Plugin Integration
There are several methods for running CxSAST scans, but the most widely used is within CI/CD environments like Jenkins, Bamboo, or TeamCity. Adopting these practices allows you to streamline delivery processes and integrate security into your projects seamlessly.
Break Build
A common practice in these integrations with Policy Management solutions is incorporating a feature called Break Build. With this feature, you can configure your automated pipelines to fail and raise an alert whenever something unexpected occurs, such as a policy violation for a specific project.
This functionality provides an early alert of problems in the software development cycle, enabling you to respond quickly and with minimal impact on the business.
In the context of CxSAST Policy Management, you can enable the Break Build functionality when running scans through CxSAST plugins. The pipeline will automatically fail if a policy violation occurs during a scan.
Plugin Compatibility
Checkmarx supports various plugins, spanning CI/CD platforms, IDEs, and simple CLI tools, offering diverse ways to run CxSAST scans. The deprecated M&O solution integrated with all these plugins provides Break Build compatibility.
To ensure a smooth integration with all plugins, there is some backward compatibility between the new CxSAST Policy Management and the old M&O endpoints. Consequently, the endpoint from M&O that was used to obtain policy validation results has been recreated in the new Policy Management solution. This allows the plugins to function similarly in M&O and CxSAST Policy Management.
For more details on plugins, see https://checkmarx.com/plugins/