Skip to main content

Configuring CxOSA with a Proxy Server

In order to run Open Source Analysis (CxOSA) and generate and download analysis result reports (PDF) when using a proxy server, perform the following configuration steps:

To run CxOSA:

1. Navigate to C:\Program Files\Checkmarx\Checkmarx Scans Manager\bin\CxScansManagerWinService.exe.config.

2. Insert the <system.net> tag just before the closing </configuration> tag and add the <defaultProxy> tag and contents as follows:

<system.net>
  <defaultProxy useDefaultCredentials="true"> 
    <proxy usesystemdefault="False" proxyaddress="http://<proxy ip address>:<proxy port>" bypassonlocal="True" /> 
    <bypasslist> 
      <add address="<ip address range regex>" /> 
    </bypasslist> 
  </defaultProxy> 
</system.net>

Notice

The <bypasslist> parameter is required in situations where the traffic for remote CxEngines should not go through the defined proxy, for example when proxy is used for external communication, but not for internal (in domain) communication.

The <bypasslist> should include the addresses of the CxEngines and the address of the Access Control service endpoint.

Symptoms are that after adding this proxy configuration, the CxOSA scans works however the CxSAST scans do not. The add address value in the example below is a regex to capture a range of IP addresses starting 10.65.*.* and range of machines in *.domain.com domain. Further information on this parameter may be found here.

Example:

<system.net>
  <defaultProxy useDefaultCredentials="true"> 
    <proxy usesystemdefault="False" proxyaddress="http://127.0.0.1:8888" bypassonlocal="True" /> 
    <bypasslist> 
      <add address="10\.65\.\d{1,3}\.\d{1,3}" />
      <add address="[a-zA-Z0-9]+\.domain\.com" />
    </bypasslist> 
  </defaultProxy> 
</system.net>

To generate and download analysis result reports (PDF):

1. Navigate to C:\Program Files\Checkmarx\Checkmarx Web RestAPI\CxRestAPI\Web.config,

2. Under the <system.net> tag, add the same <defaultProxy> tag and its contents as in running CxOSA, above.

3. Restart all Cx services (CxJobsManager, CxScansManager, CxSystemManager and CxScanEngine services).

4. Restart the IIS web server.