Skip to main content

Checkmarx One Maven Plugin

The Checkmarx One Maven Plugin enables you to interact with Checkmarx One directly from a Maven lifecycle phase. It provides a wrapper around the Checkmarx One CLI Tool. The plugin provides easy integration into Maven while using the full functionality and flexibility of the CLI tool.

Note

The plugin code can be found here.

Main Features

  • Use any CLI command from a Maven lifecycle phase

Prerequisites

Checkmarx One Maven Plugin Initial Setup

Before running Checkmarx One CLI commands from a Maven lifecycle phase, you need to configure access to Checkmarx One. This is done by specifying the server URLs, tenant account, and authentication credentials for accessing your Checkmarx One environment. There are two methods for doing this:

Checkmarx One uses the following URLs, depending on your environment:

Warning

Don’t include your credentials directly in your pom.xml. Use environment variables or properties instead.

Running CLI Commands Using the Checkmarx One Maven Plugin

You can run any CLI command using the Maven plugin, including running scans, retrieving scan results and CRUD actions on Projects and Applications. For an explanation of the CLI commands, see Checkmarx One CLI Commands.

To run a Checkmarx One CLI command in Maven:

  1. Activate the plugin by specifying the artifactId: ast-cli-maven-plugin and the current version of the plugin.

  2. Run Maven in the lifecycle phase test, with the goal of run.

  3. Enter the CLI Command and the request parameters under configuration > arguments.

Usage Example - Running a Checkmarx One Scan Using the Plugin

The following snippet shows how you can run a Checkmarx One scan in Maven using the Checkmarx One Maven plugin.

The snippet uses the scan create command with the minimum required parameters -s (location of the source code), --project-name (name of the Checkmarx One Project), and --branch (name of the branch of the Checkmarx One Project).

    <build>
        <plugins>
            <!-- Checkmarx One CLI Maven Plugin -->
            <plugin>
                <groupId>com.checkmarx</groupId>
                <artifactId>ast-cli-maven-plugin</artifactId>
                <version>0.0.1</version>
                <executions>
                    <execution>
                        <phase>
                            test
                        </phase>
                        <goals>
                            <goal>
                                run
                            </goal>
                        </goals>
                        <configuration>
                            <arguments>scan create -s . --project-name ${project.artifactId} --branch master</arguments>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

Running a Checkmarx One Scan in Maven Using the Checkmarx One CLI Tool

There is an alternative method for accessing Checkmarx One functionality in Maven without using the plugin. In this case you would simply use the standard Checkmarx One CLI Tool directly in Maven. The following example shows how to run a scan using this method.

    <build>
        <plugins>
            <!-- Generic exec-maven-plugin -->
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>exec-maven-plugin</artifactId>
                <version>3.0.0</version>
                <executions>
                    <execution>
                        <phase>
                            test
                        </phase>
                        <goals>
                            <goal>exec</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <executable>/path/to/cx</executable>
                    <arguments>
                        <argument>scan</argument>
                        <argument>create</argument>
                        <argument>-s</argument>
                        <argument>.</argument>
                        <argument>--project-name</argument>
                        <argument>${project.artifactId}</argument>
                        <argument>--branch</argument>
                        <argument>master</argument>
                    </arguments>
                </configuration>
            </plugin>
        </plugins>
    </build>

Notice

Check for updates to the code samples in GitHub.