Skip to main content

Application Settings

Notice

From v9.0.0 and up, for SMTP and Domain Management settings, see Access Control Settings.

General Settings

The General screen enables you to set the paths, folders, web server address, and language as well as other application specific settings and SMTP.

To open general settings:

  • Select Settings > Application Settings > General. The General Settings window is displayed.

6436174404.png

Server Settings

In the Server settings panel, you can set folder locations, maximum number of scans, default settings and automatic sign in.

6436174401.png

Click Edit. The setting fields are enabled. The panel includes the following settings:

  • Reports Folder - Set the reports folder to save reports in (e.g., C:\CxReports)

  • Results Folder - Set the results folder to save results in (e.g., C:\Program Files\Checkmarx\Checkmarx Jobs Manager\Results)

  • Executables Folder - Set the executables folder to save executables in (e.g., C:\Program Files\Checkmarx\Executables)

  • Path to GIT client executable - Set the GIT client executable path (e.g., C:\Program Files\git\bin\git.exe).

Notice

The validation of 'git.exe' and 'p4.exe' is no longer mandatory in CxSAST when defining the 'Path to GIT client executable' and the 'Path to Perforce command-line client executable' parameters.

  • Path to P4 command line client executable - Set the Perforce client executable path (e.g., C:\Program Files\Perforce\p4.exe)

    Notice

    If you haven't already done so, download the P4 command line executable (HELIX P4: COMMAND-LINE) from: https://www.perforce.com/downloads/helix, run the .exe file making sure the installed files are placed into a directory that CxSAST can access (i.e., C:\Program Files\Perforce)". Use this same directory to fill the Path to P4 command line client executable parameter field.

  • Maximum number of concurrent scans - Set the maximum number of concurrent scans a CxManager can run. This cannot exceed the licensed number of concurrent scans. Reducing the number of concurrent scans below the licensed amount can help to prevent the CxManager out of resources. The default is 2. CxScansManager service must be restarted before any changes to this setting take effect.

  • Time remaining until task completion (min) - Set the time remaining until the task is complete.

  • Web Server Address - Set the web server address in order to access links in generated report from outside the organization.

  • Long Path Support - Enables long path support for the CxSAST application. Enabling long path support is required on all CxEngines and all CxManagers. Without long path support, the path of source file to be scanned is limited to 260 characters.

  • Default Server Language - Set the default server language.

  • Allow Auto Sign In - Enable/Disable auto sign in.

SMTP Settings

The SMTP settings panel enables you to set the host settings and default credentials of your SMTP.

6436174398.png

Click Edit. The setting fields are enabled. This panel includes the following settings:

  • Host - Type in the host domain.

  • Port - Select a port number.

  • Encryption Type - Select the encryption type.

  • Email from Address - Notification by E-mail address.

  • Use Default Credentials - Enable/disable default credentials. If enabled, the default credentials of the host are used.

  • User Name - Enter the user name.

  • Password - Enter the password.

CxOSA Settings

For more information about CxOSA Settings and Open Source Analysis (CxOSA) in general,see CxOSA Settings in the Checkmarx CxOSA Documentation.

License Details

CxSAST lets you view the details of the license you obtained. To view the license details, do the following:

  • Select Settings > Application Settings > License Details. The License Details window is displayed.

6436175281.png

The License Details screen is divided into the following windows:

General

The General panel provides general license information.

6436175278.png

This includes the following information:

  • Edition - CxSAST license edition (SDLC or Security Gate). To learn more about the different editions please refer to License Editions Overview.

  • Expiration Date - Lcense expiry date

  • LOC - The number of lines of code the license was bought for

  • HID - Hardware identification number

  • CxOSA License - Open Source Analysis license status (Enabled, Disabled or Conditional with expiration date for Conditional version). For more information about CxOSA License and Open Source Analysis (CxOSA) in general,see CxOSA License Details in the Checkmarx CxOSA Documentation.

Notice

To request a new license, if you have not yet obtained a permanent license, copy your Hardware ID, which you will need in order to obtain a license from Checkmarx. Or, you can later obtain your hardware ID by using the shortcut in the Windows / Start menu Checkmarx folder.

Supported Languages

The Supported Languages panel includes the supported languages used in default queries.

6436175275.png

Capacity

The Capacity panel provides information about the number of users (combined roles), projects and engines available and in use in the system according to the current license.

6436175272.png

This includes the following information:

  • Users - Number of users available in the system (i.e., Server Managers, Service Provider Managers, Company Managers, Scanners and Reviewers)

  • Auditors - Number of users available in the system that have auditing permissions and can run CxAudit (i.e Auditors Users)

  • Projects - Number of projects available in the system

  • Number of Concurrent Scans - Number of concurrent scans available in the system.

License Expiration Notification

The License Expiration Notification panel provides notification behavior settings for when your CxSAST license is about to expire.

