Application Management (v8.8.0)

General

The General screen enables you to set the paths, folders, web server address, and language as well as other application specific settings and SMTP.

Server Settings

In the Server settings panel, you can set folder locations, maximum number of scans, default settings and automatic sign in. 

Click Edit. The setting fields are enabled.

The panel includes the following settings:

  • Reports Folder - Set the reports folder to save reports in (e.g. C:\CxReports)
  • Results Folder - Set the results folder to save results in (e.g. C:\Program Files\Checkmarx\Checkmarx Jobs Manager\Results)
  • Executables Folder - Set the executables folder to save executables in (e.g. C:\Program Files\Checkmarx\Executables)
  • Path to GIT client executable - Set the GIT client executable path (e.g. C:\Program Files\git\bin\git.exe).

    The validation of 'git.exe' and 'p4.exe' is no longer mandatory in CxSAST when defining the 'Path to GIT client executable' and the 'Path to Perforce command-line client executable' parameters.

  • Path to P4 command line client executable - Set the Perforce client executable path (e.g. C:\Program Files\Perforce\p4.exe)

    If you haven't already done so, download the P4 command line executable (HELIX P4: COMMAND-LINE) from: https://www.perforce.com/downloads/helix, run the .exe file making sure the installed files are placed into a directory that CxSAST can access (i.e. C:\Program Files\Perforce)". Use this same directory to fill the Path to P4 command line client executable parameter field.

  • Maximum number of concurrent scans - Set the maximum number of concurrent scans a CxManager can run. This cannot exceed the licensed number of concurrent scans. Reducing the number of concurrent scans below the licensed amount can help to prevent the CxManager out of resources. The default is 2. CxScansManager service must be restarted before any changes to this setting will go into effect. 
  • Time remaining until task completion (min) - Set the time remaining until task completion (timer).
  • Web Server Address - Set the web server address in order to access links in generated report from outside the organization.
  • Long Path Support - Enables long path support for the CxSAST application. Enabling long path support is required on all CxEngines and all CxManagers. Without long path support the path of source file to be scanned is limited to 260 characters. 
  • Default Server Language - Set the default server language.
  • Allow Auto Sign In - Enable/Disable auto sign in.

SMTP Settings

The SMTP settings panel enables you to set the host settings and default credentials of your SMTP.

Click Edit. The setting fields are enabled.

This panel includes the following settings:

  • Host - Type in the host domain
  • Port - Select a port number
  • Encryption Type - Select the encryption type
  • Email from Address - Notification by E-mail address
  • Use Default Credentials - Enable/disable default credentials. If enabled the default credentials of the host machine are used
  • User Name - Type in the user name
  • Password - Type in the password

OSA Settings

The OSA settings panel enables you to set the CxOSA settings for the system.

Click Edit. The setting fields are enabled.

This panel includes the following settings:

  • Organization Token - Displays the organization token provided by WS (read-only)
  • OSA Scan Options:
    • Standard Scan – This option analyses open source identifiers (e.g. file name, group Id and Artifact ID) providing better accuracy, but less confidentiality (Default for new installations).
      Restricted Scan – This option analyses open source fingerprints only, providing better security, but less accuracy (Default for upgrades on existing installations).

License Details

The License Details screen is divided into the following windows:

General

The General panel provides general license information.

This includes the following information:

  • Edition - CxSAST license edition (SDLC or Security Gate)
  • Expiration Date -  CxSAST license expiry date
  • LOC - The number of lines of code the license was bought for
  • HID - Hardware identification number
  • CxOSA License - Open Source Analysis license status (Enabled, Disabled or Conditional with expiration date for Conditional version).

To request a new license, if you have not yet obtained a permanent license, copy your Hardware ID, which you will need in order to obtain a license from Checkmarx. Or, you can later obtain your hardware ID by using the shortcut in the Windows / Start menu Checkmarx folder.

Supported Languages

The Supported Languages panel includes the supported languages used in default queries.

Capacity

The Capacity panel provides information about the number of users (combined roles), projects and engines available and in use in the system according to the current license.

The Capacity panel includes the following information:

  • Users - Number of users available in the system (i.e. Server Managers, Service Provider Managers, Company Managers, Scanners and Reviewers)
  • Auditors - Number of users available in the system that have auditing permissions and can run CxAudit (i.e Auditors Users)
  • Projects - Number of projects available in the system
  • Number of Concurrent Scans - Number of concurrent scans available in the system.

