Skip to main content

CxSAST Reporting Manager Installation (as a Windows Service)

The CxSAST Reporting Service Manager can be installed as a Windows service and CxSAST Reporting Client deployed on IIS. The service and client require the following dependencies:

  • Version 1.x: ASP.NET Core 3.1.21 hosting bundle (download link) must be installed in the Checkmarx SAST Reporting Service machine, which might require a restart.

  • Version 2.x: ASP.NET Core 6.0.7 hosting bundle (download link) must be installed in the Checkmarx SAST Reporting Service machine, which might require a restart.

  • Both the service and client machines must have connectivity to the Checkmarx SAST database host and the Checkmarx SAST Manager host for Access Control connectivity.

Installation

Notice

For best results, use the exact path and folder names indicated in the instructions.

  1. Download the latest artifacts for CxSASTReportingService.

  2. Extract zip contents of CxSASTReportingService to C:\Checkmarx\CxReportingService.

    1. Give binaries folder and exported scans source code folder permissions.

      Right-click the CxReportingService folder and select the Properties option.

      CxReportingServiceFolder.png
    2. Click the Security tab, press Edit and Add. Click the Advanced option, Find Now and from the search results choose the same user as applied to CxSAST services and CxSASTReportingService Windows Service.

      SecurityTab.png
    3. Click OK and give it full permissions by selecting the Full control checkbox, click Apply and OK.

  3. Check the appsettings.json file for the required settings, especially the DB connection and reports configuration, as shown in the following code:

    {
      "Database": {
        "CxDBClient": {
          "ConnectionString": "Data Source= ;Initial Catalog=CxDB;Integrated Security=False;User ID= ;Password= ;Pooling=True;", // ConnectionString for the CxSAST DB instance to export
          "EncryptionKey": "",
          "EncryptionVector": ""
        }
      },
      "ReportConfigurations": {
        "NumberOfReportsToGenerateInParallel": 2,
        "NumberOfRetries": 3,
        "ReportsExecutionInterval": 10,
        "ReportsOutputPath": "C:\\CxReporting",
        "ReportsRetentionPeriod": 3    
      }
    }

    Example

    {
      "Database": {
        "CxDBClient": {
          "ConnectionString": "Data Source=10.35.26.165;Initial Catalog=CxDB;Integrated Security=False;User ID=test;Password=Cx123456;Pooling=True",
          "EncryptionKey": "",
          "EncryptionVector": ""
        }
      },
      "ReportConfigurations": {
        "NumberOfReportsToGenerateInParallel": 1,
        "NumberOfRetries": 3,
        "ReportsExecutionInterval": 10,
        "ReportsOutputPath": "C:\\CxReporting",
        "ReportsRetentionPeriod": 3
      }
    }
  4. Validate the updated appsettings.json file. The connection string parameter must have valid user credentials with access to the CxDB, otherwise the CxReportingService will not run.

    As the CxSASTReportingService accesses the CxSAST database, the DB user requires the following permissions:

    1. Default Database: CxDB

    2. CxActivity membership: db_ddladmin role in addition to db_datareader. DefaultSchema dbo

    3. CxBD membership: db_ddladmin role in addition to db_datareader and db_datawriter roles. DefaultSchema dbo

    4. tempdb membership: db_ddladmin role in addition to db_datareader and db_datawriter roles. DefaultSchema dbo

      DBLogin.png
  5. Create the Windows service, by running the following commands in a CMD command line with Administrator privileges:

    ## Create windows service
    # binPath should point to actual CxReportingService.Api.dll in case you chose a different installation path for your CxReportingServicefolder
    sc create CxReportingService start= delayed-auto binpath= "C:\Program Files\dotnet\dotnet.exe \"C:\Checkmarx\CxReportingService\CxReportingService.dll\" --run-as-winservice" displayname=CxReportingService
    
    ## Add the description to the win service
    sc description CxReportingService "Checkmarx Reporting Service" 

    Or, by executing the following command in PowerShell with Administrator privileges:

    New-Service -Name "CxReportingService" `
      -BinaryPathName '"C:\Program Files\dotnet\dotnet.exe" "C:\Checkmarx\CxReportingService\CxReportingService.dll" --run-as-winservice' `
      -Description "Checkmarx Reporting Service"

    Keep in mind that the dotnet installation path might vary. Confirm the full path by running the following command:

    get-command dotnet | select -expandproperty Path

    If the path differs from C:\Program Files\dotnet\dotnet.exe, please contact Checkmarx support.

    If you are running other Cx services on top of CxSAST, you might run into conflicts related to the service execution port.

    To avoid any conflicts, instead of running:

    sc create CxReportingService start= delayed-auto binpath= "C:\Program Files\dotnet\dotnet.exe C:\Checkmarx\CxReportingService\CxReportingService.dll --run-as-winservice" displayname=CxReportingService

    Run the following command:

    sc create CxReportingService start= delayed-auto binpath= "C:\Program Files\dotnet\dotnet.exe C:\Checkmarx\CxReportingService\CxReportingService.dll --urls "http://<IP or machine name>:<port>" --run-as-winservice" displayname=CxReportingService

    that allows you to define the CxArchive service port.

  6. Once your CxSASTReportingService Windows service is created you need to validate or modify the Log On account to a user that has permissions to the CxSAST databases, binaries and sources folder path. For this you will need to access the Windows “Services“ view.

    Services.png
    1. Right click in the service and choose Properties.

    2. On the Log On tab, click This account and Browse.

    3. Click the Advanced option, Find Now and from the search results choose the same user applied to your CxSAST services. (In our case it was Network Service user.)

    4. Click OK.

  7. When all configurations are set, Start the Service.