Skip to main content

Set up the Checkmarx connector

Integrate Checkmarx SAST and SCA vulnerability and weakness findings with Veracode Risk Manager (VRM) to unify organizational risk and support Best Next Actions.

Complete the following tasks to set up your VRM connector for Checkmarx.

Get your tenant ID, client ID, and secret

VRM connects to all Checkmarx vulnerability scanners using the Checkmarx aggregation APIs. To complete this integration, you need your tenant ID, along with the ID and secret for an OAuth client.

Prerequisites:

You must have created an OAuth client in Checkmarx One.

To complete this task:

  1. In Checkmarx One, select Settings > Identity and Access Management.

  2. Copy the tenant ID to a secure location.

    Tenant ID

  3. Select OAuth Clients.

  4. Select the client you want to use with VRM.

  5. Copy the client ID to a secure location.

  6. Select Regenerate.

    Regenerate secret

  7. Copy the secret to a secure location.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the Checkmarx tile.
  4. Enter a name for the connector.
  5. Paste the Client ID and Secret values you generated in Checkmarx.
  6. For Endpoint, enter the Checkmarx One base URL for your environment. For example: https://ast.checkmarx.net
  7. For Tenant Name, enter the Tenant ID value you copied from Checkmarx.
  8. Select Add Connector.

Validate your data

After successfully connecting the Checkmarx connector within VRM, it will take some time for VRM to fetch the findings.

After the connector has completed the fetch, confirm that VRM correctly ingested the data.

  1. In VRM, select Findings Findings icon from the left navigation menu.
  2. Select the Findings Source filter and select Checkmarx.

The Findings table lists the Checkmarx vulnerability findings.

Last updated on