Overview
Checkmarx's Bring Your Own Results (BYOR) feature allows you to seamlessly import vulnerability findings from HoundDog.ai into the Checkmarx One platform (formerly Checkmarx AST). This integration provides a centralized view of application security within Checkmarx’s Application Risk Management dashboard.
This integration is available for enterprise plan customers only.
To utilize BYOR, you have two options:
- Manual Import: Use Checkmarx’s
cxcommand-line tool to import SARIF output files from the HoundDog.ai code scanner into Checkmarx One. - Automated Integration: Configure the HoundDog.ai Cloud Platform to automatically send scan results to Checkmarx One.
This page focuses on the Manual Import method. For instructions on Automated Integration, refer to this page.
Prerequisites
Before proceeding, ensure you have done the following:
- Install the latest version of the
hounddogcommand-line tool by following the instructions on this page. - If you have not already, generate a HoundDog.ai API key by following the instructions on this page.
- Install the
cxcommand-line tool by following the instructions on this page in the Checkmarx documentation. - Ensure you have a Checkmarx One application with at least one associated project by following the instructions on this page.
Manual Import
Scan a repository using the hounddog command-line tool and generate results in Checkmarx-compatible SARIF format by running the following command (replace <repository-path> with the path to the repository you want to scan):
hounddog scan <repository-path> --output-format=checkmarx > scan-results.sarifOnce the scan completes, the results will be saved as a scan-results.sarif file in the current working directory.
Upload the file to Checkmarx One using the cx command-line tool (replace <project-name> with the name of the Checkmarx One project where you want to import the results):
cx utils import --project-name <project-name> --import-file-path scan-results.sarifOnce the upload is complete, you should see the new vulnerabilities in Checkmarx's Application Risk Management dashboard.