Skip to main content

Set up the Checkmarx connector

The Veracode Risk Manager (VRM) connector for Checkmarx integrates Checkmarx's DAST (IAST) vulnerability and weakness findings to unify organizational risk and power Best Next Actions.

Complete the following tasks to set up your VRM connector for Checkmarx.

Get your tenant ID, client ID, and secret

VRM connects to all of Checkmarx’s vulnerability scanners using the Checkmarx aggregation APIs. To finalize this integration, you need to know your tenant ID and the ID and secret for an OAuth client.

Prerequisites:

You must have created an OAuth client in Checkmarx One.

To complete this task:

  1. In Checkmarx One, select Settings > Identity and Access Management.

  2. Copy the tenant ID to a secure location.

    Tenant ID

  3. Select OAuth Clients.

  4. Select the client you want to use with VRM.

  5. Copy the client ID to a secure location.

  6. Select Regenerate.

    Regenerate secret

  7. Copy the secret to a secure location.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the Checkmarx tile.
  4. Enter a name for the connector.
  5. Paste the Client ID and Secret values you generated in Checkmarx.
  6. For Endpoint, enter the Checkmarx One base URL for your environment. For example: https://ast.checkmarx.net
  7. For Tenant Name, enter the Tenant ID value you copied from Checkmarx.
  8. Select Add Connector.

Validate your data

After successfully connecting the Checkmarx connector within VRM, it will take some time for VRM to fetch the findings.

After the connector has completed the fetch, confirm that VRM correctly ingested the data.

  1. In VRM, select Findings Findings icon from the left navigation menu.
  2. Select the Findings Source filter and select Checkmarx.

The Findings table lists the Checkmarx vulnerability findings.

Last updated on