- Checkmarx Documentation
- Checkmarx One
- Checkmarx One User Guide
- DAST (Dynamic Application Software Testing)
- Generate a ZAP Configuration File
- Generate a Configuration File via CLI Commands
Generate a Configuration File via CLI Commands
A Docker image can generate a standardized configuration file for conducting DAST scans. By leveraging relevant data from Checkmarx One and your inputs via the CLI, you can produce standardized configuration files that run WEB and API scans for non-authenticated, form-based, or JSON-based authentications.
Structure of the Generate Command.
To generate the configuration file through the CLI, use the generate command.
The generate command has 3 subcommands:
no-auth → generates a configuration file without authentication.
form-auth → generates a configuration file for form-based authentication.
JSON-auth → generates a configuration file for JSON authentication.
No Authentication Configuration File
command to get help in the CLI → docker run checkmarx/dast:latest generate no-auth --help
Flags for this command
Flag | Type | Description |
---|---|---|
--gen-output | string | path to the output directory for the generated configuration file |
-h, --help | help for no-auth | |
--report-pdf | Generate pdf scan pdf-report | |
--scan | Perform a scan on the generated configuration file. |
Form-based Authentication Configuration File
command to get help in the CLI → docker run checkmarx/dast:latest generate form-auth --help
Flags for this command
Flag | Type | Description |
---|---|---|
--gen-output | string | path to the output directory for the generated configuration file |
-h, --help | help for form-auth | |
--logged-in-regex | string | The regex that checks responses to confirm that the user is logged in |
--logged-out-regex | string | The regex that checks responses to confirm that the user is logged out |
--login-page-url | string | The login page URL |
--login-request-url | string | The login request URL |
--report-pdf | Generate a PDF scan pdf-report | |
--request-body | string | The body used in the login request. For Formed based authentication use: {%username%}&<password_field>={%password%} |
--username | string | The username value to be passed in the body of the request |
--password | string | The password value to be passed in the body of the request |
--scan | Perform a scan on the generated configuration file. |
JSON-based Authentication Configuration File
command to get help in the CLI → docker run checkmarx/dast:latest generate json-auth --help
Flags for this command
Flag | Type | Description |
---|---|---|
--gen-output | string | path to the output directory for the generated configuration file |
-h, --help | help for form-auth | |
--logged-in-regex | string | The regex that checks responses to confirm that the user is logged in |
--logged-out-regex | string | The regex that checks responses to confirm that the user is logged out |
--login-page-url | string | The login page URL |
--login-request-url | string | The login request URL |
--report-pdf | Generate pdf scan pdf-report | |
--request-body | string | The body used in the login request. For JSON-based authentication use: {"username":"{%username%}", "password": "{%password%}"} |
--username | string | The username value is in the body of the request. |
--password | string | The password value is in the body of the request. |
--scan | Perform a scan on the generated configuration file. |
Methods for Generating Configuration Files
Generate the configuration file and the type of authentication, and run a scan with the following CLI commands.
Generate a configuration file without any kind of authentication
docker run -e CX_APIKEY=$CX_APIKEY -v $(pwd):/output --rm checkmarx/dast:latest --environment-id=ddd817b7-f0a6-4463-9c87-45bbeb150678 --base-url=https://deu.ast.checkmarx.net/ generate no-auth --verbose --log-level debug --gen-output=/output
Generate a configuration file without any kind of authentication and run a scan
docker run -e CX_APIKEY=$CX_APIKEY -v $(pwd):/output --rm checkmarx/dast:latest --environment-id=ddd817b7-f0a6-4463-9c87-45bbeb150678 --base-url=https://deu.ast.checkmarx.net/ generate no-auth --verbose --log-level debug --gen-output=/output --scan —output=/output
Generate a configuration file with form-based authentication
docker run -e CX_APIKEY=$CX_APIKEY -v $(pwd):/output --rm checkmarx/dast:latest --environment-id=ddd817b7-f0a6-4463-9c87-45bbeb150678 --base-url=https://deu.ast.checkmarx.net/ generate form-auth --logged-in-regex='Sign In' --logged-out-regex='Sign Out' --login-page-url=http://testfire.net/login.jsp --login-request-url=http://testfire.net/login.jsp --username='jsmith' --password='demo1234' --request-body='username={%username%}&password={%password%}' --verbose --log-level debug --gen-output=/output
Generate a configuration file with form-based authentication and run a scan
docker run -e CX_APIKEY=$CX_APIKEY -v $(pwd):/output --rm checkmarx/dast:latest --environment-id=ddd817b7-f0a6-4463-9c87-45bbeb150678 --base-url=https://deu.ast.checkmarx.net/ generate form-auth --logged-in-regex='Sign In' --logged-out-regex='Sign Out' --login-page-url=http://testfire.net/login.jsp --login-request-url=http://testfire.net/login.jsp --username='jsmith' --password='demo1234' --request-body='username={%username%}&password={%password%}' --verbose --log-level debug --gen-output=/output --scan —output=/output
High-Level Architecture: Process Flow
Use this diagram to help visualize the process flow of generating configuration files via CLI commands.