Skip to main content

Checkmarx One API Documentation

You can access the full functionality of Checkmarx One using our REST APIs. You can use APIs to perform CRUD actions on Checkmarx One Projects and Applications, run scans, and view scan results. You can also use APIs to manage vulnerabilities and create webhooks.

Checkmarx One requires JWT (JSON Web Token) access tokens for authentication of all API calls. Access tokens are generated using the Authentication API.

Scan Workflow

The following represents a standard workflow for creating a new Project, running a scan on that Project and viewing results.

5836570625.png

Notice

Alternatively, you can view the results in Checkmarx One (UI), see Scan Results.

API Categories

The Checkmarx One external APIs are grouped into the following categories:

API Category

Description

Applications

These APIs enable users to perform all CRUD activities on Applications. They are also used to get various types of data about the Applications in your account. There are also APIs for CRUD activities on “rules” which define how Projects are associated with Applications.

Authentication

Uses your Refresh Token (i.e., API Key) or username and password to obtain an Access Token which is used for authentication of your Checkmarx One API calls during the current session.

Best Fix Location

For vulnerabilities identified by SAST scans, the BFL API gets info about the most effective location for fixing the vulnerabilities. This enables you to speed up your remediation by fixing multiple vulnerabilities at once.

Ceresults

FOR INTERNAL USE

Configuration

FOR INTERNAL USE

Contributors

FOR INTERNAL USE

Feature Flag

FOR INTERNAL USE

KICS Results

This API enables you to get comprehensive results for the vulnerabilities identified by the KICS scanner in a specific scan.

Kics Results Predicates

These APIs enable you to manage vulnerabilities identified by Kics throughout your SDLC.

For each instance of a vulnerability you can adjust the predicate attributes of state, severity and notes associated with it. Each vulnerability instance is identified by a “similarity_id”. If a subsequent scan discovers a vulnerability with the identical similarity_id, its status will be marked as a “recurrent” vulnerability, and the state, severity and notes from the previous scan will be applied to the new scan.

Logs

FOR INTERNAL USE

Projects

These APIs enable users to perform all CRUD activities on Projects. They are also used to get various types of data about the Projects in your account.

Repostore

FOR INTERNAL USE

Resource Management

FOR INTERNAL USE

Results Summary

These APIs enable you to get a summary of the scan results for a particular group of scans. This includes the number of vulnerabilities identified in the scan, broken down by severity level, status, query name, etc.

SAST Metadata

These APIs are used to get information about the running of a scan. This includes detailed info about how incremental scans were executed.

SAST Queries

FOR INTERNAL USE

SAST Queries Audit

FOR INTERNAL USE

SAST Results

This API enables you to get comprehensive results for the vulnerabilities identified by the SAST scanner in a specific scan.

Sast Results Predicates

These APIs enable you to manage vulnerabilities identified by SAST throughout your SDLC.

For each instance of a vulnerability you can adjust the predicate attributes of state, severity and notes associated with it. Each vulnerability instance is identified by a “similarity_id”. If a subsequent scan discovers a vulnerability with the identical similarity_id, its status will be marked as a “recurrent” vulnerability, and the state, severity and notes from the previous scan will be applied to the new scan.

Scanners Results

This API enables you to get comprehensive results for the vulnerabilities identified by all scanners (SAST, KICS, SCA) in a specific scan.

Scans

These APIs are used to run, cancel or delete scans. They are also used to get various types of data about scans that have been run in the account.

Uploads

These APIs are used for uploading zip archives to the cloud for scanning.

Webhooks

Webhooks are used to trigger external activities when specified events occur in Checkmarx One (e.g., successful scan or failed scan).

The Webhooks APIs enable users to perform all CRUD activities on Webhooks. They are also used to get various types of data about the Webhooks in your account.