Skip to main content

GitHub Self-Hosted

Notice

It is possible to add the Checkmarx One external IP addresses to the customer FW whitelist - For more information see Checkmarx One External IP's List

Overview

Checkmarx One supports GitHub integration, enabling automated scanning of your GitHub projects whenever the code is updated. Checkmarx One's GitHub integration listens for GitHub commit events and uses a webhook to trigger Checkmarx scans when a push, or a pull request occurs. Once a scan is completed, the results can be viewed in the Checkmarx One Platform.

In addition, for pull requests, a comment is created in GitHub, which includes a scan summary, list of vulnerabilities and a link to view the scan results in Checkmarx One.

Notice

This integration supports both public and private repos.

The integration is done on a per project basis, with a specific Checkmarx One Project corresponding to a specific GitHub repo.

Notice

You can select several repos to create multiple integrations in a bulk action.

Prerequisites

  • The source code for your project is hosted on a GitHub repo.

  • You have an Checkmarx One account and have credentials to log in to your account.

  • The GitHub user has admin privileges for this repository, see GitHub

  • You have your GitHub Client ID & Client Secret - See Retrieving GitHub Client ID & Client Secret

Retrieving GitHub Client ID & Client Secret

Initiating a Scan

To integrate your self hosted (on-prem) GitHub organization with Checkmarx One, perform the following:

  1. In the Applications and Projects home page click New Project → Import Project

    6427967572.png
  2. Select Self-hosted > GitHub

    GitHub_SH_Select.png
  3. Configure the following fields:

  4. 6461325914.png

    Click Next

    6462636170.png
  5. Sign in to GitHub and click Sign in

    6428295192.png
  6. Click Authorize

    6428295198.png
  7. Select the GitHub User/Organization or Group (for the requested repository) and click Select Organization

    Click Back to return to the Select Service screen.

    Note

    In case you selected GitHub User skip step 8

    GitHub_Select_Org.png
  8. In the Organization Settings screen you can decide whether to enable the "Monitor new repositories creation" feature. (The default is On)

    For more information about the feature see Monitor New Repositories

    GitHub_Org_Settings.png
  9. Select the Repository inside the GitHub organization and click Next

    Click Back to return to the Select Organization screen.

    Note

    • A separate Checkmarx One Project will be created for each repo that you import.

    • There can’t be more than one Checkmarx One Project per repo. Therefore, once a Project has been created for a repo, that repo is greyed out in the Import dialog.

    GitHub_Select_Repo.png
  10. In the Repositories Settings screen, perform the following and click Next

    Click Back to return to the Select Repositories screen.

    1. Select the scanners for All/Specific repositories

    2. Select which Protected Branches to scan for each Repository.

    3. It is possible to specify the Groups to which you would like to assign the Project.

    4. You can also add Tags to the Project. Tags can be added as a simple strings or as key:value pairs.

      GitHub_Repo_Settings.png
  11. Select which Protected Branches to scan for each Repository and click Next

    Click Back to return to the Repositories Settings screen.

    GitHub_Select_Branches.png
  12. In the Advanced Options screen it is possible to select Scanning the default branch upon the creation of the Project

    Click Create Project

    Click Back to return to the Select Branches screen.

    GitHub_Advanced_Options.png
  13. The Project is successfully created in the Applications and Projects home page, and the scan is initiated.

    Note

    In order to update the scanners see Imported Project Settings

    6428295234.png

Updating Project Settings

See Imported Project Settings