Skip to main content

Configuring a Project for the Checkmarx SonarQube Plugin

Generally the SonarQube workflow is organized accordingly and uses the concept of the SonarQube 'project' with 'scan' to configure and order the actions in the workflow. The outcome of this flow will be quality measures and issues (vulnerabilities). In our case, the flow includes Checkmarx scan results, and once the SonarQube execution is complete, the Checkmarx scan results can be viewed in SonarQube as explained below:

1. Log into your SonarQube account, in most cases the Projects List screen appears. If the Projects List screen is not displayed, select Projects from the menu bar.

6253283353.png

2. To configure an existing project, select a project from the list, for example Cx-Client-Common. The Project screen is displayed.

6253283368.png

3. Under Project Settings 6252497960.png, select Checkmarx. The Checkmarx Configuration screen is displayed.

4. Define the Checkmarx Configuration parameters as outlined in the table below.

6253346848.png

Parameter

Description

Server URL

Checkmarx Server URL or IP address with or without port, e.g., http://server-name, https://ip:port.

Username

Enter a login username.

Password

Enter a login password.

<Test Connection>

Click and wait until the server URL and the credentials are validated and the Success status is indicated.

Checkmarx Project

Select the relevant project from the available projects drop-down. The selected project must be an active CxSAST project with current scan results.

Remediation effort (mins) per Checkmarx Vulnerability

Define the amount of effort (in minutes) required to fix a vulnerability (0 = no effort).

5. Click <Save> to save the changes. You can now run the SonarQube scan according to your current development procedure. Refer to Analyzing Source Code in the SonarQube Documentation for further information and instructions.