Checkmarx
Overview
Visualize application security vulnerabilities, monitor code quality, enforce security standards, and ensure compliance with secure coding practices using Checkmark. The blueprint enables tracking and analysis of static application security testing (SAST) results, identifies potential risks in codebases, and provides actionable insights to improve software security and governance. It supports continuous improvement of development workflows by integrating security into the software development lifecycle.
Configurations
| Configuration | Description |
|---|---|
| Blueprint Account Name | A human-readable name for your account that will be used to identify this account across the application. |
| URL | Base URL for fetching resources also know as ast URL. |
| Api Key | Secret API Key used to authenticate. |
| Auth URL | Base URL for the AUTH also known as iam url. |
| Tenant ID | Tenant ID also known as realm id. |
| Data Crawl Frequency | The frequency at which Kscope will crawl the account for resources. |
| Event Crawl Frequency | The frequency at which Kscope will crawl the account for Cloudtrail events. |
Permissions
The Checkmarx blueprint requires an API Key which can be generated in the Checkmarx One platform under IAM settings.
Required Permissions:
manage-resultsmanage-scansmanage-projectsmanage-applications
Permission Details:
| Permission | Why it's needed |
|---|---|
manage-results | Access scan results, vulnerabilities, and findings data |
manage-scans | Read scan execution details and status information |
manage-projects | Access project configuration and metadata |
manage-applications | Read application definitions and associated rules |
For more details on the Checkmarx permissions, you can refer to the following documentation: Checkmarx One API Documentation
Schema Model
| Resources | Source Entity | Normalized Entity | Description |
|---|---|---|---|
| checkmarx.application | checkmarx.application | Application | Represents an application in Checkmarx. |
| checkmarx.application.Root | checkmarx.application.Root | Root | The root node of a Checkmarx application. |
| checkmarx.application.Application | checkmarx.application.Application | Application | Represents an application within Checkmarx. |
| checkmarx.application.Rule | checkmarx.application.Rule | Rule | Represents a rule within a Checkmarx application. |
| checkmarx.project | checkmarx.project | Project | Represents a Checkmarx project. |
| checkmarx.project.Root | checkmarx.project.Root | Root | The root node of a Checkmarx project. |
| checkmarx.project.Project | checkmarx.project.Project | Project | Represents a specific project in Checkmarx. |
| checkmarx.scan | checkmarx.scan | Scan | Represents a scan within Checkmarx. |
| checkmarx.scan.Root | checkmarx.scan.Root | Root | The root node of a Checkmarx scan. |
| checkmarx.scan.Scan | checkmarx.scan.Scan | Scan | Represents an individual scan in Checkmarx. |
| checkmarx.scan.StatusDetail | checkmarx.scan.StatusDetail | StatusDetail | Provides status details for a scan in Checkmarx. |
| checkmarx.scan.Result | checkmarx.scan.Result | Result | Represents the result of a Checkmarx scan. |
| checkmarx.scan.Data | checkmarx.scan.Data | Data | Data generated by a Checkmarx scan. |
| checkmarx.scan.PackageData | checkmarx.scan.PackageData | PackageData | Represents package-related data in a scan. |
| checkmarx.scan.Comments | checkmarx.scan.Comments | Comments | Comments associated with a scan in Checkmarx. |
| checkmarx.scan.Cvss | checkmarx.scan.Cvss | Cvss | Represents CVSS score data for vulnerabilities. |
| checkmarx.scan.VulnerabilityDetails | VulnerabilityDetails | checkmarx.scan.VulnerabilityDetails | Provides detailed vulnerability information. |
| checkmarx.scan.Node | checkmarx.scan.Node | Node | Represents a node in a Checkmarx scan. |
| checkmarx.scan.SASTResult | checkmarx.scan.SASTResult | SASTResult | Represents SAST (Static Application Security Testing) results. |
| checkmarx.scan.SASTResultNode | checkmarx.scan.SASTResultNode | SASTResultNode | Represents a node within a SAST result. |
| checkmarx.scan.KICSResult | checkmarx.scan.KICSResult | KICSResult | Represents results from KICS (Kubernetes Infrastructure Compliance Scanning) in Checkmarx. |
Events
| Event | Description |
|---|---|
| events.cxiam.realm.updated | Triggered when a realm's configuration or settings are updated in Checkmarx IAM. |
| events.cxiam.user.ast-role.assigned | Indicates the assignment of an Application Security Testing (AST) role to a user. |
| events.cxiam.user.iam-role.assigned | Represents the assignment of an Identity and Access Management (IAM) role to a user. |
| events.cxiam.user.account.created | Signals the creation of a new user account in Checkmarx IAM. |
| events.ast-reports.report.requested | Triggered when a user requests an Application Security Testing (AST) report. |
| events.cxiam.user.account.login | Captures a user's successful login event in Checkmarx IAM. |
| events.cxiam.user.mfa.updated | Represents updates made to a user's Multi-Factor Authentication (MFA) settings. |
| events.cxiam.user.account.deleted | Occurs when a user account is deleted from Checkmarx IAM. |
| events.cxiam.user.mfa.deleted | Triggered when Multi-Factor Authentication (MFA) is disabled or removed for a user account. |
| events.cxiam.user.account.updated | Tracks changes to a user's account, such as profile updates or role modifications. |