Skip to main content

Configuring the Checkmarx One CLI

Configuration Methods

CLI configuration parameters can be submitted using three different methods, as follows:

  • CLI parameters - when submitting any CLI command you can add the configuration parameters.

  • Configuration file - a configuration file can be created by running the CLI configure command. See configure


    The Configuration files are kept in the users home directory under a subdirectory named ($HOME/.checkmarx)

  • Environment variables - the environment variables of your system.

Variables Hierarchy

When variables are submitted using multiple methods, the following precedence is used when there is a conflict between the different provided values:

  1. CLI parameters

  2. Configuration file

  3. Environment variables


In order to submit CLI commands you need to be authenticated for your Checkmarx One account. The required authentication parameters can be submitted as part of the CLI command or via Config or Environment variables (see Checkmarx One CLI Config and Environment Variables for details). Authentication can be done either via an OAuth Client or an API Key.

Required Parameters

The following parameters are required for authentication, depending on the type of authentication used.

  • cx_apikey

    To generate an API Key use the following procedure:


The CLI automatically extracts all relevant account info (Base URL, Auth URL, Tenant name) from the API Key. You can use arguments to submit these values explicitly, overriding the extracted values. However, this is generally not recommended.

OAuth Client
  • cx_base_uri

  • cx_base_auth_uri

  • cx_tenant

  • cx_client_id

  • cx_client_secret

    To create an OAuth client, use the following procedure: