Checkmarx Application Vulnerable Item Integration
The steps for integrating the Checkmarx Application Vulnerable Item Integration are the same as the steps for the Checkmarx Scan Summary Integration.
Note
The integration may not succeed if there are customizations in any of the fields on your ServiceNow platform.
Data Transformation for Integration
After you identify the data you want to import, the data is retrieved from the Checkmarx application, processed through a set of data sources, and transformed in your instance.
Checkmarx Application Vulnerable Item Integration
The data from the API is first loaded into the Checkmarx AppVul Item Import [x_chec3_cxsast_checkmarx_appvul_item_import] table and the Checkmarx AppVul Item Transform is used to transform the imported information. To access this transform map, navigate to System Import Sets > Transform Maps and search for Checkmarx AppVul Item Transform. The following table lists the transform map fields by integration.
Source | Title | Description |
|---|---|---|
app_id | source_app_id | Project ID. |
app_name | app_name | Project name. |
scan_id | source_scan_id | Scan ID of the project. |
last_scan_date | last_scan_date | Last scan time. |
app_name + last_scan_date | scan_summary_name | Scan summary. |
total_no_flaws | source_severity | Source severity found in the scan. |
scan_type | scan_type | For scan type SAST it is 'Static’. |
cweId | source_avit_id | AVIT ID. |
cweId | cweId | CWE ID. |
last_scan_date | last_detection_date | Last Scan Date. |
firstFoundAt | first_detection_date | The date and time that this result was imported on SNOW. |
state | source_finding_status | State of the vulnerability from CxSAST |
category_name | category | Category. |
category_id + " -" + cweId | source_entry_id | Source entry ID. |
sourcefile | source_link | URL to access vulnerability details in CxSAST is mapped in source_link. |
fileName | location | The location, where the flaw is found, is mapped. |
description | description | Category description from the source. |
description | source_vulnerability_explanation | Category description from the source. |
line | line_number | The line on which the flaw is found. |
Category_name | Source_additional_info | Category name from CxSAST |
Status | source remediation status | Status of Vulnerability New, Recurrent, and Resolved |
Checkmarx Transform Map Script Timing and Purpose
The following transform scripts are run during the transformation process.
When the script is run | Purpose |
|---|---|
onComplete (when an import set has completed transformation) | The script is used to process the data source and update the count of AVITs created, updated, or unchanged, and the ones imported as part of this integration. This script is for internal use and should not be modified or deleted. |
Viewing Checkmarx Vulnerability Integration Import
To Check the data of the Checkmarx Application List Integration or Application Releases table: Search sn_vul_app_release_list.do in Navigation.
To Check data of Checkmarx Scan Summary Integration or Application Vulnerability Scan Summaries: Search sn_vul_app_vul_scan_summary_list.do in Navigation.
To Check data of Checkmarx Application Vulnerable Item Integration or Application Vulnerable Item: Search sn_vul_app_vulnerable_item_list.do in Navigation. Search sn_vul_app_vul_entry_list.do in Navigation to view Application Vulnerable Entries.
