Ant Integration


Apache Ant is a software tool for automating software build processes. It is implemented using the Java language, requires the Java platform, and is best suited to building Java projects. Ant uses XML to describe the build process and its dependencies and by default the XML file is named build.xml. Ant is open source software, and is released under the Apache License.

You can integrate CxSAST with any Ant code build process, enabling a project XML file to automatically initiate a Checkmarx CxSAST scan.

Integration is achieved with the Checkmarx CxConsole command-line interface plugin. The following procedure explains how to install the plugin and how to customize your project XML file to call a scan. The procedure contains recommendations and examples that may vary according to environment and use case.To customize a code build project to automatically call a CxSAST scan:

  1. Go to www.checkmarx.com/plugins, and download the CLI plugin.
  2. Extract the downloaded zip archive into a local directory (a directory that does not require Administrator privileges to execute).
  3. In the following steps you will customize your project build.xml file for CxSAST integration. Here's an example of a full customized build.xml file.
  4. Add the following to any part of your project build.xml file, inside the <project> XML tag for your source code project (but not inside any lower-level tag). 

    <!-- CxConsole initiation -->
    <!-- Mandatory Parameters -->
    <property name="ProjectName" value="project_name"/>
    <property name="CxServer" value="http://xxx.xxx.xxx.xxx"/>
    <property name="CxUser" value="username"/>
    <property name="CxPassword" value="password"/>
    <property name="Locationtype" value="folder"/>
    <property name="locationpath" value="full_path"/>
    <!--Optional Scan parameters -->
    <property name="preset" value="Default"/>
    <!--
    Example of CxConsole CLI command:
    "C:\Program Files (x86)\Checkmarx\CxConsole_6.2.6.2\runCxConsole.cmd" Scan -ProjectName Test -CxServer http://localhost -CxUser admin@cx -CxPassword admin -Locationtype folder -locationpath 
    :\Users\joe\Desktop\Projects\Java\1_Under_70K\BookStore_Java_21412lines\BookStore_Java_21412lines\
    --> 
    <target name="CxScan">
        <parallel>
        <!-- runCxConsole.cmd full path -->
            <property name="CxConsole" location="C:\CxConsole_6.2.6.2\runCxConsole.cmd"/>
            <echo message="Initiating Checkmarx Scan"/>
            <exec executable="${CxConsole}">
                <arg value="Scan"/>
                <arg value="-ProjectName"/>
                <arg value="${ProjectName}"/>
                <arg value="-CxServer"/>
                <arg value="${CxServer}"/>
                <arg value="-CxUser"/>
                <arg value="${CxUser}"/>
                <arg value="-CxPassword"/>
                <arg value="${CxPassword}"/>
                <arg value="-Locationtype"/>
                <arg value="${Locationtype}"/>
                <arg value="-locationpath"/>
                <arg value="${locationpath}"/>
                <arg value="-preset"/>
                <arg value="${preset}"/>
                <arg value="-v"/>
            </exec>
        </parallel>
    </target>

     
    For more information on <exec> syntax, go to ant.apache.org/manual/Tasks/exec.html .

  5. In the above added code, change the following parameter values:

    PropertyDescription
    ProjectNameCxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.
    CxServerIP address or resolvable name of CxSAST web server.
    CxUserCxSAST account username.
    CxPasswordCxSAST account password.
    LocationtypeDo not change.
    LocationpathFull path to source code location (folder).
    PresetThe named set of queries to be executed.
    CxConsolelocation should be full path to runCxConsole.cmd .
  6. Save the changes to build.xml .
  7. Optionally, test the integration by running:
    ant CxScan

Running your build process will now automatically initiate a Checkmarx CxSAST scan.