Checkmarx SCA - Integrations and Plugins
Checkmarx SCA, using plugins, can be integrated into development tools, so that open source packages can be automatically scanned during the development process. For example, the Checkmarx Plugin for Jenkins enables SCA scanning to be configured as part of the build step, so that if vulnerabilities are discovered the build process can be terminated.
The Checkmarx Plugins provide software composition analysis based only on the manifest files and fingerprints. This analysis involves compressing and sending only the manifest files, configuration files, file names, and fingerprint data to the Checkmarx SCA cloud. The source code is not sent to the cloud.
The following integration methods support Checkmarx SCA scans:
Platform(Documentation links) | Comments |
|---|---|
Any scan run via Checkmarx One can run the SCA scanner (as well as SAST, IaC Security and API Security). This includes scans run via the web application, Checkmarx One CLI Tool, REST API and Plugins. The CLI tool and plugins support Checkmarx SCA Resolver Checkmarx One provides plugins for the following platforms: CI/CD - Checkmarx One Azure DevOps Plugin , Checkmarx One GitHub Actions, Checkmarx One TeamCity Plugin, Checkmarx One Jenkins Plugin IDE - Checkmarx VS Code Extension (Plugin), Checkmarx One Visual Studio Extension (Plugin), Checkmarx One JetBrains Plugin, Checkmarx One Eclipse Plugin | |
Supports integration with Checkmarx SCA Resolver, see Configuring the Jenkins Plugin for Scanning. | |
Supports integration with Checkmarx SCA Resolver, see “Adding a Checkmarx SCA Scan Project” in Running a Scan from Azure DevOps. | |
Free tool, no Checkmarx SCA account required. For Checkmarx SCA users, data does not sync with your account. | |
Free tool, no Checkmarx SCA account required. For Checkmarx SCA users, data does not sync with your account. |