6436175269.png
  • Notification by E-mail - If checked, a notification email is automatically sent to the CxSAST Administrator User on a weekly basis, starting 90 days (defined in the database) before the actual license is set to expire.

    Notice

    The Notification by email address is defined under Email Notifications in the Server SMTP Setting.

Installation Information

The Installation Information screen provides a list of all the CxSAST components installed with their characteristic parameters. To display the installation information, do the following:

1. Select Settings > Application Settings > Installation Information. The Installation Information window is displayed with the following information:

  • Installation Path: Location of the installation.

  • Version:The CxSAST version with build#.

  • DNS: System name of the host where the component is installed This information also indicates, if the system is a centralized or a distributed installation.

  • IP: The IP address of the host where the component is installed.

  • Hotfix: The Hotfix number. 0, if no hotfix has been installed.

  • State: Current state of the respective component.

6436175736.png

2. Click the Download System Log button to download the system log file.

Content Pack version

  • The permission (download_system_logs) is required to perform the 'Download System Log' task.

  • The latest queries pack version is also listed in cases where a content pack is installed. For additional information on the Content Pack for your version, refer to the relevant version release notes section.

External Services Settings

CxSAST offers additional tools for application security and development environments in order to improve secure coding and practices using external service providers. By activating this feature, a secure handshake is performed between your organization, Checkmarx external servers and the external service providers.

To open external services settings:

1. Select Settings > Application Settings > External Services Settings. The External Services Settings window is displayed.

6436176174.jpg

2 Click the Activate/Reactivate External Services button to activate or reactivate (if deactivated) a secure communication path between your organization, CxSAST and the service provider.

Notice

In cases where the automatic activation process doesn't perform as expected, you may need to request a manual activation. Please contact Checkmarx support.

3. Click <Edit>. The Codebashing Settings fields are enabled.

  • Enable Codebashing - If selected, enables anonymous data collection in order to provide user analytics. The second checkbox, enables non-anonymous data collection in order to provide user analytics. This option, if selected, sends user details (email) to Codebashing for Analytics View.

Engine Management

Engine Server Management provides an interface for viewing real-time engine server status information that includes the number of engine servers in the system, their status, location (URL) and scan size. Available actions on the Engine Management interface include registering, editing, blocking/unblocking and unregistering engine servers as explained below.

To open the Engine Management:

  • Select Settings > Application Settings > Engine Management. The Engine Management window is displayed.

6436176599.png

Notice

The Engine Server Management screen refreshes every 20 seconds.

Engine Server Management provides real-time information about the status of each engine server in the system. Each engine server is listed according to its status. The engine server list includes the following information:

Field

Description

Selector

Select 6436176626.png all engines in case you want to unregister all of them.

Engine Server Name

Name of the engine server

Status

Status of the engine server:

  • 6436176614.pngScanning: The engine server is running one or more scans.

  • 6436176617.pngIdle: The engine server is waiting to receive scan requests.

  • 6436176629.pngBlocked: The engine server is blocked and unable to receive scan requests.

  • 6436176608.pngOffline: The engine server is unable to communicate with the system because the host may be down, a service stopped, connectivity issues, etc.

  • 6436176611.pngScanning & Blocked: The engine server is blocked and completes running scans that have been requested before the engine server has been blocked.

Engine URL

URL of the engine server

Scan Size

The range of the number of lines (LOC) allowed to be scanned on this engine.

Maximum Scans

The max number of concurrent scans allowed on this engine.

Engine Version

Engine version number

Engine Operating System

The operating system of the host on which the Engine server is installed.

Actions

The following actions are available:

  • 6436176635.pngEdit

  • 6436176632.pngUnregister

  • 6436176629.pngBlock

  • 6436176629.pngUn block

Performing Engine Server Management Actions

The Engine Management interface allows you to perform the following:

  • Registering a new engine server

  • Editing an engine server

  • Blocking/unblocking an engine server

  • Unregistering an engine server

Registering a New Engine Server

You can register (add) a new engine server to the system as follows:

1. Click <REGISTER ENGINE SERVER> to display the Register Engine Server dialog.

2. Define the following server attributes:

6436176638.png

Parameter

Description

Server Name

Enter the name of the engine server. Each engine server should have a unique name.

Server URI

Enter the URI address of the engine server. The URL looks as follows:

http(s)://<host name or IP address>:<port>, for example

http://172.17.180.92:8088

Scan LOC Limit

Enter the scan LOC (lines of code) limit. The 'From' and 'To' definition must be a whole number between

0 - 999,999,999.

Max Concurrent Scans

Enter the allowed max number of concurrent scans, which must be a whole number between 1 - 999,999,999.

Notice

The max number you can enter depends on the resources of your system.

