Skip to main content

Checkmarx SCA - Integrations and Plugins

Checkmarx SCA, using plugins, can be integrated into development tools, so that open source packages can be automatically scanned during the development process. For example, the Checkmarx Plugin for Jenkins enables SCA scanning to be configured as part of the build step, so that if vulnerabilities are discovered the build process can be terminated.

The Checkmarx Plugins provide software composition analysis based only on the manifest files and fingerprints. This analysis involves compressing and sending only the manifest files, configuration files, file names, and fingerprint data to the Checkmarx SCA cloud. The source code is not sent to the cloud.

The following integration methods support Checkmarx SCA scans:

Platform(Documentation links)

Comments

CLI Tool

CxFlow

Checkmarx One

Any scan run via Checkmarx One can run the SCA scanner (as well as SAST and KICS). This includes scans run via the web application, Checkmarx One CLI Tool, REST API and Plugins.

Checkmarx One provides plugins for the following platforms:

CI/CD - Checkmarx One Azure DevOps Plugin , Checkmarx One GitHub Actions, Checkmarx One TeamCity Plugin, Checkmarx One Jenkins Plugin

IDE - Checkmarx One Visual Studio Code Extension (Plugin), Checkmarx One Visual Studio Extension (Plugin), Checkmarx One JetBrains Plugin, Checkmarx One Eclipse Plugin

Jenkins Plugin

Supports integration with Checkmarx SCA Resolver, see Configuring the Jenkins Plugin for Scanning.

Azure DevOps Plugin

Supports integration with Checkmarx SCA Resolver, see “Adding a Checkmarx SCA Scan Project” in Running a Scan from Azure DevOps.

TeamCity Plugin

Bamboo Plugin