Skip to main content

Server Host Requirements for Previous Versions

Server Host Requirements (v9.5.0)

Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable to CxAudit.

Notice

For Proof of Concept (POC), Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend using a commercial version of Microsoft SQL Server. Choose a version that supports your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.

In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.

Table of supported components and operating systems: Supported Components and Operating Systems

Purpose

Lines of Code

Installed RAM**

Cores

CPU Speed

Disk

Web Server

Other Software

Centralized (POC)

200K

8 GB

6-8

2.8 GHz

80 GB (recommended)

IIS 7/7.5/8/8.5/10

Windows Installer 3.1 or above

Notice

Run msiexec to check

.NET Framework 4.7.1

An environment (either Centralized or Distributed) where CxManager and CxEngine are on the same server requires .NET Core 6.x Runtime & Hosting installed on the server.

For a Distributed environment where the CxManager is on one server and the CxEngines are on dedicated servers:

 

– the CxEngines servers require .NET Core 6.x

(this information mainly concerns Windows CxEngines and bare-metal Linux CxEngines, because Linux CxEngines using Docker are already set up)

Java 1.17 (Oracle or AdoptOpenJdk).

C++ Redist 2010 and 2015 SP3

MS SQL Driver

(info) For specific details on required prerequisites per product component, see

Required Prerequisites for Installing CxSAST in a Distributed Environment.

Active MQ : 5.17.1

500K

16 GB

Centralized (Production)

200K

10 GB

Minimum: 8 for 1 concurrent scan.

Additional 2 cores for each additional concurrent scan,

up to a maximum of 12 cores,

(Recommended: 4, 6, or 8 cores )

Max recommended concurrent scans: 3*

* Scans of 1M LOC or more are

recommended to limit concurrency or

run on their own distributed server.

2.8 GHz

250 GB

(recommended)

IIS 7/7.5/8/8.5/10

600K

16 GB

1.2M

24 GB

2.8 GHz

2M

40 GB

3M

56 GB

4M

72 GB

Distributed - CxEngine (Production)

For multiple CxEngine servers

(for concurrent scans),

each server should meet

the requirements.

200K

6 GB

4 (for 1 concurrent scan)

Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores)

Recommended socket configuration: Single socket

Recommended: 2.8 GHz

100 GB

(recommended)

NA

600K

12 GB

1.2M

20 GB

Recommended: 2.8 GHz

2M

32 GB

3M

48 GB

4.5M

72 GB

Distributed - CxManager with Management & Orchestration Layer (Production)

14 GB

8

2.5 GHz

250 GB

(recommended)

IIS 7/7.5/8/8.5/10

Distributed - CxManager without Management & Orchestration Layer (Production)

or

Web Portal (apart of CxManager)

10 GB

4

2.5 GHz

250 GB

(recommended)

IIS 7/7.5/8/8.5/10

Distributed - ActiveMQ (Production)

8 GB

4

2.5 GHz

250 GB

(recommended)

Apache Tomcat 8.5.81

Distributed - Database (Production)

12 GB

6-8

2.5 GHz

350-400 GB

(recommended)

NA

MS SQL Server

(Express not recommended)

2012/2014/2016/2017/2019

MSSQL 2019 is supported on CxSAST 9.3 and up

** Note: GB RAM / LOC numbers for Javascript are higher.

Notice

As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux

Notice

The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.

Notice

Cloud Environments

For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.

Notice

Engine Socket configuration

To learn more about socket configuration, use our Engine Socket Configuration guide

DB Latency

Acceptable Latency

Components

Network

<5ms, ideally <1ms

CxManager(s), SQL Server(s), ActiveMQ

Network

<30ms

CxEngines

Disk I/O

<20ms avg

CxManager, CxEngine, SQL Server, ActiveMQ

Notice

Server Hardening Checklist

CxSAST supports the following hardening policy:CIS Microsoft Windows Server 2016 Benchmark Level 1

The security hardening recommendations for the Checkmarx installation are the following:

Checkmarx Application -

  • Configure Checkmarx System Admin login from dedicated IP`s only

  • Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.

  • Use SAML based authentication for the system (replacing local users)

  • If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)

  • Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible

Application Hosting Servers -

Recommended Resolutions

For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.

