Server Host Requirements (v9.4.0 and up)
Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.
For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.
In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | OS | Web Server | Other Software | |
---|---|---|---|---|---|---|---|---|---|
Centralized (POC) | 200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) | See: | IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or above .NET Framework 4.7.1
Java 1.8 (Oracle or AdoptOpenJdk). C++ Redist 2010 and 2015 SP3 MS SQL Driver For specific details on required prerequisites per product component, see | |
500K | 16 GB | ||||||||
Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan. * Scans of 1M LOC or more are | 2.8 GHz | 250 GB | IIS 7/7.5/8/8.5/10 | |||
600K | 16 GB | ||||||||
1.2M | 24 GB | 2.8 GHz | |||||||
2M | 40 GB | ||||||||
3M | 56 GB | ||||||||
4M | 72 GB | ||||||||
Distributed - CxEngine (Production) For multiple CxEngine servers(for concurrent scans), each server should meet the requirements. | 200K | 6 GB | 4 (for 1 concurrent scan) Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores) Recommended socket configuration: Single socket | Recommended: 2.8 GHz | 100 GB | NA | |||
600K | 12 GB | ||||||||
1.2M | 20 GB | Recommended: 2.8 GHz | |||||||
2M | 32 GB | ||||||||
3M | 48 GB | ||||||||
4.5M | 72 GB | ||||||||
Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB | IIS 7/7.5/8/8.5/10 | ||||
Distributed - CxManager without Management & Orchestration Layer (Production) or Web Portal (apart of CxManager) | 10 GB | 4 | 2.5 GHz | 250 GB | IIS 7/7.5/8/8.5/10 | ||||
Distributed - ActiveMQ (Production) | 8 GB | 4 | 2.5 GHz | 250 GB (recommended) | |||||
Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400 GB (recommended) | NA | MS SQL Server MSSQL 2019 is supported on CxSAST 9.3 and up |
** Note: GB RAM / LOC numbers for Javascript are higher.
As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux (v9.3.0)
The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.
Cloud Environments
For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Engine Socket configuration
To learn more about socket configuration, use our Engine Socket Configuration guide
DB Latency
Acceptable Latency | Components | |
---|---|---|
Network | <5ms, ideally <1ms | CxManager(s), SQL Server(s), ActiveMQ |
Network | <30ms | CxEngines |
Disk I/O | <20ms avg | CxManager, CxEngine, SQL Server, ActiveMQ |
Server Hardening Checklist
CxSAST supports the following hardening policy: CIS Microsoft Windows Server 2016 Benchmark Level 1
The security hardening recommendations for the Checkmarx installation are the following:
Checkmarx Application -
- Configure Checkmarx System Admin login from dedicated IP`s only
- Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.
- Use SAML based authentication for the system (replacing local users)
- If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)
- Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible
Application Hosting Servers -
- Follow NIST standard
- Use - https://www.ssllabs.com/ssltest/analyze.html for checking general security of the implementation.
Recommended Resolutions
For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.