Configuring the Checkmarx One Vulnerability Integration

Configuration is done initially and is a one-time activity. Please ensure that the required permissions are active before proceeding. See here for a list of the permissions.

To Configure the Checkmarx One Vulnerability Integration:

Navigate to your instance of Service Now and log in.
Search for Checkmarx One Vulnerability Integration.
Click Configuration.
Provide the information required to complete the Checkmarx One configuration.
Note
Fields marked with a red asterisk are compulsory.
Enter the following in the required fields on the Configuration page:
- IAM URL: Checkmarx One IAM URL (remove ‘/’ from the end of the URL)
- API Base URL: Checkmarx One Base URL (remove ‘/’ from the end of the URL)
- Tenant: Checkmarx One Tenant
- Client ID: Oauth 2 Client ID
- Client Secret: Oauth 2 Client Secret
- Select Include SCA, Include SAST, Include IaC, or all to get the scanner results.
  Parameter Descriptions
  IAM URL: The base URL of the Identity Access Management service of the given Checkmarx One environment.
  API Base URL: The base URL of the Checkmarx One Environment.
  Tenant: The name of the customer's Checkmarx One instance.
  OAuth Client ID/Secret: Refer to Preparing for Checkmarx One Vulnerability Integration to learn more about OAuth Client ID & Client Secret.
  Include SCA/SAST/IaC: When enabled, the integration will process SCA, SAST, or IaC results from Checkmarx One.
  Exclude SCA Dev and Test Dependencies: When enabled, the integration will process SCA results excluding Dev and Test Dependencies.
  Include First Detection Date: This column will be included in the AVIT table when enabled.
  Severity: You may multi-select the severity levels for the scan result, by default Critical, High, Medium, and Low are present.
  Filter Project: Select the dropdown option to filter projects by project ID or name.
  Enter Project IDs: Enter a list of a maximum 1000 project IDs separated by ; to include them in the integration run. Add exclude= followed by the Project IDs to exclude any project.
  Enter Project Names: Enter a list of a maximum of 1000 project names substring separated by ; to include them in the integration run. To exclude any project, add exclude= followed by the Project Names substring. The Project Name substring is Case Sensitive and should not contain ; and =.
  Result State: You may multi-select result states for the scan result
  Scan Type: You may multi-select scan types for the scan
  Scan Synchronization: Select the relevant option to sync your scan to:
  Latest Scan Across All Branches: Selecting this option will fetch the latest scan and results of the projects after given that has been scanned after given Start Time during Integration Run.
  Latest Scan Each Branch: Selecting this option will fetch the latest scan and results from each branch of a project that has been scanned after given Start Time during Integration Run.
  Latest Scan of Primary Branch: Selecting this option will fetch the latest scan and results from Primary Branch of a project that has been scanned after given Start Time during Integration Run.
  Triaging in ServiceNow
  Check this box to triage the AVIs in ServiceNow. If this box is checked, AVIs are imported into the open state. You can then request an exception or mark the AVI as a false positive.
  To retain the source state, the state imported from the scanner, ensure this check box is not selected.
  Note
  The Mark as False Positive and Request Exception options are available only for AVIs triaged within ServiceNow.
Click Save and Test Credentials.

The URL will be the same for Single Tenant, IAM URL, and API Base.

The system tests the credentials and confirms if the validation is successful.

If the authentication is successful, continue to perform the Checkmarx One Vulnerability Integration.

In this section:

Configuring the Checkmarx One Vulnerability Integration

To Configure the Checkmarx One Vulnerability Integration:

Note

Note

Search results