Skip to main content

Preparing for the Checkmarx Vulnerability Integration


This integration requires SAST with a Hotfix version 9.4 HF23 or 9.5 HF14 or later.

Checkmarx SAST is an on-premise software that can be installed on a private data center or managed on the cloud. Connectivity between the ServiceNow instance and Checkmarx SAST is needed. A successful Checkmarx SAST Vulnerability Integration requires planning. Prepare for the integration by performing these tasks. The Checkmarx SAST Vulnerability Integration assumes you know the Checkmarx SAST product and API.

The role required: App-Sec Manager group.

Validate your instance sizing based on the number of vulnerable application items you expect to import. An undersized instance can lead to long load times. If you do not know the size of your instance, contact Customer Service and Support. The Checkmarx Vulnerability Integration requires a secure tunnel so the plugin can fetch data from SAST. A Checkmarx SAST user requires permission to read the scan results.

A Checkmarx SAST user requires the following permissions:

  • Use Odata

  • Save/Update Project

  • View Failed Sast Scan

  • Generate Scan

  • Report Export

  • Scan Results

  • View Results

  • Manage System Settings

  • Manage Result Comment

A Checkmarx SCA user requires the following permission:

  • SCA Scanner