Skip to main content

Best Fix Location API (SAST)

Notice

A comprehensive Checkmarx One API Reference Guide is now available here.

This API enables you to get the Best Fix Location information for a specific scan (by Scan ID). You can optionally limit the response to a specific vulnerability by specifying a query id.

Overview

Checkmarx uses proprietary algorithms to determine the Best Fix Location, i.e., the strategic mitigation point where remediation is most effective. For example, when the attack vectors for multiple vulnerabilities pass through a particular node, by adding a sanitizer or validation for that node you can remediate several different vulnerable data flows in one shot. This can greatly reduce the time and effort required to remediate the vulnerabilities in your code.

This API enables you to get the Best Fix Location information for a specific scan (by Scan ID). You can optionally limit the response to a specific vulnerability by specifying a query id.

Best Fix Location URL

The URL for Best Fix Location endpoints is <base_url>/api/bfl

Swagger

To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Best Fix Location in the definition field.

Authentication

Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.