Presets Management

Presets are sets of queries that a user can select in order to be more accurate in the SAST scans results. By using presets, the user triages against the main capabilities that the SAST scanner provides.

Preset management is a new way to control standard/predefined presets. It provides an ability for users to easily create their own presets according to their needs.

Presets are mandatory for the SAST scanner. In case that no preset is selected for a SAST scan, the default preset that will be used for the scan is ASA Premium.

The concept of presets exists only for the SAST scanner, so other scanners don’t support it.

Presets are ordered alphabetically, and can be viewed or cloned.

There are 2 preset types:

Opening Presets Management

To open preset management, perform the following:

Log in to Checkmarx One.
Click on the Scan Management icon > Scan Management
Click on the Presets tab

Presets User Roles

To be able to manage presets in Checkmarx One, the user must have at least one of the following user roles:

view-preset - Users can only view presets. In case that this role is not applied, the user won't be able to see presets.
create-preset - Users can only create presets
delete-preset - Users can only delete presets.
update-preset - Users can only update existing presets (custom presets).

Presets Columns

Presets columns present the following information:

Preset Name
Associated Projects - An indication about which presets are assigned to existing projects.
For additional information see Project Rules
Description - Preset description.

Pagination

The presets screen contains an option to change the number of presets that are presented per page.

The default is 10 rows, but it can be changed to 20 / 50 / 100 rows.

This is being done by clicking the Rows option and changing the number accordingly.

Predefined Presets

Predefined presets are provided by design within the Checkmarx One presets feature.

Predefined presets can't be delete, and they will always be presented in the table before the custom presets.

The base presets and their descriptions are handled by Checkmarx SAST team, and all the versions are aligned across all Checkmarx products.

For additional information see Predefined Presets

Custom Presets

Custom presets are presets that are manually created and configured by users.

These presets will be presented in the table after the predefined presets.

It is possible to create a preset in the following methods:

Create a preset from scratch - See Creating a Custom Preset
Clone a preset and modify it - See Cloning a Preset

Viewing a Preset

Viewing a preset provides an option to see and understand which languages and queries combine the preset.

To view a preset perform the following:

Hover over the required preset.
Click on the View option
A panel will be opened on the right screen side containing the preset's information.

Note

The left column indicates the preset language (ASP, Apex, etc.)
The number next to the language indicated how many queries this specific language contains.
Clicking a query will open a separated browser tab with information about the query, including: Risk, Cause, General Recommendations, and code examples.

Creating a Custom Preset

To create a custom preset, perform the following:

Click on Add Preset
In the Add Preset dialog, perform the following:
- Preset Name - Give the preset a name. The preset name must be unique.
- Description (Optional)
- Click Next
In the preset configuration dialog, perform the following:
- Select the relevant languages / queries
  Note
  It is possible to search for a preset by CWE / Language / Query via search option.
  All the predefined presets/queries are available, in addition to the custom presets.
- Click Save preset
The preset will be presented in the table after the predefined presets.

Cloning a Preset

The clone feature is created in order to give the user the option to create a custom preset without the need to create the entire queries sets from scratch. The user can simply clone the requested preset and modify it according to his needs.

It is possible to clone both predefined and custom presets.

To clone a preset, perform the following:

Hover over the required preset.
Click on the Clone option
In the Cloning preset dialog perform the following:
- Preset Name - Give the preset a name. The preset name must be unique.
- Description (Optional)
- Click Save Preset
The preset will be saved and presented in the presets table after the predefined presets.

Deleting a Preset

Predefined presets can't be deleted. The only presets that can be deleted are custom and cloned presets. They can be deleted only if no projects are associated with the relevant preset.

For additional information see Project Rules

To delete a preset, perform the following:

Hover over the required preset.
Click on the Delete option
In the confirmation screen click on Delete Preset

Configuring a Preset for Scans

Configuring a preset for scans can be accomplished in 3 levels:

Tenant level - This configuration will apply on all the Tenant projects, in addition to all the scans.
For additional information see ???
Project level - This configuration will apply on a specific project, in addition to its the scans.
For additional information see SAST Scanner Parameters
Config as Code - This configuration will apply a single scan.
For additional information see SAST Scanner Parameters

Preset Usage Verification

To verify which preset was used in the last scan, perform the following:

Click on the > Project Settings for a specific project.
Click on Scan History tab
Click on the relevant scan in the table
A panel will be opened in the right screen side.
Click on Scan Configuration tab
Expand the SAST option
Verify the following:
- Which preset was used.
- Which configuration level it was used in.