Skip to main content

Checkmarx SCA Agent (Discontinued)


We have discontinued development of this tool, and do not plan on releasing new versions. Checkmarx technical support no longer provides support for its use.

The SCA Agent is a hybrid on-prem solution for Checkmarx SCA. The Agent runs the SCA logic for resolving packages locally on a docker image and acts as a proxy to the Checkmarx SCA Cloud. It performs the following functions:

  1. Running dependency resolution logic on-prem - Running SCA logic on-prem allows accessing internal repositories referenced by the source configuration, thereby providing a complete dependency tree. Additionally, no source code is uploaded to the cloud except the dependency names, configuration (“manifest”) files, and the detection fingerprint information gathered by the SCA Agent. See here.

  2. Forwarding traffic to Checkmarx SCA Cloud - A plugin or CLI tool can use SCA Agent as a proxy to the SCA Cloud, isolating the build environment from the cloud. The agent serves as the one point of contact to the SCA Cloud.

Scanning with SCA Agent requires a Checkmarx plugin to communicate with the SCA Agent as depicted below: