You can integrate CxSAST with any Ant code build process, enabling a project XML file to automatically initiate a Checkmarx CxSAST scan.
Integration is achieved with the Checkmarx CxConsole command-line interface plugin. The following procedure explains how to install the plugin and how to customize your project XML file to call a scan. The procedure contains recommendations and examples that may vary according to environment and use case.To customize a code build project to automatically call a CxSAST scan:
- Go to www.checkmarx.com/plugins, and download the CLI plugin.
- Extract the downloaded zip archive into a local directory (a directory that does not require Administrator privileges to execute).
- In the following steps you will customize your project build.xml file for CxSAST integration. Here's an example of a full customized build.xml file.
Add the following to any part of your project build.xml file, inside the <project> XML tag for your source code project (but not inside any lower-level tag).
For more information on
<exec> syntax, go to ant.apache.org/manual/Tasks/exec.html .
In the above added code, change the following parameter values:
|CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.|
|IP address or resolvable name of CxSAST web server.|
|CxSAST account username.|
|CxSAST account password.|
|Do not change.|
|Full path to source code location (folder).|
|The named set of queries to be executed.|
location should be full path to runCxConsole.cmd .
- Save the changes to build.xml .
- Optionally, test the integration by running:
Running your build process will now automatically initiate a Checkmarx CxSAST scan.