Skip to main content

Authentication for Checkmarx One CLI

In order to submit CLI commands you need to be authenticated for your Checkmarx One account. The required authentication parameters can be submitted as part of the CLI command or via Config or Environment variables, see Using Checkmarx One CLI Variables. Authentication can be done either via an OAuth2 Client or an API Key.

Required Parameters

The following parameters are required for authentication, depending on the method being used.

API Key
  • cx_apikey

Notice

The CLI automatically extracts all relevant account info (Base URL, Auth URL, Tenant name) from the API Key. You can use arguments to submit these values explicitly, overriding the extracted values. However, this is generally not recommended.

OAuth2 Client
  • cx_base_uri

  • cx_base_auth_uri

  • cx_tenant

  • cx_client_id

  • cx_client_secret

Generating an API Key

You can generate an API Key by logging in to Checkmarx One and generating a new API Key, as described below. Alternatively, an API Key can be generated using the Authentication API.

Figure 1. 
Generating_an_API_Key.gif

GIF - How to generate an API Key



To Log in to Checkmarx One:

  1. Open the URL for your environment.

  2. Log in to your Checkmarx One account by entering your Tenant Account, Username and Password.

Notice

The roles (permissions) assigned to the API Key are inherited from the user account that generates the key. Therefore, if you want to enable admin rights for your integrations, make sure to log in to an admin account.

To generate an API Key via Checkmarx One:

  1. Log in to the Checkmarx One web portal and select Identity_and_Access_MGMT.png Identity and Access Management in the main navigation.

    The IAM portal opens.

  2. In the main navigation, click API Keys, then click on the Create Key button.

    6028853310.bmp

    A new key is created with the permissions of the current user assigned to it.

  3. Copy the key and save it in a place where you will be able to retrieve it for future use.

    6028853316.bmp

Notice

Once you close the window, you will no longer be able to access this API Key.

Notice

You can obtain a curl for submitting the request for an access token, by clicking on Show details and copying the content.

Creating an OAuth2 Client for Checkmarx One Integrations

You can create an OAuth2 Client by logging in to Checkmarx One and creating a new client.

Figure 2. 
Creating_an_OAuth2_Client.gif

GIF - How to create an OAuth2 Client for use with plugins



To Log in to Checkmarx One:

  1. Open the URL for your environment.

  2. Log in to your Checkmarx One account by entering your Tenant Account, Username and Password.

Notice

To create an OAuth2 Client, you need to be signed in as an admin user.

To create an OAuth2 Client:

  1. Log in to Checkmarx One and click on the Identity_and_Access_MGMT.png Identity and Access Management icon in the Menu panel.

    6367871063.png
  2. In the Identity and Access Management console, click Oauth Clients and then click Create Client.

    6368133165.png
  3. In the Client ID field, enter a descriptive name for Client (e.g. AzureDevOps_Client for the AzureDevOps plugin), and then click Create client.

    Image_884.png

    The Client Settings screen is shown.

    Image_882.png
  4. Copy the Client ID for use in the plugin configuration.

  5. Click on the Regenerate button for the Secret,

  6. In the dialog that opens, copy the Secret for use in the plugin configuration, and then click Ok to close the dialog

    Image_883.png
  7. You can configure the following optional settings:

    1. Under Settings, you can add a Name and Description for the Client.

    2. Under Groups, you can assign the Client to one or more groups.

  8. Under Role Mapping, add either the the ast-admin or ast-scanner role to the client.

    6309118420.png
  9. Click Save Client.