CXSCA LICENSE TYPES AND RESTRICTIONS - Checkmarx

CXSCA LICENSE TYPES AND RESTRICTIONS

Version: 2023.02

Last Updated: 02.10.2023

Checkmarx SCA License Types and Restrictions

Product Description License Types (defined below)
Cx-User Named User
Cx-ScannedUnit Scanned Unit Based

License Types:

  1. “Named User” means a license is tied to a specific individual named user so that the license may only be used by that individual named user.
  2. A “Scanned Unit Based” license permits the scanning of a single Scanned Unit during the license term, where the term Scanned Unit is defined as either: (i) 1 Project, or (ii) 10 Microservices.

A “Project” is defined as a single codebase which is maintained over time, and used to build a particular named software module or application.

A “Microservice” is defined as a single codebase up to twenty thousand (20,000) lines of code that is independently deployable with well-defined interfaces and operations, which is part of a suite of modular components or services and supports a specific task or a business goal.

Additional License Restrictions:

A user who either: (i) uses one of the Checkmarx SCA user interfaces (i.e., via its user interface, IDE plugin, etc.), or (ii) uses the output of the scans (via APIs, ticketing systems, PDF reports, or any other form that does not require direct access to Checkmarx SCA) for the purpose of tracking, resolving, or remediating vulnerabilities detected by Checkmarx SCA, must be provisioned as a Named User.

Customer may not: (1) provide access to Checkmarx SCA to any individual who does not hold a valid Named User License; or (2) distribute the output generated by Checkmarx SCA in violation of the Named User restrictions noted above; however the review of report summaries: (a) by Customer management personnel, or (b) for audit purposes, shall not be deemed to consume a Named User license where such users do not access Checkmarx SCA or use the report summaries to remediate vulnerabilities detected by Checkmarx SCA.

Named Transfer Rights:

Customer may transfer Named User licenses when an existing Named User resigns, is terminated or permanently no longer requires access to Checkmarx SCA. Such transfer is conditioned upon Customer promptly revoking the credentials of the individual who is no longer an authorized Named User and properly credentialing the individual who is the replacement authorized Named User.

Checkmarx SAST / Checkmarx One Migration Licenses

This license type applies to the extent Checkmarx has provided Customer with Checkmarx SCA migration licenses to enable Customer’s migration to the Checkmarx One platform. Checkmarx SCA migration licenses are temporary, for the sole purpose of facilitating Customer’s migration to the Checkmarx One platform and are provided for the license term set out in the Quote. Checkmarx SCA Migration licenses are only permitted to scan code contributed by developers who are licensed as a Contributing Developer under the Checkmarx One platform.