License Expiration Notification

The License Expiration Notification panel provides notification behavior settings for when your CxSAST license is about to expire.


  • Notification by E-mail - If checked, a notification email is automatically sent to the CxSAST Administrator User on a weekly basis, starting 90 days (defined in the database) before the actual license is set to expire. 

    The Notification by E-mail address is defined under under the E-mail Notifications parameter in Server SMTP Setting

Installation Information

The Installation Information screen povides a list of all the Cx components installed, the Installation Path, Version (with build), DNS, IP, Hotfix, and State. 

External Services Settings

CxSAST offers additional tools for application security and development environments in order to improve secure coding and practices using external service providers. By activating this feature, a secure handshake is performed between your organization, Checkmarx external servers and the external service providers.

Click the Activate/Reactivate External Services button to activate or reactivate (if deactivated) a secure communication path between your organization, CxSAST and the service provider.

In cases where the automatic activation process doesn't perform as expected, you may need to request a manual activation. Please contact Checkmarx support.

Click Edit. The Codebashing Settings fields are enabled. 

  • Enable Codebashing - If selected, enables anonymous data collection in order to provide user analytics. The second checkbox, enables non-anonymous data collection in order to provide user analytics. This option, if selected, sends user details (email) to Codebashing for Analytics View.

Engine Server Management

Engine Server Management enables an interface for viewing real-time engine server status information that includes the number of engine servers in the system (active and offline), status of each engine server (scanning, idle, blocked, etc.) and location (URL) and scan size of each engine server.  Direct action options (single) include register, edit, unregister and block/unblock engine servers.

The Engine Server Management screen automatically refreshes itself every 20 seconds.

Engine Sever Management provides real-time information about the status of each engine server in the system. Each engine server is listed according to its status. The engine server list includes the following information:

FieldDescription

Engine Sever Name

Name of the engine server

Status

Status of the engine server:

  • Scanning
  • Idle (engine server waiting to receive scan requests
  • Blocked (engine server unable to receive scan requests)
  • Offline (engine server unable to communicate to system, e.g. machine down, service stopped, connectivity issues, etc.)
  • Scanning and Blocked (engine server running scans already requested from the system, before the engine server was blocked)
Engine URL

URL of the engine server

Scan Size

Engine server scan size

Actions

Single actions: edit, unregister and block/unblock engine server

Performing Engine Sever Management Actions

Once the Engine Management screen is displayed you can perform single actions.

Register a New Engine Server

You can register a new engine server to the system.

To register a new engine server, click the Register Engine Server button. The Register Engine Server dialog is displayed.

Define the following attributes:

ParameterDescription

Server Name

Enter the name of the engine server. Each engine server should have a unique name.

Server URI

Enter the URI address of the engine server. URI address must start with the http(s):// prefix.
Scan LOC LimitEnter the scan LOC (lines of code) limit. The 'From' and 'To' definition must be a whole number between 0 - 999,999,999.

Click Update to save the changes. The new engine server is added to the engine List.

Edit an Existing Engine Servers Attributes

You can edit an existing engine server's attributes in the system.

To edit an existing engine servers attributes:

Click the Actions  icon in line with the engine server that you would like to edit and select Edit. The Edit Engine Server dialog is displayed.

Change the engine server's attributes accordingly (see Register a New Engine Server for more information about the available attributes).

Click Update to save the changes.

Unregister an Engine Server

You can unregister an existing engine server in the system.

To unregister an existing engine server:

Click the Actions  icon in line with the engine server that you would like to unregister and select Unregister. The Unregister Engine Server dialog is displayed.

Click Unregister Engine to continue, or click Cancel. The engine server is removed from the engine list.

You cannot unregister an engine server that is currently running a scan.

Block/unblock an Engine Server

You can block an engine server in the system. Blocking prevents the engine server from accepting any new scan requests from the system. Scans already requested from the system, before the engine server was blocked, will continue uninterrupted until completion.

To block an engine server in the system:

Click the Actions  icon in line with the engine server that you would like to block and select Block. The Block Engine Server dialog is displayed.

Click Block Engine to continue, or click Cancel. The status of the engine server is changed to Blocked in the engine list.

To unblock an engine server in the system, perform the same procedures, as above, and select Unblock until completed. Once the engine server is unblocked it can start to accept new scan requests from the system.