings.
  • File System - controls how the data is stored and retrieved.

Architecture Types

CxSAST supports the following:

The communication between CxClient and CxManager and between CxManager and the CxEngine is maintained via HTTP by default, but can be configured to be maintained via HTTPS instead.