Skip to main content

Scanning Local Registries

Using the CxConsole (see here), the SCA Agent can scan local registries. Several parameters are specified to run the SCA scan. There are a few additional parameters that are required for connecting to the local registry. The user provides the path to access the local registry to the SCA Agent configuration file as an argument to the scaconfigfile parameter. If access to the registry also requires environment variables, such as username and password, these are provided as key:value pair arguments in the env parameter. The arguments are injected into the container that does the resolution of the user’s code. Using these CxConsole parameters, the local registry can be accessed, all the packages can be retrieved, and the regular SCA scan can be performed.

The Checkmarx Jenkins plugin (see here) lets Jenkins automatically send the specified configuration file to the agent during the Jenkins process.

To scan a local registry, specify the following parameters in the CxConsole command:

  • SCA parameters:

    • scalocationpath - Local or network path to sources or source repository branch

    • scaUsername - Username used to log in to Checkmarx SCA

    • scaPassword - Password used to log in to Checkmarx SCA

    • scaAccount - Organization’s account in Checkmarx SCA that is used during login

    • scaapiurl - URL of the Checkmarx SCA API endpoint

    • projectname - Existing project name with full path

  • SCA Agent parameters:

    • scaconfigfile - Package manager configuration file (for example, .npmrc for npm) containing the private registry information. Can include env variables (path to local registry).

    • env - variables key/values used in the configuration file provided for scaconfigfile

For example:

        -scalocationpath The_Folder_With_The_Manifests 
        -scaUsername  SCA_UserName
        -scaPassword SCA_Password 
        -scaAccount SCA_Account 
        -scaapiurl SCA_AGENT_URL
        -scaconfigfile "C:\user\path\to\directory.npmrc"
        -env "User:some_user_name , Password:some_password"