GitHub Integration


Checkmarx CxSAST supports GitHub Integration enabling the identification of new vulnerabilities with proximity to their creation. GitHub integration can listen to GitHub commit events and trigger Cx scans per GitHub commit. An event threshold determines how many GitHub push events to accumulate before triggering a scan. Once a scan is completed, a GitHub commit comment is created with both scan summary information and a link to the CX Viewer.

GitHub Integration Flow

The following represents the GitHub integration flow:

  1. The Cx Server Manager enables and configures Git integration.
  2. The Cx Scanner user configures specific Cx project for GitHub integration.
  3. The Developer on GitHub pushes one or more commits.
  4. GitHub sends out a Push event.
  5. Cx automatically identifies the Push event and triggers a security scan.
  6. When the scan completes, Cx automatically creates a GitHub commit comment with scan results summary and link to the Cx viewer.
  7. The Developer receives automatic email notification from GitHub, and now can review scan summary in the email or in the GitHub commit comment.
  8. The Developer can use the provided link to review detailed scan results in the Cx viewer.