Checkmarx Application Vulnerable Item Integration
The steps for integrating the Checkmarx Application Vulnerable Item Integration are the same as those for the Checkmarx Scan Summary Integration.
Note
The integration may not succeed if customizations are made in any fields on your ServiceNow platform.
Data Transformation for Integration
After you identify the data you want to import, the data is retrieved from the Checkmarx application, processed through a set of data sources, and transformed in your instance.
Checkmarx Application Vulnerable Item Integration
The data from the API is first loaded into the Checkmarx AppVul Item Import [x_chec3_cxsast_checkmarx_appvul_item_import] table, and the Checkmarx AppVul Item Transform is used to transform the imported information. To access this transform map, navigate to System Import Sets Transform Maps and search for Checkmarx AppVul Item Transform. The following table lists the transform map fields by integration.
Source | Title | Description |
|---|---|---|
app_id | source_app_id | Project ID. |
app_name | app_name | Project name. |
scan_id | source_scan_id | Scan ID of the project. |
last_scan_date | last_scan_date | Last scan time. |
app_name + last_scan_date | scan_summary_name | Scan summary. |
total_no_flaws | source_severity | Source severity found in the scan. |
scan_type | scan_type | For scan type SAST, it is 'Static’. |
cweId | source_avit_id | AVIT ID. |
cweId | cweId | CWE ID. |
last_scan_date | last_detection_date | Last Scan Date. |
firstFoundAt | first_detection_date | The date and time that this result was imported on SNOW. |
state | source_finding_status | State of the vulnerability from CxSAST |
category_name | category | Category. |
category_id + " -" + cweId | source_entry_id | Source entry ID. |
sourcefile | source_link | The URL to access vulnerability details in CxSAST is mapped to source_link. |
fileName | location | The location where the flaw is found is mapped. |
description | description | Category description from the source. |
description | source_vulnerability_explanation | Category description from the source. |
line | line_number | The line on which the flaw is found. |
Category_name | Source_additional_info | Category name from CxSAST |
Status | source remediation status | Status of Vulnerability New, Recurrent, and Resolved |
Checkmarx Transform Map Script Timing and Purpose
The following transform scripts are run during the transformation process.
When the script is run | Purpose |
|---|---|
onComplete (when an import set has completed transformation) | The script processes the data source and updates the count of AVITs created, updated, or unchanged, as well as those imported as part of this integration. This script is for internal use and should not be modified or deleted. |
Viewing Checkmarx Vulnerability Integration Import
To check the data for the Checkmarx Application List Integration or Application Releases table, search sn_vul_app_release_list.do in Navigation.
To check data for Checkmarx Scan Summary Integration or Application Vulnerability Scan Summaries, search sn_vul_app_vul_scan_summary_list.do in Navigation.
To check data on Checkmarx Application Vulnerable Item Integration or Application Vulnerable Item, search sn_vul_app_vulnerable_item_list.do in Navigation. Search sn_vul_app_vul_entry_list.do in Navigation to view Application Vulnerable Entries.
