Skip to main content

Logging on to the CLI

The following methods are available for authentication and login to the CLI:

  • Credential-based authentication – The client provides login credentials. The credentials provided by the client are compared to those of the resource, for example in the database or the authentication server. If the credentials match, the client is granted authorization to access.

  • Token-based authentication (v8.8.0 and up) – The resource owner provides the client with credentials. Using the credentials provided, the client requests an access token from the resource. The credentials provided by the client are compared to those of the resource. If the credentials match, an access token is issued to the client by the resource and the client uses this access token to log in.


You can only use one type of authentication method, credential or token based.


The following sections list the syntax for the authentication.

Credential-based Authentication

The syntax for the credential based authentication:

runCxConsole.cmd Scan -v -ProjectName "CxServer/bookname j2" -CxServer http://localhost -CxUser username -CxPassword admin -LocationType folder -LocationPath "C:\Data\Projects\Java\bs java" -preset "Checkmarx Default" 

Token-based Authentication

Requesting an access token from the resource:

runCxConsole.cmd GenerateToken -v -CxUser username -CxPassword admin -CxServer http://localhost

Using the access token to login:

runCxConsole.cmd Scan -v -Projectname "CxServer/bookname j2" -CxServer http://localhost -CxToken <token> -LocationType folder -LocationPath " C:\Data\Projects\Java\bs java " -preset "Checkmarx Default"

Revoke the access token:

runCxConsole.cmd RevokeToken -v -CxToken <token> -CxServer http://localhost


  • There is no limit to the tokens a client can generate for its users. All tokens can be used in the CLI.

  • The lifetime of tokens is not limited. Therefore, they do not expire.

  • There is currently no way to view a list of all generated tokens.

  • Each token can be revoked manually. There is no option for revoking all tokens at once.

  • In some instances, when removing a specific user token, all of that user's tokens may be revoked.