Preset Manager
Presets are predefined sets of queries that you can select when Creating, Configuring and Branching Projects. Predefined presets are provided by Checkmarx and you can configure your own. You can also import and export presets.
To open the Preset Manager:
Go to Settings > Scan Settings > Preset Manager. The Presets Manager window is displayed.
![]() |
Notice
You can quickly create a new preset based on an existing one (duplicate) by selecting a Preset from the Preset pane and clicking .
Creating a New Preset
To create a new preset:
From the Preset Manager, click Create New Preset. The Create New Presets window is displayed.
Enter a preset Name and click <Create>.
Select a Coding Language.
Select the Queries to be included in the preset.
Click <Save>.
Modifying an Existing Preset
To modify an existing preset:
From the Preset Manager, select a Preset from the Preset pane and click <Edit>.
Select a Coding Language.
Select the Queries to be included in the preset.
Notice
You can edit a single language, such as Java, selecting and deselecting the queries as needed, and then press Synchronize in order for all related queries in all languages to be selected.
Click <Save>.
Importing a Preset
To import a preset:
From the Preset Manager, click Import Preset. The Import Preset window is displayed.
Click <Select>. navigate to the preset (.XML file) and click <Open>.
Notice
If the imported preset has the same name as an existing one, the existing preset will be overridden.
Click <Import>. The Preset is displayed in the Preset pane.
Exporting a Preset
To export a preset:
From the Preset Manager, click <Export Preset> and save the exported preset (.XML file).
Deleting a Preset
To delete a preset:
From the Preset Manager, select a Preset from the Preset pane and click .
Predefined Presets
The following is a list of all the predefined presets provided by Checkmarx with the recommended usage and which vulnerability queries are included:
Preset | Usage | Includes vulnerability queries for.... |
---|---|---|
All | For all application security risks | Apex, ASP, Cobol, CPP, CSharp, Dart, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
Android | For Android related application security risks | Groovy, Java and Kotlin coding languages |
Apple Secure Coding Guide | For IOS related application security risks | ObjectiveC and Swift coding language |
ASA Mobile Premium | The ASA Mobile Premium preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program when scanning mobile applications. The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner. | CSharp, Java, JavaScript, Kotlin, ObjectiveC and Swift coding languages |
ASA Premium | The ASA Premium preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program. The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner. | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, VB6, VbNet and VbScript coding languages |
Checkmarx Default | The Checkmarx Default preset essentially contains all the vulnerabilities that Checkmarx recommends to scan in cases when you are unsure about which preset to use. | Apex, ASP, Cobol, CPP, CSharp, Dart, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
Checkmarx Express | The Checkmarx preset contains a curated set of High and Medium Java, C# and JS queries improved by Cx accuracy initiatives. | CSharp, Java and JavaScript languages |
CWE Top 25 | The Common Weakness Enumeration Top 25 contains the most common and impactful software weaknesses | Apex, ASP, Cobol, CPP, CSharp, Dart, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
Default | Default preset (soon to be discontinued) | Apex, ASP, CPP, CSharp, Groovy, Java, JavaScript, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, VB6, VbNet and VbScript coding languages |
Default 2014 | Default preset for 2014 (soon to be discontinued) | Apex, ASP, CPP, CSharp, Groovy, Java, JavaScript, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, VB6, VbNet and VbScript coding languages |
Empty Preset | Empty preset with no vulnerability queries. This can be used to create a new preset from scratch | Empty |
Error Handling | For error handling related application security risks | Apex, ASP, CPP, CSharp, Groovy, Java, ObjctiveC, Perl, PHP, PLSQL, Python, Ruby, VB6 and VbNet coding languages |
FISMA | For homeland security application risks according to the 'Federal Information Security Modernization Act' compliance guidelines | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
High and Medium | For high and medium related application security risks | Apex, ASP, Cobol, CPP, CSharp, Dart, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
High, Medium and Low | For high, medium and low related application security risks | Apex, ASP, Cobol, CPP, CSharp, Dart, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
HIPAA | For sensitive patient data related security risks according to the HIPAA (Health Insurance Portability and Accountability Act) compliance guidelines | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Scala, Swift, Typescript, VB6, VbNet and VbScript coding languages |
