Skip to main content

Configuring Ant Integration

Integration is achieved with the Checkmarx CxConsole command-line interface plugin. The following procedure explains how to install the plugin and how to customize your project XML file to call a scan. The procedure contains recommendations and examples that may vary according to environment and use case.

To customize a code build project to automatically call a CxSAST scan:

  1. Go to www.checkmarx.com/plugins, and download the CLI plugin.

  2. Extract the downloaded zip archive into a local folder, a folder that does not require Administrator privileges to execute.

  3. In the following steps, you customize your project build.xml file for CxSAST integration. An example for a fully customized build.xml file is available.

  4. Add the following syntax to any part of your project build.xml file, inside the <project> XML tag for your source code project, but not inside any lower-level tag.

    <!-- CxConsole initiation -->
    <!-- Mandatory Parameters -->
    <property name="ProjectName" value="project_name"/>
    <property name="CxServer" value="http://xxx.xxx.xxx.xxx"/>
    <property name="CxUser" value="username"/>
    <property name="CxPassword" value="password"/>
    <property name="Locationtype" value="folder"/>
    <property name="locationpath" value="full_path"/>
    <!--Optional Scan parameters -->
    <property name="preset" value="Default"/>
    <!--
    Example of CxConsole CLI command:
    "C:\Program Files\Checkmarx\CxConsole_6.2.6.2\runCxConsole.cmd" Scan -ProjectName Test -CxServer http://localhost -CxUser [email protected] -CxPassword admin -Locationtype folder -locationpath 
    :\Users\joe\Desktop\Projects\Java\1_Under_70K\BookStore_Java_21412lines\BookStore_Java_21412lines\
    --> 
    <target name="CxScan">
        <parallel>
        <!-- runCxConsole.cmd full path -->
            <property name="CxConsole" location="C:\CxConsole_6.2.6.2\runCxConsole.cmd"/>
            <echo message="Initiating Checkmarx Scan"/>
            <exec executable="${CxConsole}">
                <arg value="Scan"/>
                <arg value="-ProjectName"/>
                <arg value="${ProjectName}"/>
                <arg value="-CxServer"/>
                <arg value="${CxServer}"/>
                <arg value="-CxUser"/>
                <arg value="${CxUser}"/>
                <arg value="-CxPassword"/>
                <arg value="${CxPassword}"/>
                <arg value="-Locationtype"/>
                <arg value="${Locationtype}"/>
                <arg value="-locationpath"/>
                <arg value="${locationpath}"/>
                <arg value="-preset"/>
                <arg value="${preset}"/>
                <arg value="-v"/>
            </exec>
        </parallel>
    </target>

    For further information on <exec> syntax, go to ant.apache.org/manual/Tasks/exec.html .

  5. In the above added code, modify the following parameter values:

    Property

    Description

    ProjectName

    CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.

    CxServer

    IP address or resolvable name of CxSAST web server.

    CxUser

    CxSAST account username.

    CxPassword

    CxSAST account password.

    Locationtype

    Do not change.

    Locationpath

    Full path to source code location (folder).

    Preset

    The named set of queries to be executed.

    CxConsole

    location should be full path to runCxConsole.cmd .

  6. Save the changes to build.xml .

  7. Optionally, test the integration by running:

    ant CxScan

Running your build process now automatically initiates a Checkmarx CxSAST scan.