Configuring the Checkmarx One Vulnerability Integration

Configuration is done initially and is a one-time activity.

To Configure the Checkmarx One Vulnerability Integration:

Navigate to your instance of Service Now and log in.
Search for Checkmarx One Vulnerability Integration.
Click Configuration.
Provide the information required to complete the Checkmarx One configuration.
Note
Fields marked with a red asterisk are compulsory.
Enter the following in the required fields on the Configuration page:
- IAM URL: Checkmarx One IAM URL (remove ‘/’ from the end of the URL)
- API Base URL: Checkmarx One Base URL (remove ‘/’ from the end of the URL)
- Tenant: Checkmarx One Tenant
- Client ID: Oauth 2 Client ID
- Client Secret: Oauth 2 Client Secret
- Select Include SCA or Include SAST or both to get scanner results.
  Parameter Descriptions
  IAM URL: The base URL of the Identity Access Management service of the given Checkmarx One environment.
  API Base URL: The base URL of the Checkmarx One Environment.
  Tenant: The name of the customer's Checkmarx One instance.
  OAuth Client ID/Secret: Refer to Preparing for Checkmarx One Vulnerability Integration to learn more about OAuth Client ID & Client Secret.
  Include SCA/SAST: When enabled, the integration will process SCA or SAST results from Checkmarx One.
  Include First Detection Date: When enabled, this column will be included in the AVIT table.
  Vulnerability Threshold Level: Option to select the threshold level from the following:
  High: Displays only High vulnerabilities.
  Medium: Displays High and Medium vulnerabilities.
  Low: Displays High, Medium, and Low vulnerabilities.
  Triaging in ServiceNow
  Check this box to triage the AVIs in ServiceNow. If this box is checked, AVIs are imported in the Open state. You can then request an exception or mark the AVI as a false positive.
  To retain the source state- the state imported from the scanner- ensure this check box is not selected.
  Note
  The Mark as False Positive and Request Exception options are available only for AVIs triaged within ServiceNow.
Click Save and Test Credentials.

For Single Tenant, IAM URL, and API Base, the URL will be the same.

The system tests the credentials and confirms if the validation is successful.

If the authentication is successful continue on to perform the Checkmarx One Vulnerability Integration.

In this section:

Configuring the Checkmarx One Vulnerability Integration

To Configure the Checkmarx One Vulnerability Integration:

Note

Note

Search results