Skip to main content

Modifying SAST

Modify allows you to add or remove features for the currently installed version of your Checkmarx SAST application.

Before you start:

Notice

If you are switching Java versions, for example due to upgrading or otherwise modifying your Checkmarx SAST installation in a way that it requires a newer Java installation, you have to update the newer Java location with the certificate from the previous Java location. This means, you have to copy the cacerts file from the previous Java location (..\Checkmarx Risk Management\jre\lib\security\) to the new Java location (<install path>\openjdk-8u242-b08-jre\lib\security\) and overwrite the existing cacerts file in the new location with your existing cacerts file.

Make sure there are no scans currently running.

Stop all Cx Windows services and Web servers (depending on the Checkmarx components installed on the server):

On a centralized host:

  • CxSystemManager

  • CxJobsManager

  • CxScansManager

  • CxSastResults

  • CxScanEngine

  • Management and Orchestration:

  • CxARM

  • CxARMETL

  • CxRemediationIntelligence

  • Shared services:

  • ActiveMQ

  • Web server (run "iisreset /stop" from elevated CMD or Stop action for the server name in IIS Console):

  • World Wide Web Publishing Service

  • IIS Admin Service

On a CxEngine host (if applicable):

  • CxScanEngine

To modify CxSAST:

1. Go toStart > Control Panel > Programs > Programs and Features . The Programs and Features screen is displayed.

Notice

As a precaution, you should backup all Cx databases (using standard SQL Server tools and make sure to give the files unique names and to include .bak.

6436169126.png

2. Double-click on CxEnterprise or right-click and select Uninstall/Change. The Setup Options window is displayed.

6436169162.jpg

3. Click <MODIFY>, then click <OK> on the warning message to acknowledge that selecting Modify or Repair will change any previously defined installation configuration back to the default setting. The additional Installation Options window is displayed.

6436169132.png

4. Select or deselect the required product features for this modification from the available list.

Notice

Access Control is the only component that, by default, you cannot modify.

5. Click <NEXT> to continue. The Prerequisites Check window is displayed, showing the status of all prerequisite components.

6. For any prerequisite component not yet installed (marked with 6436169156.png), perform the following:

  • Click 'Browse' and select the JRE folder (e.g., C:\openjdk-8u242-b08-jre , C:\Program Files\Java\jre1.8.0_241 or C:\Program Files\Java\jdk1.8.0_241\jre).

    Notice

    The Java installation should be located where permission fulfillment is possible (e.g., C:\Program Files) and not in personal user’s folders such as the Desktop folder. The approved and recommended Java version is 1.8. The minimum version for Oracle is 8u241 and for AdoptOpenJdk , it is 8u242. Before you continue, verify that the minimum version is installed on your server.

  • Click the Prerequisites Folder button to navigate to the supplied components and install each one separately.

7. After all missing prerequisite component(s) has been installed, click <Recheck Prerequisites> after making the necessary changes.

6436169159.png

8. When all prerequisite components are installed, click <NEXT>to continue. The CxSAST SQL Server Configuration window is displayed.

6436169138.png

9. For CxSAST, define a connection to the installed SQL Server or to any other SQL server on your network, by selecting one of the following:

  • Connect using Integrated Windows Authentication (login not required)

  • Connect using SQL Server Authentication (provide SQL user name and password for login with SA permissions).

10. Click <Test Connection>. A "Connection OK" message is displayed upon confirmed connection to the CxSAST SQL Server.

Notice

If the "SQL Connection Test Results" message indicates that connection to the SQL Server has failed, verify the following:

  • Host, port and login credentials are correct

  • The machine is a member of a Windows domain (if not, either join the machine to a domain and perform a restart, or connect using SQL Server Authentication)

  • The SQL Server Browser Windows service is running (if not, enable and start it).

11. Click <OK> on the confirmation message, then click <NEXT>. The M&O Layer SQL Server Configuration window is displayed.

6436169141.png

12. For Management and Orchestration Layer, define the SQL Server connection by selecting one of the following:

  • Connect using Integrated Windows Authentication (login not required)

  • Connect using SQL Server Authentication (provide SQL user name and password for login with SA permissions).

Notice

For M&O Layer SQL Server connectivity, both Dynamic and Static port configurations are supported. For more information, refer to Configuring Management & Orchestration SQL Server for Dynamic and Static Port Connectivity.

13. Click Test Connection. A "Connection successful" message is displayed upon confirmed connection to the SQL Server.

Notice

If the "SQL Connection Test Results" message indicates that connection to the SQL Server has failed, verify the following:

  • Host, port and login credentials are correct

  • The machine is a member of a Windows domain (if not, either join the machine to a domain and perform a restart, or connect using SQL Server Authentication)

  • The SQL Server Browser Windows service is running (if not, enable and start it).

14. Click <OK> on the message, and then click <NEXT>. The Setup Summary window is displayed.

6436169144.png

15. Check the setup summary according to your selection.

16. Click <INSTALL>to continue, <BACK>to return to the previous window, or <X>to exit. The Installation in Progress window is displayed.

6436169147.png

Setup Failure

If the installation fails, the "Setup failed" message is displayed. For more information, see the installation logs. If you need further assistance, please contact Checkmarx support.

17. Once the modification is complete the Installation Completed Successfully window is displayed.

6436169150.png

18. Click <RESTART> to complete the installation.

19. If part of the modification included selecting the Management and Orchestration component on the Congratulations window, the Start Database Synchronization window is displayed.

6436169153.png

20. By default, the Start Database Synchronization checkbox is selected. This enables Management and Orchestration by initializing the automatic synchronization process. This process may take a while, depending on the amount of data being synchronized.

  • To continue now with the database synchronization, leave the checkbox selected, and then click <CLOSE>. If required, reboot the server (you will receive a prompt if rebooting is necessary). The database synchronization process starts automatically.

  • For more information about installing Management and Orchestration, see Installing Management and Orchestration.

  • To perform the database synchronization at another time, clear the checkbox, and click <CLOSE>. At a later time use the ETL tool to perform the synchronization, located at C:\Program Files\Checkmarx\Checkmarx Risk Management\ETL\etl_executor.exe

Notice

If attempting to install CxSAST with an existing Management and Orchestration database, the subsequent ETL DB sync will fail, due to a limitation in Management and Orchestration. Therefore, in order to reinstall CxSAST, either delete the existing Management and Orchestration database before reinstalling, or reinstall with a new Management and Orchestration database.

21. Validate that all Cx Windows services and Web servers (depending on the Checkmarx components installed on the server) have started.

Notice

By default, all product services are installed and configured to run with Windows Network Service account. For updating or customizing non-default service accounts, please refer to Configuring CxSAST for using a non-default User (Network Service) for CxServices & IIS Application Pools.