You can integrate CxSAST with any Maven code build process, enabling a project XML file to automatically initiate a Checkmarx CxSAST scan.
- Navigate to www.checkmarx.com/downloads/ , click on Plugins, and click on 'DOWNLOAD HERE' for the CLI component
NOTE: Please note the 'CxSast *' column as it represents the minimum CxSast version required for the plugin.
- Extract the downloaded zip archive into a local directory (a directory that does not require Administrator privileges to execute).
- In the extracted directory, create a copy of runCxConsole.cmd and change its name to:
In the following steps you will customize your project pom.xml file for CxSAST integration. Here's an example of a full customized pom.xml file.
Add the following to your project pom.xml file, in the <plugins> section of the <build> section:
- In the above added code, change the contents of the <workingdirectory> tag to the path to your extracted CxConsole directory (in which runCxConsole.bat is located).
In pom.xml, usually outside the <build> section, add the following. If a <properties> section already exists, just add to it the lower-level tags (from <ProjectName> to </preset>):
In the above added Properties code, change the following parameter values:
CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.
IP address or resolvable name of CxSAST web server.
CxSAST account username.
CxSAST account password.
Do not change.
Full path to source code location (folder).
The named set of queries to be executed.
- Save the changes to pom.xml .
- CxSAST integration requires the exec-maven plugin. If the following dependency code already exists in your pom.xml , you should already have this plugin. If not, add code that will automatically install the plugin:
Add the following dependency code inside any <dependencyManagement> section (usually outside the <build> section):
- Save the changes to pom.xml and run:
The plugin should be automatically installed. For more information about this plugin see: mojo.codehaus.org/exec-maven-plugin/
- Optionally, test the integration by running:
Running your build process will now automatically initiate a Checkmarx CxSAST scan.