Server Host Requirements (v9.4.5)

Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.

Notice

For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.

In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.

Purpose

Lines of Code

Installed RAM**

Cores

CPU Speed

Disk

OS

Web Server

Other Software

Centralized (POC)

200K

8 GB

6-8

2.8 GHz

80 GB (recommended)

See:

  • Supported Components and Operating Systems (v9.4.5)

IIS 7/7.5/8/8.5/10

Windows Installer 3.1 or above

Notice

Run msiexec to check

.NET Framework 4.7.1

An environment (either Centralized or Distributed) where CxManager and CxEngine are on the same server requires both .NET Core 6.x Runtime & Hosting and .NET Core 3.1.x Runtime & Hosting installed on the server.

For a Distributed environment where the CxManager is on one server and the CxEngines are on dedicated servers:

– if the CxManager server does not have any CxEngines, then it only requires .NET Core 3.1.X (for Access Control)

– the CxEngines servers only require .NET Core 6.x

(this information mainly concerns Windows CxEngines and bare-metal Linux CxEngines, because Linux CxEngines using Docker are already set up)

Java 1.8 (Oracle or AdoptOpenJdk).

Notice

The minimum version for Oracle is 8u241 and for AdoptOpenJdk, it is 8u282.

C++ Redist 2010 and 2015 SP3

MS SQL Driver

(info) For specific details on required prerequisites per product component, see

Required Prerequisites for Installing CxSAST in a Distributed Environment (v9.4.5 and up).

500K

16 GB

Centralized (Production)

200K

10 GB

Minimum: 8 for 1 concurrent scan.

Additional 2 cores for each additional concurrent scan,

up to a maximum of 12 cores,

(Recommended: 4, 6, or 8 cores )

Max recommended concurrent scans: 3*

* Scans of 1M LOC or more are

recommended to limit concurrency or

run on their own distributed server.

2.8 GHz

250 GB

(recommended)

IIS 7/7.5/8/8.5/10

600K

16 GB

1.2M

24 GB

2.8 GHz

2M

40 GB

3M

56 GB

4M

72 GB

Distributed - CxEngine (Production)

For multiple CxEngine servers

(for concurrent scans),

each server should meet

the requirements.

200K

6 GB

4 (for 1 concurrent scan)

Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores)

Recommended socket configuration: Single socket

Recommended: 2.8 GHz

100 GB

(recommended)

NA

6 00K

12 GB

1.2M

20 GB

Recommended: 2.8 GHz

2M

32 GB

3M

48 GB

4.5M

72 GB

Distributed - CxManager with Management & Orchestration Layer (Production)

14 GB

8

2.5 GHz

250 GB

(recommended)

IIS 7/7.5/8/8.5/10

Distributed - CxManager without Management & Orchestration Layer (Production)

or

Web Portal (apart of CxManager)

10 GB

4

2.5 GHz

250 GB

(recommended)

IIS 7/7.5/8/8.5/10

Distributed - ActiveMQ (Production)

8 GB

4

2.5 GHz

250 GB

(recommended)

Distributed - Database (Production)

12 GB

6-8

2.5 GHz

350-400GB

(recommended)

NA

MS SQL Server

(Express not recommended)

2012/2014/2016/2017/2019

MSSQL 2019 is supported on CxSAST 9.3 and up

** Note: GB RAM / LOC numbers for Javascript are higher.

Notice

As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux.

Notice

The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.

Cloud Environments

For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.

Engine Socket configuration

To learn more about socket configuration, use our Engine Socket Configuration guide

DB Latency

Acceptable Latency

Components

Network

<5ms, ideally <1ms

CxManager(s), SQL Server(s), ActiveMQ

Network

<30ms

CxEngines

Disk I/O

<20ms avg

CxManager, CxEngine, SQL Server, ActiveMQ

Server Hardening Checklist

CxSAST supports the following hardening policy: CIS Microsoft Windows Server 2016 Benchmark Level 1

The security hardening recommendations for the Checkmarx installation are the following:

Checkmarx Application -

  • Configure Checkmarx System Admin login from dedicated IP`s only

  • Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.

  • Use SAML based authentication for the system (replacing local users)

  • If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)

  • Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible

Application Hosting Servers -

Recommended Resolutions

For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.

