Skip to main content

Enabling the Codebashing Add-on (from SAST)

You can enable the Codebashing add-on and log in to Codebashing from Checkmarx SAST.


  • Enabling Codebashing requires an active Internet connection and the SMTP settings properly configured with your email address in Checkmarx SAST.

  • To enable and activate Codebashing, you must be logged on as the admin user from a desktop and not directly from the Codebashing server.

  • The Windows Network Time Protocol (NTP) service must be running while using Codebashing.

Activating and Enabling Codebashing

  1. Log in to your SAST application.

  2. From the menu, select Settings.

  3. Select Application Settings > External Services Settings from the menu to open the External Services Settings dialog.

  4. If the status is labeled Not Active, click <Activate External Services> and you will receive an activation verification email with a verification link.

  5. Follow the directions in the verification link in the email. Once successful, the Verification Completed message appears and the status changes to Active.

  6. Click <Edit> to enable the Codebashing Settings section.

  7. Check Enable Codebashing to allow users to log in to Codebashing from within SAST.

  8. Click <Update> to apply and save the changes.


Once Codebashing is enabled, log off and then back on to SAST.

Verifying Codebashing:

  • Click the Codebashing icon and verify that Codebashing opens properly and that all the lessons for all code languages are available.

  • Contact Technical Support if you need further help or if you are unable to verify Codebashing.


Possible error messages:

  • #21 Signed Identity payload contains malformed email. Verify the email address in the Checkmarx SAST profile settings (My Profile > Account Information) is of a valid format, for example, [email protected] and not John.Smith@example.

  • Blank page, Codebashing login page, or Browser does not allow 3rd party cookies/Unable to access the site outside of the organization. Verify in the browser settings the following URLs are allocated as trusted sites:

    • https://*

    • https://*