CxSAST Application Maintenance Guide
Introduction
Checkmarx CxSAST collects sources, logs, and sensitive information and stores it in files and the database. This document describes the backup, recovery, maintenance, and cleanup procedures for CxSAST.
CxSAST is comprised of the following main components:
System Manager | - Manages the system services: cleanup, monitoring, etc. |
|---|---|
Jobs Manager | - Runs all long management tasks: creates reports, prepares sources, etc. |
Scans Manager | - Manages all scans |
Engine Server | - Performs the scans |
Web Services | - Connects the web clients with third-party systems |
Web Portal | - Web interface with CxSAST |
Audit | - Client for creating and customizing queries |
Database | - Stores scan results and system settings |
Backup
CxSAST is composed of files and the database; both should be backed up.
Step 1. Stop the CxServices
Stop the CxJobsManager, CxScansManager, CxSystemManager, and CxScanEngine services by opening Services, selecting CxService , and clicking Stop for each one (this depends on your Checkmarx distributed installation).
Step 2. Stop the Web Server
Stop the IIS Web server by opening the IIS Manager, selecting the server name, and clicking Stop in the Actions menu.
Step 3. Back up the Checkmarx Folder
1. Create a new Checkmarx backup folder (recommended to include backup date).
Example: C:\Program Files\Checkmarx - > C:\Program Files\Checkmarx15052016
2. Copy the following items from the Checkmarx folder:
Configuration, Executable , and Licenses folders and the following configuration files:
Checkmarx Audit\CxAudit.exe.config
Checkmarx Audit\Config.xml
Checkmarx Audit\appsettings.json
Checkmarx Engine Service\Engine Server\CxEngineAgent.dll.config
Checkmarx Engine Service\Engine Server\appsettings.json
Checkmarx Jobs Manager\bin\CxJobsManagerWinService.exe.config
Checkmarx Jobs Manager\bin\JobsManager.logging.config.json
Checkmarx Scans Manager\bin\CxScansManagerWinService.exe.config
Checkmarx Scans Manager\bin\ScansManager.logging.config.json
Checkmarx System Manager\bin\CxSystemManagerService.exe.config
Checkmarx System Manager\bin\SystemManager.logging.config.json
Checkmarx Web Services\CxWebInterface\Web.config
Checkmarx Web Services\CxWebInterface\bin\WebServices.logging.config.json
Checkmarx WebPortal\Web\Web.config
Checkmarx WebPortal\Web\Log4Net.config
Step 4. Backup the Database
Back up the database using the standard database tools.
Step 5. Backup the Scanned Source Folder
Copy the CxSrc folder and rename it as the backup (it is recommended to include the backup date).
Example: C:\CxSrc - > C:\CxSrc15052016
Step 6. Restart the CxServices
Restart the CxJobsManager, CxScansManager, CxSystemManager, and CxScanEngine services by opening Services, selecting CxService , and clicking Restart for each one (this depends on your Checkmarx distributed installation).
Step 7. Restart the Web Server
Restart the IIS Web server by opening the IIS manager, selecting the <server name>, and clicking <Start> in the Actions menu.
Recovery
The recovery steps below consider the following: a new installation of CxSAST on your server using the same installation path and CxSAST version previously installed when the backup was performed.
Step 1. Stop the CxServices
Stop the CxJobsManager, CxScansManager, CxSystemManager, and CxScanEngine services by opening Services, selecting CxService , and clicking Stop for each one (this depends on your Checkmarx distributed installation).
Step 2. Stop the Web Server
Stop the IIS Web server by opening the IIS Manager, selecting the <server name>, and clicking <Stop> in the Actions menu.
Step 3. Restore Checkmarx`s Backedup Folders and Configuration Files
Restore the Checkmarx folders and configuration files that were previously backed up by copying the files from the backup folder to your newly created folder and overwriting the original files:
Example: C:\Program Files\Checkmarx15052016 - > C:\Program Files\Checkmarx
Step 4. Restore the Scanned Source Folder
Copy the CxSrc folder from the backup, overwriting the new empty folder:
Example: C:\CxSrc15052016 - > C:\CxSrc
Step 5. Restore the Database
Restore the database that has been previously backed up by overwriting the databases created by the new installation.
Step 6. Restart the CxServices
Restart the CxJobsManager, CxScansManager, CxSystemManager, and CxScanEngine services by opening Services, selecting CxService , and clicking Restart for each one (this depends on your Checkmarx distributed installation).
Step 7. Restart the Web Server
Restart the IIS Web server by opening the IIS Manager, selecting the <server name>, and clicking <Start> in the Actions menu.
Step 8. Check the Recovered Version
Perform a basic test on the new version to check that everything is up and running:
Login
View older scan results.
Run a new small scan.
View the new scan results.
Maintenance and Cleanup
Maintenance and cleanup of Checkmarx CxSAST refer to the following types of data:
Sources | - Source files that are scanned are stored in several locations during the scan |
|---|---|
Logs | - Old logs that can simply be deleted, moved, or compressed as needed |
Reports | - All reports are saved on the disk. If deleted, a new report can be created on request |
CxManager
This includes the System Manager, Jobs Manager, Scans Manager, and Web Services.
Sources
CxSrc
Default location: C:\CxSrc
This is the main source location. After the scan is complete, CxSAST leaves one copy of the source to be used by the project viewer and to create code samples in reports.
The recommended method to clean the CxSrc folder is to use CxSAST’s built-in data retention feature. This allows scanned files to be retained in the CxSrc folder (and the DB).
It is also possible to delete old sources from the Checkmarx folder if required. Deleting the sources will not affect the statistical information saved in the database. Opening the project viewer, which no longer has sources, will only result in an empty code area.
