Skip to main content

GitHub Integration


GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project. GitHub offers both plans for private repositories and free accounts, which are usually used to host open-source software projects.


Checkmarx CxSAST supports GitHub Integration enabling the identification of new vulnerabilities with proximity to their creation. GitHub integration can listen to GitHub commit events and trigger Cx scans per GitHub commit. An event threshold determines how many GitHub push events to accumulate before triggering a scan. Once a scan is completed, a GitHub commit comment is created with both scan summary information and a link to the CX Viewer.

GitHub Integration Flow

The following represents the GitHub integration flow:

  1. The Cx Server Manager enables and configures Git integration.

  2. The Cx Scanner user configures specific Cx project for GitHub integration.

  3. The Developer on GitHub pushes one or more commits.

  4. GitHub sends out a Push event.

  5. Cx automatically identifies the Push event and triggers a security scan.

  6. When the scan completes, Cx automatically creates a GitHub commit comment with scan results summary and link to the Cx viewer.

  7. The Developer receives automatic email notification from GitHub, and now can review scan summary in the email or in the GitHub commit comment.

  8. The Developer can use the provided link to review detailed scan results in the Cx viewer.