Query Editor
Overview
Checkmarx Audit complements Checkmarx SAST by enabling you to easily and intuitively customize SAST’s analysis queries or configure your own additional queries for:
Security
Application logic purposes.
Audit can be used to adapt SAST’s basic security functionality to non-standard code. This helps in eliminating false positives and ensuring that all real vulnerabilities are identified. Audit can also be used for expanding SAST’s functionality to include queries for supporting specific QA or application logic needs.
For more information, see Audit Overview.
Note
In the Query Browser, the queries included in the Common category cannot be edited.
Accessing Query Editor
The first two methods described below open the Query Editor associated with a project. The last method opens the Query Editor independent of any project.
To access Audit, perform one of the following:
From Applications and Projects
From the Applications and Projects list, navigate to the project that you want to examine.
Click on the Action icon on the right end of the project row.
From the drop-down menu, click Edit Queries.
The Query Editor opens. Wait for the scanning to finish.
If you prefer a dark screen, you can toggle Night Mode.
From the Project Panel
From the Applications and Projects list, navigate to the project that you want to work on.
Click anywhere in the project row. The right panel appears.
In the SAST section of the panel, hover over the Actions icon, located to the left of the Overview and Results buttons.
Click on Audit Scan in the drop-down menu.
The Query Editor opens. After the Query Editor completes scanning the project, it is ready to use.
From the Left Navigation Bar
In the left navigation bar, click on the Scan Management icon.
From the sub-menu that appears, click on Query Editor.
The Query Editor opens. It is not associated with any project.
Viewing the Project Code
To view the project code, perform the following:
In the Project area, you can drill down to see the packages contained in the project and the code snippets in the packages.
To see the code, click on the filename in the hierarchy. A tab opens displaying the code.
Viewing the Query Code
To view the query code, perform the following:
In the lower section of the screen, on the Queries tab, you can open the list of languages relevant to the project by expanding Query Browser.
Drill down to see the individual queries relevant to the project.
To see the query source code, click on the query name in the hierarchy. A tab opens displaying the query source code.
If there are many lines of code, use the query code scroller on the right to quickly navigate to a particular section in the code.
Running a Query
When you first open the Audit page, the Results tab is blank. It will remain blank, until you run a query that returns results with vulnerabilities in the project code.
![]() |
To run a query, perform the following:
Select the Queries tab and then select the query from the hierarchy that you want to run on the project, and click Run Query.
Wait for the query to finish running.
After the query finishes, the Results tab is displayed in one of the following modes:
If no results are found, a zero (0) is displayed after the name of the query and the No results found message is displayed in the first line of the Results sub-tab.
If results are found, the number of results are displayed after the name of the query and the line numbers where the vulnerabilities occur are displayed in the Vulnerabilities tab. In the Project pane, the vulnerable lines of code are displayed.
Creating an Override Query
Notice
Checkmarx queries are not editable. They are listed under the Cx folder and marked in the tab with the Checkmarx logo as shown below:
![]() |
Instead, an option is available for creating override queries based on any of the Checkmarx queries, except for the Common queries. When you create a override query, its source code is copied from the selected Checkmarx query. You can then modify the source code. An override query can be applied to scanning at the project or tenant levels.
To create an override query, perform the following:
Click on the query in the Queries tab.
Right-click on the query source code and from the pop-up menu select the scope of the override, which can be either Tenant or Project.
A new query is added to the tab panel with a pre-filled source that calls the base query, as shown below. Because the queries share the same name, the Checkmarx logo is replaced with either a tenant icon or a project icon.
Tenant Override:
Project Override:
Edit the query code in the tab.
For example, a user is increasing the maxValue to 150000, as shown:
The asterisk in front of the query name in the tab title, indicates that the query has been changed, but not saved.
Save the override queries, by clicking
. The Save modified queries panel opens. Select the modified queries and click Save or click Save all modified.
The left panel is updated with the new queries.
To check the effects of the changes, click Run Query.
Now, when the project is re-scanned the modified query will be used.
After modifying one or more queries, click Rescan to rescan the project with the modified queries and check the results of the changes.
Creating a New Query
New queries can be created using the Query Editor.
To create a new query, perform the following:
Select the Queries tab.
Click on the New Query
button. The Properties panel opens at the right of the screen.
Enter the following information in the Properties panel.
Name of new query
Severity
Language
CWE ID (Optional)
Level
Group Name
Presets (Select one from the drop-down list of customized presets.)
Executable
Description ID (Optional)
Close the panel to save the information. The information can be edited later by opening the Properties panel with the Properties
button.
Enter the new query code in the tab, labeled with the name of the new query.
Test the new query and make changes, if necessary.
Click
to save the new query. The new query will be listed in the Query list under the language and group name, which you specified in the Properties panel.