Skip to main content

Data Transformation for the Checkmarx One Integration

Once the data that is to be imported is identified, it is retrieved from the Checkmarx One application, processed through a set of data sources, and transformed in the instance.

Checkmarx One Application Vulnerable Item Integration

Note

The integration may not succeed if there are customizations in any of the fields on your ServiceNow platform.

The data from the API is first loaded into the Checkmarx One AppVul Item Import table and the Checkmarx One AppVul Item Transform is used to transform the imported information. 

To access this transform map:

  1. Navigate to System Import Sets

  2. Click Transform Maps

  3. Search for Checkmarx One AppVul Item Transform

    The following table lists the transform map fields by integration:

    Source Field

    Target Field

    Description

    app_id

    source_app_id

    Project ID

    app_name

    app_name

    Project name

    scan_id

    source scan id

    Scan ID of the project

    updatedAt

    last_scan_date

    Last scan time

    app_name + last_scan_date

    scan_summary_name

    Scan summary

    total_no_flaws

    source_severity

    Source severity found in scan

    scan_type

    scan_type

    For scan type SAST it is 'Static’ and for SCA it is ‘SCA’

    cweld

    source_avit_id

    AVIT ID

    cweld

    cweld

    CWE ID

    cvssScore

    cvss_base_score

    For scan type ‘SCA’ cvssScore is mapped

    cvss_attackVector

    cvss_vector

    For scan type ‘SCA’ attack Vector is mapped

    last_scan_date

    last_detection_date

    Last Scan Date

    firstFoundAt

    first_detection_date

    The date and time this result was found in the tenant

    recommendedVersion

    source_recommendation

    For scan type ‘SCA’ recommended version is mapped

    packageIdentifier

    package_name

    For scan type ‘SCA’ package name is mapped

    packageData_urls

    source_references

    For scan type ‘SCA’ urls in  package data is mapped

    nodeId + path

    source_notes

    For scan type ‘SAST’ value of node ID and filename has been mapped in source_notes

    category_name

    category

    Category

    category_id + " -" + cweId

    source_entry_id

    Source entry ID

    sourcefile

    source_link

    URL to access vulnerabilityDetails in Checkmarx One is mapped in source_link

    fileName

    location

    For scan type ‘SAST’ location where flaw is found is mapped

    source_vulnerability_summary

    source_vulnerability_summary

    Source vulnerability summary

    description

    description

    Description from the source

    description

    source_vulnerability_explanation

    Source vulnerability explanation

    line

    line_number

    For scan type 'SAST' line on which the flaw is found

    state

    source_finding_status

    State of the vulnerability from Checkmarx One

The following transform scripts are run during the transformation process.

Checkmarx One Transform Map Script Timing and Purpose

When the script is run

Purpose

onComplete (when an import set has completed transformation)

Script that is used to process the data source and update the count of AVITs created, updated or unchanged, and the ones imported as part of this integration from Checkmarx One. This script is for internal use and should not be modified or deleted.

Viewing Checkmarx One Vulnerability Integration Import

To view the Checkmarx One Application List Integration or Application Releases table in Filter Navigator enter sn_vul_app_release_list.do

ReportAppListInt_New.png

To view the Checkmarx One Scan Summary Integration or Application Vulnerability Scan Summaries tables in Filter Navigator enter sn_vul_app_vul_scan_summary_list.do

Scan_Summary_Report_New.png

To view the Checkmarx One Application Vulnerable Item Integration or Application Vulnerable Item tables in Filter Navigator enter sn_vul_app_vulnerable_item_list.do

Application_Vulnerable_Items_New.png

sn_vul_app_vul_entry_list.do

Application_Vulnerablity_Entries.png