Configuring CxSAST Settings

  • Configuring CxSAST settings for JIRA integration requires CxManager permissions. Please contact Checkmarx support for further assistance.
  • Before you start configuring the settings on the SAST side and link to the desired Jira server make sure that you configure the Description and Priority fields since Checkmarx requires these fields from the Jira API.

To Configuring CxSAST settings for JIRA integration:

 1. On the CxSAST server, open the following file for editing:
     C:\Program Files\Checkmarx\CheckmarxWebPortal\Web\web.config

In a distributed deployment, this file resides on the CxManager host.

 2. Under the 'appSettings' element, add the following parameter key:
    <add key="EnableIssueTracking" value="true"></add>

 3. Log in to the CxSAST Web Portal. Log out first, if currently logged in.

 4. Go to Settings > Application Settings Issue Tracking Settings, and click Add Issue Tracking System.

 5. Enter the following:

  • The top-level URL of your JIRA Server including the protocol (http or https)
  • The port number
  • A JIRA user account with permissions for creating issues and for reading issue metadata

 6. Click <Create> to complete.

 

 7. Go to Project & Scans and click Create New Project.

 8. In the Advanced Actions stage, under Issue Tracking Settings, select the JIRA Server.

 9. Click Select, and configure JIRA issue submissions.

 

 10. Set the JIRA Project (created in the previous step) and set Issue Type to Bug.

 11. Configure default values for issue fields. Select each JIRA Field, select a Field Default and then click <Set>. Make sure to configure values for all mandatory fields (marked with *).

  • If the user name entered in the previous step is an email address, an actual user name should be entered in the Reporter field for the ticket submission.
  • If you use Jira Cloud, you have to enter the user GUID instead of your email and username. For instructions on obtaining the user GUID and updating your Checkmarx project with this user ID, refer to the instructions at the bottom of this page.

 12. Click <Save >to save the settings.

 13. Click <Finish> to complete creating the CxSAST project.

 14. Proceed to the most recent scan results in the Results Viewer for the CxSAST project to check the CxSAST/JIRA Integration usage. For further information, refer to Using the CxSAST / JIRA Integration.


 To obtain a user GUID

1. Log into your JIRA Cloud server.

2. Navigate to People.

3. Click People to view the list of users.

4. Select the desired user. The respective User GUID appears at the end of the URL as illustrated below.

 

 To update your Checkmarx project with the new user GUID

1. Log in to the Checkmarx portal.

2. On the Projects page, navigate to your project.

3. To update your project configuration, do the following:

    a. Navigate to the bottom, select the Advanced tab and then click <Select> next to Issue Tracking Settings.

    b. Replace the username in the Reported and Assignee fields with your newly obtained user GUID.

    c. Click <Save> and then <Update> to apply this change.