Skip to main content

Data Sent to Checkmarx SCA Cloud


We have discontinued development of this tool, and do not plan on releasing new versions. Checkmarx technical support no longer provides support for its use.

The Checkmarx SCA Agent sends the following detected data to the Checkmarx SCA Cloud for analysis:

  • The project name

  • List of all file names and relative paths (except the ones that were excluded from the scan)

  • Various checksums of the files (SHA-1, SHA-1 on content without spaces, etc.)

  • Manifest files

  • Names of dependencies extracted from the manifest files

  • Scan errors and warnings such as “Failed resolving dependencies”. Each warning message might contain a file path as an argument.

  • SAST Exploitable Path Query result