Ant Integration


You can integrate CxSAST with any Ant code build process, enabling a project XML file to automatically initiate a Checkmarx CxSAST scan.

Integration is achieved with the Checkmarx CxConsole command-line interface plugin. The following procedure explains how to install the plugin and how to customize your project XML file to call a scan. The procedure contains recommendations and examples that may vary according to environment and use case.To customize a code build project to automatically call a CxSAST scan:

  1. Go to www.checkmarx.com/plugins, and download the CLI plugin.
  2. Extract the downloaded zip archive into a local directory (a directory that does not require Administrator privileges to execute).
  3. In the following steps you will customize your project build.xml file for CxSAST integration. Here's an example of a full customized build.xml file.
  4. Add the following to any part of your project build.xml file, inside the <project> XML tag for your source code project (but not inside any lower-level tag). 

     
    For more information on <exec> syntax, go to ant.apache.org/manual/Tasks/exec.html .

  5. In the above added code, change the following parameter values:

    PropertyDescription
    ProjectNameCxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.
    CxServerIP address or resolvable name of CxSAST web server.
    CxUserCxSAST account username.
    CxPasswordCxSAST account password.
    LocationtypeDo not change.
    LocationpathFull path to source code location (folder).
    PresetThe named set of queries to be executed.
    CxConsolelocation should be full path to runCxConsole.cmd .
  6. Save the changes to build.xml .
  7. Optionally, test the integration by running:
    ant CxScan

Running your build process will now automatically initiate a Checkmarx CxSAST scan.