Skip to main content

Enabling Codebashing

Once you have purchased Codebashing, you have the ability to enable the Codebashing add-on and log in to Codebashing from CxSAST. This page is designed to navigate the Checkmarx user through the Codebashing add-on enablement procedure.


  • Enabling Codebashing requires an active Internet connection and the SMTP settings properly configured with your email address in CxSAST.

  • The administrator in charge to enable and activate Codebashing must be logged on as admin user from a desktop and not directly from the Codebashing server.

  • The Windows Network Time Protocol (NTP) service must be running at all times while activating Codebashing.

To activate and enable Codebashing:

  1. Log in to your SAST application.

  2. From the menu, select Settings.

  3. Select Application Settings > External Services Settings from the menu to open the External Services Settings dialog.

  4. If the status is labeled Not Active, click <Activate External Services>. You receive an activation verification email with a verification link.

  5. Follow the verification link in the email. Once successful, the Verification Completed message appears and the status changes to Active.

  6. Click <Edit> to enable the Codebashing Settings section.

  7. Check Enable Codebashing to enable users to log on to Codebashing from inside SAST.

  8. Click <Update> to apply and save the changes.


Once Codebashing is enabled, log off and then back on to SAST.

To verify that Codebashing operates properly:

  • Click the Codebashing icon and verify that Codebashing opens properly and all the lessons for all code languages are available.

If the Codebashing verification was unsuccessful:


Possible error messages:

  • #21 Signed Identity payload contains malformed email. Verify that the email address in the CxSAST profile settings (My Profile > Account Information) is of a valid format, for example [email protected] and not [email protected].

  • Blank page, Codebashing login page or Browser does not allow 3rd party cookies/Unable to access to site outside of the organization. Verify that in the browser settings the following URLs are allocated as trusted sites:

    • https://*

    • https://*