Skip to main content

Installation Guide for SAST v9.5.0 Short-Term Projects

This quick installation guide describes how to install Checkmarx SAST in either a centralized architecture, where all CxSAST components are installed on a single host or in a distributed architecture. For additional information, refer to the CxSAST documentation.

Preparations

This section covers requirements, prerequisites, outlines the installation process and guides through the initial steps of using CxSAST.

Hardware and Software Requirements for POC

Requirements\Max. Lines of Code (LOC)

200K

500K

1200K

2000K

4000K

RAM

8 GB

16 GB

24 GB

40 GB

72 GB

Processor

64 bit - Recommended: 8 up to a maximum of 12 cores

Available Disk Space

Recommended: 80 GB SSD

Operating System

Windows 10/Windows Server 2012, 2012R2, 2016, 2019

Software

.Net 4.7.1, IIS 7/7.5/8/8.5/10

Latest Version and Documentation

It is highly recommended to install the latest CxSAST version with the latest hotfix as indicated on the Checkmarx download page.

The latest CxSAST version can be obtained from the Customer Portal.

For further information on installation options, refer to the next sections in this document. For the entire library of installation instructions for CxSAST 9.5, refer to the complete installation instructions.

Obtaining a License for CxSAST

During the installation, select Request New License to continue the installation without issues.

Your CxSAST license is dedicated for a specific host (server), identified by an HID (hardware identification number), which you can obtain by running the Cx HID Generator. The HID Generator can be downloaded from the Checkmarx Utilities page.

After completing the installation successfully, submit the HID to your technical contact or your sales manager. They will send back your license. If you are not sure whom to send the HID to, submit a request to Technical Support.

Prerequisites

If not already done, install the software applications listed below before installing CxSAST. The respective installation files are included with the installation zip file (in the “third party” folder):

  • C++ Redist 2010 and 2015 SP3

  • IIS v7.0 or later

  • ASP.NET Core 6.0.5 (or later) Runtime & Hosting

  • MS SQL

  • Java JRE 17 (64-bit)

Not every CxSAST component requires all the listed prerequisites. The required location of the respective prerequisites depends on the installation option you choose. For information on installation options for CxSAST 9.5, refer to the next section.

Installing CxSAST

To start installing CxSAST, extract the downloaded zip archive (specified above) and run CxSetup.exe for any of the installation options you choose.

Depending on your needs, you can choose one of the installation modes listed below to install CxSAST:

  • Centralized. All CxSAST components installed on one host.

  • Distributed. CxSAST components installed on multiple hosts. CxSAST Engine can be installed on any common Linux distribution and runs across platforms with the other CxSAST components.

  • Centralized Silent. Same as Centralized, but with CLI commands (no GUI).

  • Distributed Silent. Same as Distributed, but with CLI commands (no GUI).

Making Required Prerequisites Available

For information about the required prerequisites and how to make them available for either the Centralized or the Distributed installation mode, use the relevant link in the following table.

The information for each mode applies to both the regular and the silent installation methods.

Installation Mode

Resource

Centralized

Preparing CxSAST for Installation

Distributed

Preparing CxSAST for Installation

Installing the CxSAST Application

For information and instructions on installing CxSAST, use the link associated with the desired installation mode.

Checking the Installed Services

  1. Go to Start > Control Panel > System and Security > Administrative Tools > Services.

    ControlPanelServices.png
  2. Make sure the following installed services are started:

    • CxSystemManager

    • CxJobsManager

    • CxScansManager

    • CxSastResults

    • CxEngineService

    • Shared services: ActiveMQ

    • Web Server - IIS Admin Service & World Wide Web Publishing Service

Checking the Installed Application Pool

Notice

If the IIS Pools are not started automatically after installation, restart the host.

  1. Go to Start > Control Panel > All Control Panel Items > Administrative Tools > Internet Information Services (IIS) Manager .

    ApplicationPools.png
  2. Make sure the following installed application pools are started:

    • On a centralized host:

    • CxClientPool

    • CxPool

    • CxPoolRestAPI

    • CxAccessControl

Enable Long Path Support in CxSAST Applications

.NET Framework 4.7.1 and above supports the Long Path feature by default. The following must be performed to enable the Long Path support.

Notice

This configuration should only be added to a host with .NET 4.7.1 or above installed, otherwise there will be issues in the application.

The following configuration must be added to the Web Service and REST API (if .NET Framework 4.7.1 is installed):

<httpRuntime targetFramework="4.7.1" />

Notice

  • The web.config file is usually located in the following path: C:\Program Files\Checkmarx\Checkmarx Web Services\CxWebInterface\web.config.

  • If a different version of .NET is installed, you must adapt the syntax accordingly.

For example:

<system.web>
</system.web>

Notice

If the httpRuntime already exists, add the targetFramework attribute as follows: <httpRuntime maxRequestLength="2097151" executionTimeout="36000" targetFramework="4.7.1" />

Uninstalling and Modifying CxSAST

The CxSAST installer has two additional options:

Setup_Options.png
  • Uninstall – Removes CxSAST from your Server (excluding client`s properties – CxSRC sources folder and both Cx SQL databases)

  • Modify – Provides the option to modify the installation (remove / add Cx components).

Logging in to the Web Interface

To log in to the CxSAST web interface:

  • CxSAST locally (from the server host) – Use the Checkmarx Portal shortcut on the Desktop or navigate to the Checkmarx folder (Start > All Programs > Checkmarx > Checkmarx Portal).

  • CxSAST from any other computer – Make sure that organizational routing and firewall configuration allows the client computer to access the CxSAST Server. Point your browser to: http://<server>/cxwebclient where <server> is the IP address or resolvable hostname of the CxSAST Server.

  1. Once the Set Administrator Credentials window is displayed, add the following credentials:

    • First and Last Name

    • Administrator Username

    • Email

    • Password

    • Retype Password

    Welcome.png

    Notice

    The required password complexity is as follows: 9 to 400 characters, at least 1 uppercase letter, at least 1 lower case letter, at least 1 special character, at least 1 digit.

  2. Click Register to complete.

You can subsequently change the Administrator password and add CxSAST users once you are inside the CxSAST web interface.

Configuring CxSAST for the First Time

To configure CxSAST for the first time:

  1. In the CxSAST web interface, go to Settings > Application Settings > General. The General Settings window is displayed.

  2. Click Edit.

    SAST_General_Settings.png
  3. If permitted by your CxSAST license, set the Maximum number of concurrent scans parameter to the desired number (affective as a total for all the CxEngine Servers).

  4. Provide SMTP settings and click Update.

Leave any additional settings as they are.

Verifying the Installation

To validate that you have successfully installed the correct version and/or hotfix:

  1. In the CxSAST web interface, go to Settings > Application Settings > Installation Information. The Installation Information window is displayed.

    SAST_Install_Info.png
  2. Review all CxSAST components ensuring that they are all the same version.

Scanning CxSAST Projects

Refer to our Quick Start to acquire additional information about scanning with CxSAST.

To learn more on what to do after completing the scan and reviewing the results, coordinate an advanced technical session.

CxZip Utility

For local CxSAST projects, you are required to upload zipped un-compiled source code. The CxZip Utility enables you to zip only relevant source files and reduce the size of your project.

Learn how to use the CxZip Utility by using the available information.

Knowledge Base

For additional information and explanations on the CxSAST application, visit the Checkmarx Documentation Portal.

Support

For any question or assistance, please do not hesitate to contact us at Checkmarx Support Center.