Skip to main content

Integrating Maven with CLI

You can integrate CxSAST with any Maven code build process, enabling a project XML file to automatically initiate a Checkmarx CxSAST scan.

1. Navigate to the plugin download page and download the CLI plugin. The plugin downloads as a zip archive called CxConsolePlugin-<version#>, for example CxConsolePlugin-1.1.7.

2. Extract the content of the zip archive into a local folder of your choice. This folder must not require Administrator privileges to run executable files.

3. In the folder hosting the extracted content, navigate to runCxConsole.cmd and rename the copy to runCxConsole.bat.

In the following steps, you continue with customizing your project pom.xml file for the CxSAST integration as explained below. The code samples below illustrate thge relevant sections of the pom.xml file. A fully customized pom.xml file can be downloaded for illustration.

1. Add the following <plugin> sequence to the <plugins> section, which is part of the <build> section in your project pom.xml file as illustrated.


The <plugin> section illustrated below comes in addition to the one added and customized for configuring the plugin

  <!--For CxConsole (Checkmarx CLI) execution-->
  <!--mvn exec:exec --> 
    <! runCxConsole.bat full path location--> 

2. In the code sequence added above, change the content of the <workingdirectory> tag to the path of your extracted CxConsole folder in which the just created runCxConsole.bat is located.

3. In pom.xml, usually outside the <build> section, add the following:



If a <properties> section already exists, just add the lower-level tags from <ProjectName> to </preset> to it .

4. In the Properties code added above, modify the following parameter values to reflect the settings of your system:




CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.


IP address or resolvable hostname of the CxSAST web server host.


CxSAST account username.


CxSAST account password.


Do not change.


Full path to the source code location (folder).


The named set of queries to be executed.

5. Save these changes to pom.xml .

The CxSAST integration requires the exec-maven plugin. If the dependency code illustrated below exists in your pom.xml, you already have this plugin installed. If not, add the dependency code that automatically installs the plugin as illustrated below:

1. Add the following dependency code inside any <dependencyManagement> section (usually outside the <build> section):


2. Save the changes to pom.xml and run: mvn install. The plugin installs automatically. For additional information on this plugin, refer to

  • Optionally, test the integration by running mvn exec:exec

Running your build process automatically initiates a Checkmarx CxSAST scan.