Checkmarx
Overview
Checkmarx's Bring Your Own Results (BYOR) feature allows you to seamlessly import vulnerability findings from HoundDog.ai into the Checkmarx One platform (formerly Checkmarx AST). This integration provides a centralized view of application security within Checkmarx’s Application Risk Management dashboard.
This integration is available for enterprise plan customers only.
To utilize BYOR, you have two options:
- Manual Import: Use Checkmarx’s
cxcommand-line tool to import SARIF output files from the HoundDog.ai code scanner into Checkmarx One. - Automated Integration: Configure the HoundDog.ai Cloud Platform to automatically send scan results to Checkmarx One.
This page focuses on the Automated Integration method. For instructions on Manual Import, refer to this page.
Prerequisites
To configure automated scan result submission from HoundDog.ai to Checkmarx One, ensure that your Checkmarx One account has the BYOR feature enabled and that you have the necessary permissions.
You also need the following information:
| Required Information | Notes |
|---|---|
| Tenant Name | This is your unique Checkmarx One tenant name (not the UUID). You can find it in the Identity and Access Management console. |
| Region | To determine your region code, refer to the base URL used to access your Checkmarx One web platform. The region code is typically embedded in the URL. For example:
If you are unsure about your region code, consult your Checkmarx One administrator or support team. |
| API Key | Follow the instructions on this page to generate a Checkmarx One API key. |
Lastly, ensure you have a Checkmarx One application with at least one associated project by following the instructions on this page.
Setup Instructions
Log in to the HoundDog.ai Cloud Platform as an admin user.
Navigate to the Checkmarx integration page and enter the tenant name, region and the API key. Click on Save Settings:
Navigate to the repository settings page for your desired repository and scroll down to the Checkmarx section. Select the Checkmarx project you want to link to the repository:
Note: Each HoundDog.ai repository maps one-to-one with a Checkmarx project.
Once the setup is complete, every repository scan will automatically send newly detected vulnerabilities to Checkmarx's Application Risk Management dashboard.