Skip to main content

Configuring Scanner Default Settings

Scanner default settings allow the user to set several Parameters in the Tenant level.

The tenant level is the bottom level for these specific Parameters.

This means that the Parameters will apply to all the Projects including all the Scans in those Projects.

Open Scanner Default Settings

To open the Scan settings, perform the following steps:

  1. Log in to Checkmarx One using your Username & Password.

  2. Click on the Account Settings icon Settings.png

  3. Click on the Settings tab

    6202982505.png

Notice

  • Each scanner has a different set of Parameters.

  • It isn’t possible to configure the same parameter twice.

  • Clicking the Trash.png icon will clear the configuration field.

  • Checking the Allow_Override.png checkbox will allow overriding the same parameter in a higher level of configuration.

    For more information see Configuring Project Rules

  • "Allow override" is selected by default for all the Parameters in the Tenant settings.

SAST Scanner Parameters

All the Parameters that will be defined for the SAST scanner will be applied for all the Projects that will run SAST scans.

The table below presents all the optional Parameters, and their optional values.

Parameter

Values

Notes

presetName

All the available SAST Presets that exist in the system

  • For the full Presets list (including descriptions) go to the following link:

    Predefined Presets

  • The default preset that is used is ASA Premium

filter

Any file type

  • Including a file type - *.java

  • Excluding a file type - !*.java

  • Use “,” sign to chain file types

    for example: *.java,*.js

  • The parameter also supports including/excluding folders.

languageMode

primary / multi

For more information see:

Specifying a Code Language for Scanning

Supported Code Languages and Frameworks:

engineVerbose

true / false

  • true = Enables PRINT_DEBUG mode.

  • false = Enables PRINT_LOG mode.

incremental

true / false

ASA Premium Preset

ASA Premium Preset is a part of the SAST collection of presets.

This Preset is available only for Checkmarx One. Its usage is described in the table below.

Preset

Usage

Includes vulnerability queries for....

ASA Premium

The ASA Premium preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program.

The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner.

Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, Ruby, Scala, VB6, VbNet, Cobol, RPG and VbScript coding languages.

ASA Premium Mobile

The ASA Premium Mobile preset is a dedicated preset designed for mobile apps.

The ASA Premium Mobile preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program.

The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner.

Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, Ruby, Scala, VB6, VbNet, Cobol, RPG and VbScript coding languages.

IaC Security Scanner Parameters

All the Parameters that will be defined for the IaC Security scanner will be applied for all the Projects that will run IaC Security scans.

The table below presents all the optional Parameters, and their optional values.

Parameter

Values

Notes

filter

Any file type

  • Including a file type - *.java

  • Excluding a file type - !*.java

  • Use “,” sign to chain file types.

    for example: *.java,*.js

  • The parameter also supports including/excluding folders.

platforms

Ansible / CloudFormation / Dockerfile / Kubernetes / Terraform

Notice

It is possible to configure one/more values, separated with a comma.

For example: Ansible,CloudFormation,Dockerfile

Warning

Any mistake in the the platform characters will cause an error

SCA Scanner Parameters

All the Parameters that will be defined for the SCA scanner will be applied for all the Projects that will run SCA scans.

The table below presents all the optional Parameters, and their optional values.

Parameter

Values

Notes

filter

Any file type

  • Including a file type - *.java

  • Excluding a file type - !*.java

  • Use “,” sign to chain file types.

    for example: *.java,*.js

  • The parameter also supports including/excluding folders.

lastSastScanTime

Numeric character

Filtering Options

Filtering the scanners parameters is based on Glob.

For more information see Glob Tool

For instance:

  • Exclude all java files: !**/*.java

  • Exclude all files inside a folder Test: !**/Test/**

  • Exclude all files under root folder Test: !Test/**

  • Exclude just the files inside a folder leaving all subfolders content: !**/Test/*

  • Exclude all JavaScript minified files: !**/*.min.js

Note

The rules follow the same logic at tenant & project level.

In this section: