- Checkmarx Documentation
- Checkmarx One
- Checkmarx One API Documentation
- Checkmarx One API Endpoints
- Best Fix Location API (SAST)
Best Fix Location API (SAST)
Notice
A comprehensive Checkmarx One API Reference Guide is now available here.
This API enables you to get the Best Fix Location information for a specific scan (by Scan ID). You can optionally limit the response to a specific vulnerability by specifying a query id.
Overview
Checkmarx uses proprietary algorithms to determine the Best Fix Location, i.e., the strategic mitigation point where remediation is most effective. For example, when the attack vectors for multiple vulnerabilities pass through a particular node, by adding a sanitizer or validation for that node you can remediate several different vulnerable data flows in one shot. This can greatly reduce the time and effort required to remediate the vulnerabilities in your code.
This API enables you to get the Best Fix Location information for a specific scan (by Scan ID). You can optionally limit the response to a specific vulnerability by specifying a query id.
Best Fix Location URL
The URL for Best Fix Location endpoints is <base_url>/api/bfl
US Environment - https://ast.checkmarx.net
US2 Environment - https://us.ast.checkmarx.net
EU Environment - https://eu.ast.checkmarx.net
EU2 Environment - https://eu-2.iam.checkmarx.net/
Australia & New Zealand – https://anz.ast.checkmarx.net
India - https://ind.ast.checkmarx.net
Singapore - https://sng.ast.checkmarx.net
Swagger
To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Best Fix Location in the definition field.
US Environment - https://ast.checkmarx.net/spec/v1/
US2 Environment - https://us.ast.checkmarx.net/spec/v1/
EU Environment - https://eu.ast.checkmarx.net/spec/v1/
EU2 Envitonment - https://eu-2.ast.checkmarx.net/spec/v1/
Australia & New Zealand – https://anz.ast.checkmarx.net/spec/v1/
Singapore - https://sng.ast.checkmarx.net/spec/v1/
Authentication
Authentication for all Checkmarx One endpoints is done using JWT (JSON Web Token) access token. Access tokens are generated using the Authentication API.