Skip to main content

SCM Integration Usage & Results

Triggering a Scan

To trigger a scan you need to perform one of the following actions via any SCM Repository:

Push Event

To verify what is the expected result for a Push event flow, perform the following:

  1. Go to the SCM Repository in the SCM organization and perform a push event.

  2. Refresh the Applications and Projects home page and verify that a scan is triggered.

    6166249823.png
  3. Wait for the scan to be finished.

  4. Open the scan results in Checkmarx One.

  5. For additional information about the scan results, click here

Pull Request

When initiating a pull request via SCM Repository, the following is expected:

  • An indication via Checkmarx One that a scan is in progress.

  • A notification message via SCM that a Checkmarx One scan is in progress (Comment section).

  • A notification message via SCM that a Checkmarx One scan is completed (Comment section).

  • The scan results are presented via Checkmarx One Scanners view.

  • Checkmarx vulnerabilities report enriches the SCM pull request containing the only New Issues that ware found via scan.

To verify the above for a Pull request flow, perform the following:

  1. Go to the SCM Project in the SCM organization and perform a pull request.

  2. Go to the Comment section in the SCM pull request and verify that Checkmarx One Scan is in progress… comment exists.

    6164678667.png
  3. A scan status notification will be presented as well.

    6166970624.png
  4. Refresh the Applications and Projects home page and verify that a scan is triggered.

    6165629000.png
  5. Wait for the scan to be finished.

  6. Open the scan results in Checkmarx One. For additional information about the scan results, click here

  7. Check the Project Total Vulnerabilities widget in Checkmarx One (HIGH, MEDIUM, LOW, INFO).

    For example:

    6243778720.png
  8. Go to the Comment section in the SCM pull request.

  9. Verify that a Checkmarx vulnerabilities report is presented, containing New Issues summary.

    For example:

    6333564672.png

Branch Scanning

Note

  • Every time that a developer performs a “commit” to a specific branch, a new piece of code is added to this branch.

  • Every “commit” will automatically trigger a scan for this branch in Checkmarx One.

  • During the scan, a comparison between the source branch & the target branch is being performed, which enables the enrichment of the SCM's “comment” section.

  • The scan results will enrich the pull request “comment” section with the following information:

    • New Issues - New vulnerabilities that were found in the target branch scan.

    • Fixed Issues - Issues that were found in the source branch and were fixed in the target branch by the developer.

The above will provide the developer the ability to focus only on the “New Issues” that were found in the latest scan.

When initiating a pull request via a new branch, the following is expected:

  • An indication via Checkmarx One that a scan is in progress.

  • A notification message via SCM that a Checkmarx One scan is in progress (Comment section).

  • A notification message via SCM that a Checkmarx One scan is completed (Comment section).

  • The scan results are presented via Checkmarx One Scanners view.

  • A comparison between the source branch & the target branch is being performed, which enables the enrichment of the SCM pull request “comment” section, containing the New Issues vs Fixed Issues that were found on the target branch that was scanned.

To verify the above for a new branch Pull request flow, perform the following:

  1. Go to the the SCM Project in the the SCM organization and perform a pull request via a new branch.

  2. Go to the Comment section in the pull request and verify that Checkmarx One Scan is in progress… comment exists.

    6164678667.png
  3. A scan status notification will be presented as well.

    6166970624.png
  4. Refresh the Applications and Projects home page and verify that a scan is triggered.

    6165629000.png
  5. Wait for the scan to be finished.

  6. Open the scan results in Checkmarx One. For additional information about the scan results, click here

  7. Check the Project Total Vulnerabilities widget in Checkmarx One (HIGH, MEDIUM, LOW, INFO).

    For example:

    6243778720.png
  8. Go to the Comment section in the SCM pull request.

  9. Verify that a Checkmarx vulnerabilities report is presented containing New Issues vs Fixed Issues summary.

    For example:

    6333663227.png