3. Click <UPDATE> to save the changes. The new engine server is added to the engine list.

Editing an Engine Server

You can edit an existing engine server's attributes in the system as follows:

1. In the Engine Server table, under Actions, click 6436176659.png and select 6436176635.png Edit. The Edit Engine Server dialog is displayed.

6436176623.png

2. Modify the engine parameters accordingly. For additional information on parameters, refer to Registering a New Engine Server.

3. Click <UPDATE> to save the changes.

Blocking/Unblocking an Engine Server

Blocking prevents the engine server from accepting any new scan requests from the system. Scans requested by the system before the engine server has been blocked, continue uninterrupted until they are completed. To block an engine server, do the following:

1. In the Engine Server table, under Actions, click 6436176659.png and select 6436176629.png Block. The Block Engine Server dialog is displayed.

6436176620.png

2. Click <BLOCK ENGINE>. The status of the engine server switches to 6436176629.png Blocked in the list.

To unblock an engine server, do the following:

  • Follow the instructions above and select

    6436176629.pngUnblock. Once the engine server is unblocked, the status of the engine server returns to the previous status, usually

    6436176617.pngIdle, and resumes accepting new scan requests from the system.

To block multiple engine servers:

1. Select 6436176626.pngat least two engine servers. You are now able to perform a batch job 6436176602.png.

2. Click 6436176602.png and then select 6436176629.png Block from the menu. The selected engine servers in the list are blocked.

To unblock multiple engine servers:

1. Select 6436176626.pngat least two engine servers. You are now able to perform a batch job 6436176602.png.

2. Click 6436176602.png and then select 6436176629.png Unblock from the menu. The selected engine servers in the list are unblocked.

Notice

In order to block (unblock) engine servers as a batch job, all the selected engine servers must be unblocked (blocked), otherwise the 6436176629.png Block/6436176629.png Unblock command is unavailable.

Unregistering an Engine Server

You can unregister (remove) an engine server from the system as follows:

1. In the Engine Server table, under Actions, click 6436176659.png and select and select 6436176632.png Unregister. The Unregister Engine Server dialog is displayed.

2. Click <YES, UNREGISTER ENGINE> to remove the engine server from the Engine Management list.

6436176605.png

To block multiple engine servers:

1. Select 6436176626.pngat least two engine servers. You are now able to perform a batch job 6436176602.png.

2. Click 6436176602.png and then select 6436176632.png Unregister from the menu. You are asked to confirm your request.

3. Click <YES, UNREGISTER ENGINES> to remove the selected engine servers from the list.

Notice

  • You cannot unregister engine servers that are currently running a scan.

  • If you run a batch job and some of the selected engine servers are currently running a scan, you are notified that the scanning engine servers cannot be unregistered. If you still want to unregister these engine servers, you have to repeat the unregistering process for them.

Issue Tracking Settings

Issue tracking for CxSAST can be performed using JIRA integration. JIRA is a proprietary issue tracking product that allows bug tracking and agile project management.

Notice

To configure JIRA integration, CxSAST Manager permissions are required. To enable CxSAST scanners to configure JIRA integration, please contact Checkmarx support.

To configure JIRA integration:

1. On the CxSAST server (in a distributed deployment: on CxManager), open the following file for editing:

C:\Program Files\Checkmarx\CheckmarxWebPortal\Web\web.config

2. Under the appSettings element, add:

<add key="EnableIssueTracking" value="true"></add>

3. Log off the CxSAST Web Portal, if currently logged in.

4. Log in to the CxSAST web interface and go to Settings > Application Settings > Issue Tracking Settings, and click Add Issue Tracking System:

5. Provide the top-level URL of your JIRA server, including the protocol (http or https) and port number, and a user account with permissions for creating issues and for reading issue metadata, and click Create

6436176726.jpg

6. Create a CxSAST project, and in the Advanced Actions stage, under Issue Tracking Settings, select the JIRA server.

7. Click Select, and configure JIRA issue submissions:

6436176729.png

8. Set the JIRA Project and Issue Type.

9. Configure default values for issue fields: Select each JIRA Field, select a Field Default and click Set. Make sure to configure values for all mandatory fields (marked with *).

10. Click Save.

11. Back in the CxSAST project, click Finish.

License Editions Overview

This document outlines the highlight of difference between the CxSAST license editions.

For a detailed comparison, contact Checkmarx support.

SDLC Edition

Security Gate Edition

CxPortal

(blue star)
(blue star)

Access Control

(blue star)
(blue star)

IDE Plugins

(blue star)
(blue star)

Source Code Repository (git, svn, TFS)

(blue star)
(blue star)

M&O

(blue star)
(blue star)

Build Servers

(blue star)
(blue star)

REST API / CLI

(blue star)
(blue star)

Management & Collaboration tools (Sonar, Github, etc.)

(blue star)
(blue star)

Ticketing systems (e.g Jira)

(blue star)
(blue star)