Server Host Requirements (v9.4.0 to 9.4.4)

Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.

Notice

For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.

In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.

Purpose

Lines of Code

Installed RAM**

Cores

CPU Speed

Disk

OS

Web Server

Other Software

Centralized (POC)

200K

8 GB

6-8

2.8 GHz

80 GB (recommended)

 

    IIS 7/7.5/8/8.5/10

    Windows Installer 3.1 or above

    Notice

    Run msiexec to check

    .NET Framework 4.7.1

    .NET Core 3.1.x Runtime & Hosting

    For distributed installation, the .NET Core 3.1.x Runtime & Hosting is required where the CxManager is being installed.

    Java 1.8 (Oracle or AdoptOpenJdk).

    Notice

    The minimum version for Oracle is 8u241 and for AdoptOpenJdk, it is 8u282.

    C++ Redist 2010 and 2015 SP3

    MS SQL Driver

    (info) For specific details on required prerequisites per product component, see

    Required Prerequisites for Installing CxSAST in a Distributed Environment (v9.4.0 and up).

    500K

    16 GB

    Centralized (Production)

    200K

    10 GB

    Minimum: 8 for 1 concurrent scan.

    Additional 2 cores for each additional concurrent scan,

    up to a maximum of 12 cores,

    (Recommended: 4, 6, or 8 cores )

    Max recommended concurrent scans: 3*

    * Scans of 1M LOC or more are

    recommended to limit concurrency or

    run on their own distributed server.

    2.8 GHz

    250 GB

    (recommended)

    IIS 7/7.5/8/8.5/10

    600K

    16 GB

    1.2M

    24 GB

    2.8 GHz

    2M

    40 GB

    3M

    56 GB

    4M

    72 GB

    Distributed - CxEngine (Production)

    For multiple CxEngine servers

    (for concurrent scans),

    each server should meet

    the requirements.

    200K

    6 GB

    4 (for 1 concurrent scan)

    Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores)

    Recommended socket configuration: Single socket

    Recommended: 2.8 GHz

    100 GB

    (recommended)

    NA

    6 00K

    12 GB

    1.2M

    20 GB

    Recommended: 2.8 GHz

    2M

    32 GB

    3M

    48 GB

    4.5M

    72 GB

    Distributed - CxManager with Management & Orchestration Layer (Production)

    14 GB

    8

    2.5 GHz

    250 GB

    (recommended)

    IIS 7/7.5/8/8.5/10

    Distributed - CxManager without Management & Orchestration Layer (Production)

    or

    Web Portal (apart of CxManager)

    10 GB

    4

    2.5 GHz

    250 GB

    (recommended)

    IIS 7/7.5/8/8.5/10

    Distributed - ActiveMQ (Production)

    8 GB

    4

    2.5 GHz

    250 GB

    (recommended)

    Distributed - Database (Production)

    12 GB

    6-8

    2.5 GHz

    350-400GB

    (recommended)

    NA

    MS SQL Server

    (Express not recommended)

    2012/2014/2016/2017/2019

    MSSQL 2019 is supported on CxSAST 9.3 and up

    ** Note: GB RAM / LOC numbers for Javascript are higher.

    Notice

    As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux.

    Notice

    The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.

    Cloud Environments

    For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.

    Engine Socket configuration

    To learn more about socket configuration, use our Engine Socket Configuration guide.

    DB Latency

    Acceptable Latency

    Components

    Network

    <5ms, ideally <1ms

    CxManager(s), SQL Server(s), ActiveMQ

    Network

    <30ms

    CxEngines

    Disk I/O

    <20ms avg

    CxManager, CxEngine, SQL Server, ActiveMQ

    Server Hardening Checklist

    CxSAST supports the following hardening policy: CIS Microsoft Windows Server 2016 Benchmark Level 1

    The security hardening recommendations for the Checkmarx installation are the following:

    Checkmarx Application -

    • Configure Checkmarx System Admin login from dedicated IP`s only

    • Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.

    • Use SAML based authentication for the system (replacing local users)

    • If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)

    • Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible

    Application Hosting Servers -

    Recommended Resolutions

    For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.

    Server Host Requirements (v9.2.0 to v9.3.0)

    Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.

