Skip to main content

Feedback Apps

Feedback Apps Overview

The Feedback Apps feature allows Checkmarx One users to integrate with external Bug Tracking and Alerting services.

Bug Tracking services include Jira, GitHub Issue, and Azure DevOps Bug Board. Integration with these supported services enables Checkmarx One users to automate the creation, modification, and closure of tickets.

Alerting services include Slack, Microsoft Teams, and Email notification service. The integration with these services serves as a way of alerting other team members about found vulnerabilities by sending a scan summary report to the respective channels. The report includes a results summary which presents the number of detected vulnerabilities in the scanned code.

Feedback Profiles Overview

Feedback Profiles are entities in Checkmarx One where users can assign Feedback Apps and Projects. Users have the flexibility to assign either a single Feedback App or multiple Feedback Apps to a specific Feedback Profile. For example, by assigning multiple Feedback Apps to a Feedback Profile, a ticket can be opened in Jira while simultaneously triggering an alert in a Slack channel. Additionally, users can assign the same Feedback App to multiple Feedback Profiles.

The Projects assigned to a Feedback Profile can be either repository-based or ZIP-based Projects. A repository-based Project can be an automated Project (Code Repository integration Project) or a manually created one. If an automated repository-based Project is assigned to a Feedback Profile, tickets will be opened only for the Protected Branches configured during the code repository integration process.

On the other hand assigning a manually created repository-based Project to a Feedback Profile follows a different process. For more information refer to Assigning a Feedback Profile to a Checkmarx Project - Repository path scans.

For ZIP files scans, Feedback Apps are triggered only for the branch that is Set as Primary. If the ZIP file doesn't contain a branch, Feedback Apps will be triggered for the entire file content. For more information about how to set a branch as Primary, refer to Filter the Widget View.

Feedback Apps Flow

Importing a Code Repository Project

The supported Code Repositories are:

Creating a New Feedback App

To create a Feedback App, perform the following steps:

  1. Click on the Integrations Integrations.png icon. The icon is located in the left navigation panel.

    Integrations_icon.png
  2. Click on Apps

    Feedback_Apps_Click_Apps.png
  3. Click on + Create App

    A side panel will be opened on the right.

    Feedback_Apps_Create_New_App.png
  4. Select the relevant Feedback App.

    Note

    The rest of the configuration steps are determined according to the selected App.

    Feedback_Apps_Select_App.png

Creating a new Feedback Profile, assigning Feedback Apps and Projects

A Profile creation contains several steps:

Verification

Go to the relevant Feedback App and verify the following:

  1. Bug Tracking services (Jira, GitHub Issues, Azure DevOps Bug Board) - Verify that tickets are opened/closed according to the discovered Checkmarx One scan vulnerabilities.

  2. Alerting services (Slack, Microsoft Teams, Email notification service) - Verify that messages are received according to the discovered Checkmarx One scan vulnerabilities.