Skip to main content
  • Checkmarx Documentation
  • Checkmarx SCA
  • Checkmarx SCA Integrations and Plugins

Checkmarx SCA Integrations and Plugins

Checkmarx SCA offers a robust set of integrations that help you to get the most out of SCA’s capabilities.

Checkmarx SCA, can be integrated into development tools, so that open source packages can be automatically scanned during the development process. For example, the Checkmarx Plugin for Jenkins enables SCA scanning to be configured as part of the build step, so that if vulnerabilities are discovered the build process can be terminated.

The Checkmarx Plugins provide software composition analysis based only on the manifest files and fingerprints. This analysis involves compressing and sending only the manifest files, configuration files, file names, and fingerprint data to the Checkmarx SCA cloud. The source code is not sent to the cloud.

In addition to the tools that we offer for integration with your Checkmarx SCA account, we also offer several free plugins the enable any user to integrate SCA analysis into their development workflows.

Platform(Documentation links)

Comments

CLI Tool

CxFlow

Checkmarx One

Any scan run via Checkmarx One can run the SCA scanner (as well as SAST, IaC Security and API Security). This includes scans run via the web application, Checkmarx One CLI Tool, REST API and Plugins.

The CLI tool and plugins support Checkmarx SCA Resolver

Checkmarx One provides plugins for the following platforms:

CI/CD - Checkmarx One Azure DevOps Plugin , Checkmarx One GitHub Actions, Checkmarx One TeamCity Plugin, Checkmarx One Jenkins Plugin

IDE - Checkmarx One VS Code Extension (Plugin), Checkmarx One Visual Studio Extension, Checkmarx One JetBrains Plugin, Checkmarx One Eclipse Plugin

Jenkins Plugin

Supports integration with Checkmarx SCA Resolver, see Configuring the Jenkins Plugin for Scanning.

Azure DevOps Plugin

Supports integration with Checkmarx SCA Resolver, see “Adding a Checkmarx SCA Scan Project” in Running a Scan from Azure DevOps.

TeamCity Plugin

Bamboo Plugin

Docker Desktop Extension

Free tool, no Checkmarx SCA account required.

For Checkmarx SCA users, data does not sync with your account.

Jfrog Plugin

Free tool, no Checkmarx SCA account required.

For Checkmarx SCA users, data does not sync with your account.

Nexus Plugin

Free tool, no Checkmarx SCA account required.

For Checkmarx SCA users, data does not sync with your account.

VS Code Plugin - Realtime Scanner

Free tool, no Checkmarx SCA account required.

For Checkmarx SCA users, data does not sync with your account.

In this section: