Integrating Maven (CLI)

You can integrate CxSAST with any Maven code build process, enabling a project XML file to automatically initiate a Checkmarx CxSAST scan.

  1. Navigate to www.checkmarx.com/downloads/ , click on Plugins, and click on 'DOWNLOAD HERE' for the CLI component

          NOTE: Please note the  'CxSast *' column as it represents the minimum CxSast version required for the plugin.

  1. Extract the downloaded zip archive into a local directory (a directory that does not require Administrator privileges to execute).
  2. In the extracted directory, create a copy of runCxConsole.cmd and change its name to:
    runCxConsole.bat
  3. In the following steps you will customize your project pom.xml file for CxSAST integration. Here's an example of a full customized pom.xml file.
    Add the following to your project pom.xml file, in the <plugins> section of the <build> section:

  4. In the above added code, change the contents of the <workingdirectory> tag to the path to your extracted CxConsole directory (in which runCxConsole.bat is located).
  5. In pom.xml, usually outside the <build> section, add the following. If a <properties> section already exists, just add to it the lower-level tags (from <ProjectName> to </preset>):

  6. In the above added Properties code, change the following parameter values:

    Property

    Description

    ProjectName

    CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.

    CxServer

    IP address or resolvable name of CxSAST web server.

    CxUser

    CxSAST account username.

    CxPassword

    CxSAST account password.

    Locationtype

    Do not change.

    locationpath

    Full path to source code location (folder).

    preset

    The named set of queries to be executed.

  7. Save the changes to pom.xml .
  8. CxSAST integration requires the exec-maven plugin. If the following dependency code already exists in your pom.xml , you should already have this plugin. If not, add code that will automatically install the plugin:
    1. Add the following dependency code inside any <dependencyManagement> section (usually outside the <build> section):

    2. Save the changes to pom.xml and run:
      mvn install
      The plugin should be automatically installed. For more information about this plugin see: mojo.codehaus.org/exec-maven-plugin/
  9. Optionally, test the integration by running:
    Mvn exec:execm

Running your build process will now automatically initiate a Checkmarx CxSAST scan.