Feedback Apps
Feedback Apps feature provides the ability to export Checkmarx One scan results to an external tool such as a Bug Tracking service, Team Collaboration or even a File.
Feedback Profiles can be assigned to projects that are configured for repository scans as well as projects that are configured for ZIP scans.
To assign repository scans for Checkmarx projects (Manually created projects) - See Assigning a Feedback Profile to a Checkmarx Project - Repository path scans
Feedback Profiles contain Feedback Apps, divided into 3 types:
Bug Tracking tools are Jira, GitHub Issues, and Azure DevOps Bug Board.
Team Collaboration tools are Slack and Microsoft Teams.
File exports would be Sarif and JSON.
Checkmarx users use Bug Trackers as a way of triaging and managing bugs, and Team Collaboration tools as their way of notifying vulnerabilities with other team members.
The Feedback Apps automation will create, modify, and close bug tracking tickets and/or automate collaboration tools to notify team members about security vulnerabilities.
Note
It might be that the number of tickets that will be opened in the bug tracking service won't be the same as the number of detected vulnerabilities in Checkmarx One..
In the Feedback Apps, Checkmarx One presents the number of detected vulnerabilities. In the bug tracking service (Jira, Azure Board, GitHub Issue) Checkmarx One performs aggregation for matching vulnerabilities in the new tickets.
It is also possible to use multiple Feedback Apps - For example create a bug in Jira and send a Slack message. To handle this type of request, users need to Create a New Feedback Profile that will handle one or more Feedback Apps.
Feedback Apps Flow
Feedback Apps feature is developed to have the ability to export Checkmarx One scan results to an external tool.
Feedback Profiles can be assigned to projects that are configured for repository scans as well as projects that are configured for ZIP scans.
To assign repository scans for Checkmarx projects (Manually created projects) - See Assigning a Feedback Profile to a Checkmarx Project - Repository path scans
Importing a Code Repository Project
The supported Code Repositories are:
Creating a New Feedback App
To create a Feedback App, perform the following steps:
Click on the Integrations icon. The icon is located in the left navigation pane of the Application and Project home page.
Click on Apps
If there are no Feedback Apps configured in the system click Create new App
If Feedback Apps are already configured in the system, click New App
Select the relevant Feedback App
Note
The rest of the configuration steps (screens) are determined according to the selected App.
Creating a new Profile, assigning a Project & Apps
A Profile is the entity that connects Feedback Apps to Checkmarx One projects.
A Profile creation contains several steps:
Verification
Go to the relevant Feedback App and verify the following:
Bug Tracking Services (Jira, GitHub Issues, Azure DevOps Board) - Verify that tickets are opened/closed according to the discovered Checkmarx One scan vulnerabilities.
Collaboration tools (Slack and Microsoft Teams) - Verify that messages are received according to the discovered Checkmarx One scan vulnerabilities.