Checkmarx
Overview
Checkmarx's Bring Your Own Results (BYOR) feature allows you to seamlessly import vulnerability findings from HoundDog.ai into the Checkmarx One platform (formerly Checkmarx AST). This integration provides a centralized view of application security within Checkmarx’s Application Risk Management dashboard.
This integration is available for enterprise plan customers only.
To utilize BYOR, you have two options:
- Manual Import: Use Checkmarx’s
cx
command-line tool to import SARIF output files from the HoundDog.ai code scanner into Checkmarx One. - Automated Integration: Configure the HoundDog.ai Cloud Platform to automatically send scan results to Checkmarx One.
This page focuses on the Manual Import method. For instructions on Automated Integration, refer to this page.
Prerequisites
Before proceeding, ensure you have done the following:
- Install the latest version of the
hounddog
command-line tool by following the instructions on this page. - If you have not already, generate a HoundDog.ai API key by following the instructions on this page.
- Install the
cx
command-line tool by following the instructions on this page in the Checkmarx documentation. - Ensure you have a Checkmarx One application with at least one associated project by following the instructions on this page.
Manual Import
Scan a repository using the hounddog
command-line tool and generate results in Checkmarx-compatible SARIF format by running the following command (replace <repository-path>
with the path to the repository you want to scan):
hounddog scan <repository-path> --output-format=checkmarx > scan-results.sarif
Once the scan completes, the results will be saved as a scan-results.sarif
file in the current working directory.
Upload the file to Checkmarx One using the cx
command-line tool (replace <project-name>
with the name of the Checkmarx One project where you want to import the results):
cx utils import --project-name <project-name> --import-file-path scan-results.sarif
Once the upload is complete, you should see the new vulnerabilities in Checkmarx's Application Risk Management dashboard.