- Checkmarx Documentation
- Checkmarx SAST
- SAST API Guide
- CxSAST (SOAP) API
- Working with Scans
- Running a Scan
Running a Scan
The API client can call an immediate scan. Depending on whether the submitted project name (CliScanArgs.PrjSettings.ProjectName) already exists, the scan is called for the existing SAST project or a new project is created.
CxSDKWebService.Scan Method
public CxWSResponseRunID Scan( string sessionId, CliScanArgs args );
Parameters
sessionID: The current Session ID
args: An instance of class CliScanArgs, containing project configuration.
When scanning to an existing CxSAST project, get the existing project configuration, modify as needed, and submit the modified project configuration object.
Return Value
CxWSResponseRunID, including:
.ProjectID: ID of the existing or newly-created project. Can be subsequently used to get project details or to configure a project.
.RunId: Unique ID of this scan. Can be subsequently used to get scan status and details.
Example 1
To scan from a local source to an new project:
internal void Main(string [] args)
{
String sessionID = args[0];
CxSDKWebServiceSoapClient cxSDKProxy = new CxSDKWebServiceSoapClient();
ProjectSettings projSettings = new ProjectSettings();
//The project full name
projSettings.ProjectName = @"CxServer\SP\Company\NewScanProject";
//Set the query preset to 'default' preset (ID = 7)
projSettings.PresetID = 7;
//Set the source files encoding, English = 1
projSettings.ScanConfigurationID = 1;
SourceCodeSettings sourceCodeSettings = new SourceCodeSettings();
//Set the source code location to be local
sourceCodeSettings.SourceOrigin = SourceLocationType.Local;
//Set the zipped file and put its contents into byte array
sourceCodeSettings.PackagedCode = new LocalCodeContainer();
sourceCodeSettings.PackagedCode.FileName = @"C:\Server\Sources.zip";
sourceCodeSettings.PackagedCode.ZippedFile = File.ReadAllBytes(sourceCodeSettings.PackagedCode.FileName);
CliScanArgs scanArgs = new CliScanArgs();
scanArgs.PrjSettings = projSettings;
scanArgs.SrcCodeSettings = sourceCodeSettings;
//The scan is public for all users
scanArgs.IsPrivateScan = false;
//Scan all sources, not just changed sources
scanArgs.IsIncremental = false;
CxWSResponseRunID response = cxSDKProxy.Scan(sessionID, scanArgs);
ScanSucceded = response.IsSuccesfull;
RunID = response.RunId;
PrjctID = response.ProjectID;
}Example 2
To call an immediate scan to an existing project with a known ID of 200, maintaining existing project settings:
internal void Main(string [] args)
{
String sessionID = args[0];
CxSDKWebServiceSoapClient cxSDKProxy = new CxSDKWebServiceSoapClient();
//Get existing project settings
long projectID = 200;
CxWSResponseProjectConfig ProjectSettingsResponse = cxSDKProxy.GetProjectConfiguration(sessionID, projectID);
ProjConfig = ProjectSettingsResponse.ProjectConfig;
CxWSResponseRunID response = cxSDKProxy.Scan(sessionID, ProjConfig);
ScanSucceded = response.IsSuccesfull;
RunID = response.RunId;
PrjctID = response.ProjectID;
}SOAP to REST Mapping
This section covers SOAP to REST migration and mapping of our legacy SOAP based SDK to the new REST APIs. It is recommended to use this reference only once SAST V8.8.0 is installed.
Scan | POST /sast/scanSettings | Define a specific project’s scan settings. Parameters include - presetId, engineConfigurationId, postScanActionId and emailNotifications (beforescan, failedScans, afterScans). |
|---|---|---|
POST /projects/{Id}/sourceCode/attachments | Upload a specific project’s zip file (contains the source code for scanning). Parameters include - zippedSource. | |
POST /projects/{Id}/sourceCode/remoteSettings/git | Set a specific project’s remote source settings for GIT. Parameters include - url, branch and privateKey. | |
GET /projects/{Id}/sourceCode/remoteSettings/git | Get a specific project’s remote source settings for GIT. | |
POST /projects/{Id}/sourceCode/remoteSettings/git/ssh | Set a specific project’s remote source settings for GIT using SSH. Parameters include - url, branch and privateKey. | |
POST /projects/{Id}/sourceCode/remoteSettings/svn | Set a specific project’s remote source settings for SVN. Parameters include - url, absoluteUrl, port, paths and credentials (username, password and privateKey). | |
GET /projects/{Id}/sourceCode/remoteSettings/svn | Get a specific project’s remote source settings for SVN. | |
POST /projects/{Id}/sourceCode/remoteSettings/svn/ssh | Set a specific project’s remote source settings for SVN using SSH. Parameters include - absoluteUrl, port, paths and privateKey. | |
POST /projects/{Id}/sourceCode/remoteSettings/tfs | Set a specific project’s remote source settings for TFS. Parameters include - credentials (username and password), url, absoluteUrl, port and paths. | |
GET /projects/{Id}/sourceCode/remoteSettings/tfs | Get a specific project’s remote source settings for TFS. | |
POST /projects/{Id}/sourceCode/remoteSettings/perforce | Set a specific project’s remote source settings for Perforce. Parameters include - credentials (username and password), url, absoluteUrl, port, paths and browseMode. | |
GET /projects/{Id}/sourceCode/remoteSettings/perforce | Get a specific project’s remote source settings for Perforce. | |
POST /projects/{Id}/sourceCode/remoteSettings/shared | Set a specific project’s remote source settings for a shared repository. Parameters include – paths and credentials (username and password). | |
GET /projects/{Id}/sourceCode/remoteSettings/shared | Get a specific project’s remote source settings for a shared repository. | |
POST /projects/{Id}/sourceCode/remoteSettings/custom | Set a specific project’s remote source settings for a custom repository (e.g., source pulling). Parameters include – paths and credentials (username and password). | |
GET /projects/{Id}/sourceCode/remoteSettings/custom | Get a specific project’s remote source settings for a custom repository (e.g., source pulling). Parameters include – paths, preScanCommandId and credentials (username and password). | |
POST /sast/scans | Create a new scan and assign it to a specific project. Parameters include – isIncremental, isPublic, forceScan and comment. |