Data Transformation for the Checkmarx One Integration
Note
This feature is currently in Beta mode and might not be available in your environment
Once the data that is to be imported is identified, it is retrieved from the Checkmarx One application, processed through a set of data sources and transformed in the instance.
Checkmarx One Application Vulnerable Item Integration
The data from the API is first loaded into the Checkmarx One AppVul Item Import table and the Checkmarx One AppVul Item Transform is used to transform the imported information.
To access this transform map:
Navigate to System Import Sets
Click Transform Maps
Search for Checkmarx One AppVul Item Transform
The following table lists the transform map fields by integration:
Source Field
Target Field
Description
app_id
source_app_id
Project ID
app_name
app_name
Project name
scan_id
source scan id
Scan ID of the project
updatedAt
last_scan_date
Last scan time
app_name + last_scan_date
scan_summary_name
Scan summary
total_no_flaws
source_severity
Source severity found in scan
scan_type
scan_type
For scan type SAST it is 'Static’ and for SCA it is ‘SCA’
cweld
source_avit_id
AVIT ID
cweld
cweld
CWE ID
cvssScore
cvss_base_score
For scan type ‘SCA’ cvssScore is mapped
cvss_attackVector
cvss_vector
For scan type ‘SCA’ attack Vector is mapped
last_scan_date
last_detection_date
Last Scan Date
firstFoundAt
first_detection_date
The date and time that this result was identified.
recommendedVersion
source_recommendation
For scan type ‘SCA’ recommended version is mapped
packageIdentifier
package_name
For scan type ‘SCA’ package name is mapped
packageData_urls
source_references
For scan type ‘SCA’ urls in package data is mapped
nodeId + path
source_notes
For scan type ‘SAST’ value of node ID and filename has been mapped in source_notes
category_name
category
Category
category_id + " -" + cweId
source_entry_id
Source entry ID
sourcefile
source_link
URL to access vulnerabilityDetails in Checkmarx One is mapped in source_link
fileName
location
For scan type ‘SAST’ location where flaw is found is mapped
source_vulnerability_summary
source_vulnerability_summary
Source vulnerability summary
description
description
Description from the source
description
source_vulnerability_explanation
Source vulnerability explanation
line
line_number
For scan type 'SAST' line on which the flaw is found
The following transform scripts are run during the transformation process.
Checkmarx One Transform Map Script Timing and Purpose
When the script is run | Purpose |
onComplete (when an import set has completed transformation) | Script that is used to process the data source and update the count of AVITs created, updated or unchanged, and the ones imported as part of this integration from Checkmarx One. This script is for internal use and should not be modified or deleted. |
Viewing Checkmarx One Vulnerability Integration Import
To view the Checkmarx One Application List Integration or Application Releases table in Filter Navigator enter sn_vul_app_release_list.do
 |
To view the Checkmarx One Scan Summary Integration or Application Vulnerability Scan Summaries tables in Filter Navigator enter sn_vul_app_vul_scan_summary_list.do
 |
To view the Checkmarx One Application Vulnerable Item Integration or Application Vulnerable Item tables in Filter Navigator enter sn_vul_app_vulnerable_item_list.do
 |
sn_vul_app_vul_entry_list.do
 |