Skip to main content

Preparing for the Checkmarx One Vulnerability Integration

A successful integration requires some initial planning and setup. Performing these tasks will ensure a smooth installation and configuration process. This guide assumes a basic familiarity with the Checkmarx One platform.

For comprehensive details about Access Management capabilities, resource levels, and authorization management, refer to the New Access Management Capabilities documentation, which provides complete guidance on the enhanced access control features and any updates to the authorization process.

  1. Validate ServiceNow Instance Sizing: Before importing data, confirm that your ServiceNow instance can handle the expected volume of vulnerabilities. An undersized instance may result in slow processing and a poor user experience. Contact ServiceNow Customer Service and Support to verify your instance's capacity based on the anticipated import volume.

  2. Identify Your Checkmarx One Environment: The integration needs to connect to the correct Checkmarx One data center where your tenant exists. Identify and note the URL for your environment from the list below. You will need this for logging in and configuration steps later.

    • Available Environments:

      • US Environment: https://us.ast.checkmarx.net

      • EU Environment: https://eu.ast.checkmarx.net

      • Australia and New Zealand: https://anz.ast.checkmarx.net

      • India: https://ind.ast.checkmarx.net

      • Singapore: https://sng.ast.checkmarx.net

  3. Create and Secure an OAuth2 Client in Checkmarx One: The integration authenticates to Checkmarx One using an OAuth2 Client ID and Secret. You must create a dedicated client for this purpose.

    1. Log in to your Checkmarx One tenant using the URL from Step 2.

    2. To create a new OAuth2 client, follow the instructions in the official Checkmarx One documentation: Creating an OAuth2 Client.

    3. During creation, ensure the client is assigned a role with the required permissions (see Step 4 below).

    4. After creation, Checkmarx One will display the Client ID and Client Secret.

    5. Securely copy and record both credentials. The Client Secret is only displayed once and cannot be retrieved again.

  4. Assign Required Permissions to the OAuth2 Client: For the integration to function correctly, the role assigned to your OAuth2 client must include at least the following permissions. The integration uses these permissions to read project, scan, and vulnerability data. If any of these are missing, the Save and Test Credentials step will fail in ServiceNow.

    Required Permissions:

    Tip

    Security Best Practice: To follow the principle of least privilege, we recommend creating a dedicated role in Checkmarx One (e.g., ServiceNow Integration Role) that contains only these four permissions, and assigning that role to your OAuth2 client.

    • View-applications

    • View-projects

    • View-scans

    • View-results

  5. Associate the OAuth2 Client with Tenant-Level Authorization (Access Management Enabled Tenants): To associate the OAuth2 client with tenant-level access:

    1. Navigate to Settings → Global Settings → Authorization

    2. Click + Add Users / Groups / Clients.

    3. Click theClient tab.

    4. Search for and select the OAuth2 client created for ServiceNow integration.

    5. Assign the appropriate role (the ServiceNow Integration Role created in Step 4)

    6. Click Done to confirm the association.