Skip to main content

Feedback Apps Flow

Feedback Apps feature is developed to have the ability to export Checkmarx One scan results to an external tool.

Notice

Feedback Profiles can be assigned to the following scan types:

  1. ZIP scans for any supported SCM.

    For additional information see Checkmarx One SCM IntegrationsCheckmarx One SCM Integrations

  2. Repository scans for any supported SCM.

    For additional information see Checkmarx One SCM IntegrationsCheckmarx One SCM Integrations

  3. ZIP scans for Checkmarx projects (Manually created projects).

    For additional information see Creating a Checkmarx ProjectCreating a Checkmarx Project

  4. For repository scans for Checkmarx projects (Manually created projects) - See Assigning a Feedback Profile to a Checkmarx Project - Repository path scans

Importing an SCM Project

Importing an SCM Project is a precondition for assigning a Feedback App and being able to export Checkmarx One scan results to it.

The supported SCMs are:

Creating a New Feedback App

The creation of a Feedback App includes several steps. see Create a New Feedback App

Note

The configuration steps are according to the selected Feedback App.

Creating a new Profile, assigning a Project & Apps

A Profile is the entity that connect the Feedback Apps to Checkmarx One Projects.

A Profile creation contains several steps:

Verification

Go to the relevant Feedback App and verify the following:

  1. Bug Tracking Services (Jira, GitHub Issues, GitLab Issues, Azure DevOps Bug Board) - Verify that tickets are opened/closed according to the discovered Checkmarx One scan vulnerabilities.

  2. Collaboration tools (Slack and Microsoft Teams) - Verify that messages are received according to the discovered Checkmarx One scan vulnerabilities.