CxSAST/CxOSA License Types and Restrictions

Checkmarx SAST License Types and Restrictions

Version: 2023.02

Last Updated: 02.10.2023

Checkmarx SAST License Types and Restrictions

Product Description License Types (defined below)
Cx-User (under Cx-Volume Users); Cx-SG-User; Cx-SDLC-User Named User
Cx-Server (also called CxManager) Node Locked
Cx-ConcurrentScans Concurrent Engine Unit
Cx-Project Project Based
Cx-Auditor Named User
Cx-Integration Integration License

License Types:


  1. “Node Locked” means the Software is licensed to install, run and use on a single computer.
  2. “Named User” means a license is tied to a specific individual named user so that the license may only be used by that individual named user.
  3. A “Project Based” license permits the scanning of a single named Project during the license term, where the term “Project” is defined as a single codebase which is maintained over time, and used to build a particular named software module or application.
  4. Integration License” means the purchased integration may be used during the term of any active Software license purchased by Customer.
  5. Concurrent Engine Unit” means the number of scans that can be executed using the Software in parallel at any point in time.


Additional License Restrictions:


A user who either: (i) uses one of the Software user interfaces (i.e., via its user interface, IDE plugin, etc.), or (ii) uses the output of the scans (via APIs, ticketing systems, PDF reports, or any other form that does not require direct access to the Software) for the purpose of tracking, resolving, or remediating vulnerabilities detected by the Software, must be provisioned as a Named User.


Customer may not: (1) provide access to the Software to any individual who does not hold a valid Named User License; or (2) distribute the output generated by the Software in violation of the Named User restrictions noted above; however the review of report summaries: (a) by Customer management personnel, or (b) for audit purposes, shall not be deemed to consume a Named User license where such users do not access the Software or use the report summaries to remediate vulnerabilities detected by the Software.


License Transfer Rights:


  1. Customer may transfer Named User licenses when an existing Named User resigns, is terminated or permanently no longer requires access to the Software. Such transfer is conditioned upon Customer promptly revoking the credentials of the individual who is no longer an authorized Named User and properly credentialing the individual who is the replacement authorized Named User.
  2. Customer may transfer a Node Locked software license to a different machine a reasonable number of times by: (a) sending a written license transfer request to Licensor; (b) obtaining a new license key (HID) from Licensor, which is required to activate the software on the new machine; and (c) promptly deleting the previously installed software upon transfer of the software to the new machine.
  3. Licensor reserves the right to limit license transfers if such activity is excessive or constitutes abuse, as determined by Licensor in its reasonable discretion.


Checkmarx SAST / Checkmarx One Migration Licenses


This license type applies to the extent Licensor has provided Customer with Checkmarx SAST migration licenses to enable Customer’s transition to the Checkmarx One Platform. Checkmarx SAST migration licenses are temporary, for the sole purpose of facilitating Customer’s migration to the Checkmarx One platform and are provided for the license term set out in the Quote. Checkmarx SAST Migration licenses are only permitted to scan code contributed by developers who are licensed as a Contributing Developer under the Checkmarx One platform.

Skip to content