Skip to main content

Checkmarx One CLI Quick Start Guide


The Checkmarx One CLI is a Command Line Interface that acts as a wrapper and enables the ability to perform all tasks that are normally done via the REST APIs.

There are specific executables for the main use cases in order to perform the following:

  • create/delete/get/set projects

  • create/delete/get/set scans for all of our engines

  • get results

The latest CLI is also in a container, in case the user wants to deploy and use it in that way: checkmarx/ast-cli

Getting Started

Download and Installation

To download the CLI tool, perform the following:

  1. Go to the following link: CLI Releases

  2. Download the relevant tool that is compatible with your Operating System.

  3. Place the tool in any location on the client that you are using.


The CLI tool can be installed on any Linux/Windows/MAC distributions.

Initial Setup

For this quick start tutorial, describes how to authenticate using an an API Key. For the alternative method using an OAuth Client, see Configuring the Checkmarx One CLI.

  1. Generate a Checkmarx One API Key for authentication.

  2. Open the CLI on your machine, and navigate to the CLI tool file location.

  3. Run the cx configure command.

    The CLI will prompt you to enter your credentials.

  4. Skip the prompt for AST Tenant by hitting Enter.

  5. When you are prompted Do you want to use API Key authentication?, enter "y".

  6. When you are propted for AST API Key, enter your API Key.

  7. You can skip the rest of the prompts by hitting Enter.

Creating a Project

To create a new Project, use the project create command and enter a name for the project using the --project-name flag. See project create

./cx project create --project-name <Project name>

Running a Scan

To run a scan, use the scan create command and specify the project name, branch and file location or repository URL using the --project-name, --branch and -s flags. See scan create

./cx scan create --project-name <Project name> --branch <branch name> -s <Repository URL>

Viewing the Results

To view the scan results, use the results show command and provide the Scan ID you received after running the scan using the --scan-id flag. See results show

./cx results show --scan-id <Scan ID>