ISO/IEC TS 17961 2013/2016 | For C++ coding standards | C++ coding language |
JSSEC | For Android related application security risks according to the JSSEC (Japan's Smartphone Security Association) compliance guidelines | Groovy and Java coding languages |
MISRA_C | For C related application security risks according to the MISRA (Motor Industry Software Reliability Association) compliance guidelines | C++ coding language |
MISRA C 2012 | This preset aims to be an improved version of the preset MISRA_C and it has a set of queries covering the standard C coding guidelines for the Motor Industry. The preset is not fully completed yet, we will include new and improved queries in a continuously manner in the next versions. | C coding language |
MISRA_CPP | For C++ related application security risks according to the MISRA (Motor Industry Software Reliability Association) compliance guidelines | C++ coding language |
Mobile | For mobile related application security risks | CSharp, Groovy, Java, JavaScript, Kotlin, ObjectiveC and Swift coding languages |
MOIS(KISA) Secure Coding 2021 | MOIS (KISA) Software Secure Coding 2021 from the Ministry of the Interior and Safety (MOIS) and Korea Internet & Security Agency (KISA) | Apex, ASP, Cobol, CPP, CSharp, Dart, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, VB6, VbNet and VbScript languages |
NIST | For the application security risks according to the 'National Institute of Standards and Technology' compliance guidelines. | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet and VbScript coding languages |
OWASP ASVS | This preset provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, VB6, VbNet and VbScript coding languages |
OWASP Mobile TOP 10-2016 | For the top 10 web application security risks according to the OWASP (Open Web Application Security Project) compliance guidelines for 2016 | CSharp, Groovy, Java, JavaScript, Kotlin and ObjectiveC coding languages |
OWASP TOP 10-2010 | For the top 10 web application security risks according to the OWASP (Open Web Application Security Project) compliance guidelines for 2010 | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Typescript, VB6, VbNet and VbScript coding languages |
OWASP TOP 10-2013 | For the top 10 web application security risks according to the OWASP (Open Web Application Security Project) compliance guidelines for 2013 | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet and VbScript coding languages |
OWASP TOP 10-2017 | For the top 10 web application security risks according to the OWASP (Open Web Application Security Project) compliance guidelines for 2017 | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet and VbScript coding languages |
OWASP TOP 10-2021 | For the top 10 web application security risks according to the OWASP (Open Web Application Security Project) compliance guidelines for 2021 | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet and VbScript coding languages |
OWASP TOP 10 API | For understanding and mitigating the unique vulnerabilities and security risks of Application Programming Interfaces (APIs) according to the OWASP (Open Web Application Security Project) compliance guidelines for 2019. | CSharp, Java and JavaScript coding languages |
PCI | For credit card payment application security risks according to the PCI (Payment Card Industry) compliance guidelines | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet, and VbScript coding languages |
SANS Top 25 | For the top 25 web application security risks according the SANS Technology Institute’s compliance guidelines | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet and VbScript coding languages |
SEI CERT | For C++ coding standards | C++ coding language |
STIG | For the application security risks according to the 'Security Technical Implementation Guide' compliance guidelines | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, Perl, PHP, PLSQL, Python, Ruby, Scala, Typescript, VB6, VbNet and VbScript coding languages |
Top Tier | This preset is designed to be “noise-free” with the highest level of accuracy and reliability when scanning their code for vulnerabilities and security risks. The "High Accuracy Default Preset" is based on the top queries with the highest accuracy. | Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, RPG, Ruby, Scala, Swift, VB6 and VbNet coding languages |
WordPress | For WordPress related web application security risks | PHP coding language |
XS | For XS SAP related application security risks | JavaScript coding language |
XSS and SQLi only | Recommended best practice when starting to scan a new project in order to focus on the most important vulnerabilities first. | Apex, ASP, Cobol, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin, ObjectiveC, Perl, PHP, PLSQL, Python, Ruby, Scala VB6, VbNet and VbScript coding languages |