    Notice

    For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.

    In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.

    Purpose

    Lines of Code

    Installed RAM**

    Cores

    CPU Speed

    Disk

    OS

    Web Server

    Other Software

    Centralized (POC)

    200K

    8 GB

    6-8

    2.8 GHz

    80 GB (recommended)

    See:

    • Supported Components and Operating Systems (v9.0.0 to v9.2.0)

    • Supported Components and Operating Systems (v9.3.0)

    IIS 7/7.5/8/8.5/10

    Windows Installer 3.1 or above

    Notice

    Run msiexec to check

    .NET Framework 4.7.1

    .NET Core 2.1.x Runtime & Hosting

    Notice

    For distributed installation, the .NET Core 2.1.x Runtime & Hosting is required where the CxManager is being installed.

    Java 1.8 (Oracle or AdoptOpenJdk).

    Notice

    The minimum version for Oracle is 8u241 and for AdoptOpenJdk, it is 8u242.

    C++ Redist 2010 and 2015 SP3

    MS SQL Driver

    (info) For specific details on required prerequisites per product component, see Required Prerequisites for Installing CxSAST in a Distributed Environment (v9.3.0)

    500K

    16 GB

    Centralized (Production)

    200K

    10 GB

    Minimum: 8 for 1 concurrent scan.

    Additional 2 cores for each additional concurrent scan,

    up to a maximum of 12 cores,

    (Recommended: 4, 6, or 8 cores )

    Max recommended concurrent scans: 3*

    * Scans of 1M LOC or more are

    recommended to limit concurrency or

    run on their own distributed server.

    2.8 GHz

    250 GB

    (recommended)

    IIS 7/7.5/8/8.5/10

    600K

    16 GB

    1.2M

    24 GB

    2.8 GHz

    2M

    40 GB

    3M

    56 GB

    4M

    72 GB

    Distributed - CxEngine (Production)

    For multiple CxEngine servers

    (for concurrent scans),

    each server should meet

    the requirements.

    200K

    6 GB

    4 (for 1 concurrent scan)

    Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores)

    Recommended socket configuration: Single socket

    Recommended: 2.8 GHz

    100 GB

    (recommended)

    NA

    6 00K

    12 GB

    1.2M

    20 GB

    Recommended: 2.8 GHz

    2M

    32 GB

    3M

    48 GB

    4.5M

    72 GB

    Distributed - CxManager with Management & Orchestration Layer (Production)

    14 GB

    8

    2.5 GHz

    250 GB

    (recommended)

    IIS 7/7.5/8/8.5/10

    Distributed - CxManager without Management & Orchestration Layer (Production)

    or

    Web Portal (apart of CxManager)

    10 GB

    4

    2.5 GHz

    250 GB

    (recommended)

    IIS 7/7.5/8/8.5/10

    Distributed - ActiveMQ (Production)

    8 GB

    4

    2.5 GHz

    250 GB

    (recommended)

    Distributed - Database (Production)

    12 GB

    6-8

    2.5 GHz

    350-400GB

    (recommended)

    NA

    MS SQL Server

    (Express not recommended)

    2012/2014/2016/2017/2019

    MSSQL 2019 is supported on CxSAST 9.3 and up

    ** Note: GB RAM / LOC numbers for Javascript are higher.

    Notice

    As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux.

    Notice

    The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.

    Cloud Environments

    For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.

    Engine Socket configuration

    To learn more about socket configuration, use our Engine Socket Configuration guide

    DB Latency

    Acceptable Latency

    Components

    Network

    <5ms, ideally <1ms

    CxManager(s), SQL Server(s), ActiveMQ

    Network

    <30ms

    CxEngines

    Disk I/O

    <20ms avg

    CxManager, CxEngine, SQL Server, ActiveMQ

    Server Hardening Checklist

    The security hardening recommendations for the Checkmarx installation are the following:

    Checkmarx Application -

    • Configure Checkmarx System Admin login from dedicated IP`s only

    • Use SSL for HTTPS based browsing – prohibit using HTTP

    • Use SAML based authentication for the system (replacing local users)

    • If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)

    • Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible

    Application Hosting Servers -

    Recommended Resolutions

    For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.