Explore the docs »
Maketplace »
Report Bug
·
Request Feature
Table of Contents
⚠️ Important notice for version 3.0.0 and above: To make the Checkmarx One plugin for ADO more lightweight, the CLI tool has been removed and now needs to be downloaded separately during use. This change may affect customers who restrict access to whitelisted domains, requiring them to add download.checkmarx.com to their whitelist. Customers who are unable to whitelist this domain, can use an older version of the plugin, which is available for download here.
The Checkmarx One (AST) Azure DevOps plugin enables you to integrate the full functionality of the Checkmarx One platform into your ADO pipelines. You can use this plugin to trigger Checkmarx One scans as part of your CI/CD integration.
This plugin provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository and uploads it to Checkmarx One for scanning. This provides easy integration with ADO while enabling scan customization using the full functionality and flexibility of the CLI tool.
The plugin code can be found here.
-
Configure ADO pipelines to automatically trigger scans running all Checkmarx One scanners: CxSAST, CxSCA, IaC Security, Container Security, API Security, Secret Detection and Repository Health (OSSF Scorecard).
-
Supports adding a Checkmarx One scan as a pre-configured task or as a YAML
-
Supports use of CLI arguments to customize scan configuration, enabling you to:
-
Customize filters to specify which folders and files are scanned
-
Apply preset query configurations
-
Customize SCA scans using SCA Resolver
-
Set thresholds to break build
-
-
Send requests via a proxy server
-
Break build upon policy violation
-
View scan results summary and trends in the ADO environment
-
Direct links from within ADO to detailed Checkmarx One scan results
-
Generate customized scan reports in various formats (JSON, HTML, PDF etc.)
-
Generate SBOM reports (CycloneDX and SPDX)
-
Supports Team Foundation Version Control (TFVC) based repos.
- You have a Checkmarx One account and you have an OAuth Client ID and Client Secret for that account (see Creating an OAuth Client for Checkmarx One Integrations) or you have a Checkmarx One API Key (see Generating an API Key).
-
Verify that all prerequisites are in place.
-
Install the Checkmarx AST plugin from marketplace and configure the settings as described here.
To see how you can use our plugin, please refer to the Documentation
We appreciate feedback and contribution to the AZURE PLUGIN! Before you get started, please see the following:
Distributed under the Apache 2.0. See LICENSE for more information.
We’d love to hear your feedback! If you come across a bug or have a feature request, please let us know by submitting an issue in GitHub Issues.
Checkmarx - AST Integrations Team
Project Link: https://github.com/checkmarx/ast-azure-plugin
Find more integrations from our team here
© 2022 Checkmarx Ltd. All Rights Reserved.