It is also possible to use the Microsoft compressed folder option to save disk space (see Appendix A: Compressing a Folder in Windows). Compressing a folder for a project will save about 90% of the space and only affect performance when accessing the project's viewer.
ExtSrc
Default location: C:\ExtSrc
This is used as a temporary folder to extract the content of Zip files. Any files that remain in this location can be deleted with no implications.
Logs
Default location: C:\Program Files\Checkmarx\Logs
All logs are saved on the disk. Old logs can simply be deleted or compressed as needed.
Reports
Default location: C:\CxReports
All reports are saved on the disk. If deleted, a new report can be created at your request.
As all created reports are in this folder but sent to the requesting client, the saved reports can be deleted with no implications.
CxEngine
Sources
CxSrc
Default location: C:\CxSrc
If the CxEngine is installed on a separate server, this folder should be cleaned separately from the CxManager. If it is separate, and only after scans are completed, and any files remain in this location, they can be deleted with no implications.
Logs
Default location: C:\Program Files\Checkmarx\Logs
C:\Program Files\Checkmarx\ Checkmarx Engine Service\Logs\Trace
All logs are saved on the disk. Old logs can simply be deleted, moved, or compressed as needed.
Scans
Default location: C:\EngineServiceScans\Scans
All scans are saved on the disk. While the engine is not running, old scans can be deleted, moved, or compressed as needed.
CxWebPortal
Logs
Default location: C:\Program Files\Checkmarx\Logs\WebClient
C:\Program Files\Checkmarx\Logs\WebClient\Trace
All logs are saved on the disk. Old logs can simply be deleted, moved, or compressed as needed.
CxAudit
Sources
CxAuditSrc
Default location:
Cx8.4.2 and below C:\CxAuditSrc
Cx8.5 and up: %AppData%\..\local\Checkmarx\CxAudit\CxAuditSrc
All sources are saved on the disk. Old sources can simply be deleted, moved, or compressed as needed.
Logs
Default location: C:\Program Files\Checkmarx\Checkmarx Audit\Logs
All logs are saved on the disk. Old logs can simply be deleted, moved, or compressed as needed.
Database
Checkmarx CxSAST uses two main databases (CxDB and CxActivity). Both databases can be set to Recovery Model = Simple to keep the log size small.
Appendix A: Compressing a Folder in Windows
The NTFS file system used by Windows has a built-in compression feature known as NTFS compression. With a few clicks, you can compress files, making them take up less space on your hard drive. Best of all, you can still access the files normally.
Using NTFS compression involves a trade-off between CPU time and disk activity. Compression will work better in certain situations and with certain types of files.
Trade-Offs
NTFS compression makes files smaller on your hard drive. You can access these files normally without cumbersome zipping and unzipping. Like all file compression systems, your computer must use additional CPU time for decompression when it opens the file.
However, this doesn’t necessarily mean it will take any longer to open the file. Modern CPUs are fast, but disk input/output speeds haven’t improved as much. Consider a 5 MB uncompressed document – when you load it, the computer must transfer 5 MB from the disk to your RAM. If that same file were compressed and took up 4 MB on the disk, the computer would transfer only 4 MB from the disk. The CPU would have to spend some time decompressing the file, but this will happen very quickly – it may even be faster to load the compressed file and decompress it because disk input/output is so slow.
You may see faster file loading times for compressed files on a computer with a slow hard disk and a fast CPU – such as a laptop with a high-end CPU but a slow, energy-efficient physical hard disk.
This is especially true as NTFS compression isn’t very aggressive in its compression. A test by Tom’s Hardware found that it compressed much less than a tool like 7-Zip, which reaches higher compression ratios using more CPU time.
When to Use and When Not to Use NTFS Compression
NTFS compression is ideal for:
Files you rarely access. (If you never access the files, the potential slow-down when accessing them is unnoticeable).
Files in uncompressed format. (Office documents, text files, and PDFs may significantly reduce file size, while MP3s and videos are already stored in a compressed format and won’t shrink much, if at all).
Saving space on small solid-state drives. (Warning: Using compression will result in more writes to your solid-state drive, potentially decreasing its life span. However, you may gain some more usable space.)
Computers with fast CPUs and slow hard disks.
NTFS compression should not be used for:
Windows system files and other program files. Using NTFS compression here can reduce your computer’s performance and potentially cause other errors.
Servers where the CPU is getting heavy use. On a modern desktop or laptop, the CPU sits in an idle state most of the time, which allows it to decompress the files quickly. If you use NTFS compression on a server with a high CPU load, the server’s CPU load will increase and take longer to access files.
Files in compressed format. (You won’t see much improvement by compressing your music or video collections).
Computers with slow CPUs, such as laptops with low-voltage power-saving chips. However, if the laptop has a very slow hard disk, it’s unclear whether compression would help or hurt performance.
How to Use NTFS Compression
Now that you understand which files you should compress and why you shouldn’t compress your entire hard drive or Windows system folders, you can start compressing some files. Windows allows you to compress an individual file, a folder, or even an entire drive (although you should not compress your system drive).
1. To start, right-click the file, folder, or drive you want to compress and select Properties.
2. Under Attributes, click Advanced.
3. Check Compress contents to save disk space and click OK twice.
4. If you enable compression for a folder, Windows asks you whether you also want to encrypt subfolders and files.
5. In this example, we saved some space by compressing a folder of text files from 356 KB to 255 KB, about a 40% reduction. Text files are uncompressed, so we saw a big improvement here.
6. Compare the Size of the disk field to see how much space you saved.
7. In Windows Explorer, compressed files and folders are identified by their blue names.
8. To extract these files in the future, go back to their advanced attributes and clear Compress.