Skip to main content

Configuring the CxSAST Bamboo Plugin Global Settings

Once you installed the CxSAST Bamboo Plugin, you can define various default parameters, referred to as global settings that you may apply as defaults when configuring a scan.

To configure default (global) settings:

1. In the Navigation pane of the Atlassian Bamboo, scroll down to MANAGE APPS and select Checkmarx Plugin.

3019014410.png

The Checkmarx Plugin Default Configuration dialog appears.

3019342043.png

2. In the Checkmarx Plugin Default Configuration dialog, define the parameters listed in the table below. These parameters are the global settings once you complete and save the configuration.

Parameter

Description

Checkmarx Server

Server URL

Enter the Checkmarx Server URL or IP address with or without port, for example http://<server-name>, https://<ip address>:port

Username

Enter a login username.

Password

Enter a login password.

Enable Proxy

Check to enable a project scan via a proxy server.

<Connect to Server>

Click <Connect to Server> and wait until the credentials are validated and the Success status is indicated.

Checkmarx Scan CxSAST

Folder Exclusion

Define a comma separated list of folders to exclude from the scan. Entries in this list are automatically converted to exclude wildcard patterns and appended to the full pattern list provided in the Include/Exclude Wildcard Patterns section.

Include / Exclude Wildcard Patterns

Define the include/exclude wildcard patterns as explained in the instructions under the field

Scan Timeout In Minutes

Define the scan timeout threshold.

Dependency Scan

Enable Dependency Scan

Check to enable packages from various dependency managers, such as NPM, Nugget, Python and others to being scanned.

Notice

NPM, Nuget and/or Python must be installed on every Bamboo slave and/or master running the job in order to use this option.

Include/Exclude Wildcard Patterns

Define the include/exclude wildcard patterns as explained in the instructions under the field.

Notice

Available only, if Enable Dependency Scan is checked.

Folder Exclusion

Define a comma separated list of folders to exclude from the scan. Entries in this list are automatically converted to exclude wildcard patterns and appended to the full pattern list provided in the Include/Exclude Wildcard Patterns section.

Notice

Available only, if Enable Dependency Scan is checked.

Use CxOSA Dependency Scanner

Select Use CxOSA Dependency Scanner to enable and configure CxOSA scans.

Use CxSCA Dependency Scanner

Select Use CxSCA Dependency Scanner to enable and configure CxSCA scans.

Checkmarx Scan CxOSA

These parameters show, if Use CxOSA Dependency Scanner has been selected.

OSA Archive Include Wildcard Patterns

Define the included wildcard patterns as explained in the instructions under the field.

Execute Dependency Managers 'Install Packages' Command before Scan

Check to enable packages from various dependency managers, such as NPM, Nugget, Go and others being scanned as part of the CxOSA scan.

Notice

NPM, Nuget and/or Python must be installed on every Bamboo slave and/or master running the job in order to use this option.

Checkmarx Scan CxSCA

These parameters show, if Use CxSCA Dependency Scanner has been selected.

CxSCA Web API URL

Enter the URL of the server that interacts with CxSCA using API calls, for example https://api-sca.company.com .

Access Control Server URL

Enter the URL of the server that hosts the Access Control portal used to access CxSCA, for example https://platform.company.com .

CxSCA Web App URL

Enter the URL of the web based application that serves as the CxSCA user interface, for example https://sca.company.com.

Entering this URL generates a link to a page with CxSCA scan results. If this option is not entered, no such link is generated.

Account

Enter the CxSCA customer account.

CxSCA User

Enter the CxSCA user name.

CxSCA Password

Enter the CxSCA password.

<Connect to Server>

Click to connect to the CxSCA server.

Control Checkmarx Scan

Enable Synchronous Mode

  • If checked, the Checkmarx build step waits for a running Checkmarx scan to complete, then retrieves the scan results and optionally checks vulnerability thresholds.

  • If cleared, the build step completes after submitting the scan job to the Checkmarx server.

Enable Projects Policy Enforcement

If checked, the build is marked as as failed or unstable, if the projects policy is violated. Policies are assigned to a project from within CxSAST.

Notice

Available only, if Enable Synchronous Mode is checked.

Enable CxSAST Vulnerability Thresholds

If checked, you may define thresholds for low, medium and high severity vulnerabilities above which the build is considered as failed. If cleared, no thresholds are defined.

Notice

Available only, if Enable Synchronous Mode is checked.

CxSAST High

Set the threshold for high severity thresholds.

Notice

Available only, if Enable Synchronous Mode and Enable CxSAST Vulnerability Thresholdsare checked.

CxSAST Medium

Set the threshold for medium severity thresholds.

Notice

Available only, if Enable Synchronous Mode and Enable CxSAST Vulnerability Thresholdsare checked.

CxSAST Low

Set the threshold for low severity thresholds.

Notice

Available only, if Enable Synchronous Mode and Enable CxSAST Vulnerability Thresholdsare checked.

Enable Dependency Scan Vulnerability Thresholds

If checked, you may define thresholds for low, medium and high severity vulnerabilities in addition to the defined dependencies. Crossing the defined thresholds cause the build being considered as failed. If cleared, no thresholds are defined.

Dependency scan high severity vulnerabilities threshold

Set the threshold for high severity thresholds.

Notice

Available only, if Enable Synchronous Mode and Enable Dependency Scan Vulnerability Thresholdsare checked.

Dependency scan medium severity vulnerabilities threshold

Set the threshold for medium severity thresholds.

Notice

Available only, if Enable Synchronous Mode and Enable Dependency Scan Vulnerability Thresholdsare checked.

Dependency scan low severity vulnerabilities threshold

Set the threshold for low severity thresholds.

Notice

Available only, if Enable Synchronous Mode and Enable Dependency Scan Vulnerability Thresholdsare checked.

Deny new Checkmarx Projects Creation

If checked, no new projects are created in Checkmarx and existing projects cannot be assigned to a different team.

Hide Results

If checked, the security scan results are hidden from all jobs and builds.

4. To save the changes, click <Save>. The global settings are set.