Data Transformation for Integration
After you identify the data you want to import, the data is retrieved from the Checkmarx application, processed through a set of data sources, and transformed in your instance.
Checkmarx Application Vulnerable Item Integration
The data from the API is first loaded into the Checkmarx AppVul Item Import [x_chec3_cxsast_checkmarx_appvul_item_import] table and the Checkmarx AppVul Item Transform is used to transform the imported information. To access this transform map, navigate to System Import Sets Transform Maps and search for Checkmarx AppVul Item Transform. The following table lists the transform map fields by integration.
Note
Transform data for Checkmarx Application List Integration, Checkmarx Scan Summary Integration, Checkmarx SCA Application List Integration, Checkmarx SCA Scan Summary Integration, and Checkmarx SCA Application Vulnerable Item Integration in the same way as for Checkmarx Application Vulnerable Item Integration.
Table 1. CheckmarxOne App List transforms map fields:
Source Field(from CxSAST) | Target Field(from SNOW) | Description |
---|---|---|
app_id | Source Application ID | Project Id |
app_name | Application name | Project name |
Team_id + Team_name | Source-assigned teams | Team ID and team name of the project. |
businessApplication | Business Application | Custom Fields with Business Application keyword present in CxSAST for the given project |
Custom_fields | Source additional info | Custom Fields present in CxSAST for the given project |
Created_at | Description | Project Creation date for CxSCA. |
Table 2. Checkmarx Scan Summary transforms map fields:
Source Field(from CxOne) | Target Field(from SNOW) | Description |
---|---|---|
app_name | Discovered Applications | Project Name. |
scan_id | Source scan ID | Scan ID of the project. |
scan_id + last_scan_date | Scan summary name | Scan summary with scan ID and last scan date. |
total_no_flaws | Detected Flaw Count | Total number of vulnerabilities |
loc | Static scan size | Number of lines of code present |
Last Scan Date | Last Scan Date | Last Scan Date |
Scan rating | Last scan rating | Scan rating |
Table 3. CheckmarxOne AppVul Item transforms map fields:
Source Field(from CxOne) | Target Field(from SNOW) | Description |
---|---|---|
app_name | Discovered Applications | Project name |
scanId + last_scan_date | Scan Summary | Scan ID and last scan date. |
business_application | business application | Custom Fields with Business Application keyword present in CxSAST for the given project |
vul_state | Source finding status | State of Vulnerability like To Verify, Accepted, Confirmed, Not Exploitable, etc. |
Severity | Source severity | Severity of Vulnerability High, Medium, Low, Info |
SCA: Description SAST: Snippet Info(Line,Code,FileName) | Description | SCA: description SAST: All Path Nodes info including Line no, Code, and File name |
categories | Vulnerability summary | SAST: Categories description SCA: Vulnerability description |
last_scan_date | Last found | Last scan where vulnerabilities are found |
Remediation status / riskState/riskStatus | Source remediation status | Status of Vulnerability New, Recurrent, and Resolved |
detectionDate | First found | First scan where vulnerabilities are found |
Line | Line number | The line on which the flaw is found. |
Remark | Source notes | Comments |
fileName | Location | The location where the flaw is found is mapped. |
DeepLink | Source link | The URL to access vulnerability details in CxSAST is mapped to source_link. |
source_entry_id | Vulnerability | Source entry ID |
category_name | Source additional info | Category Name |
destinationNodeStr | Vulnerable method info | Destination Path Nodes and snippet info including Line no, Code, Column, node ID, File name |
pathHash | Source response | Hash value of all Path Nodes info |
similarityId | Source request | Similarity Id |
similarityId + pathHash | Source AVIT ID | SAST: similarityId + pathHash SCA: CVE ID + package_unique_id |
Scan_type | Scan type | SAST: Static SCA: SCA |
package_name / package_unique_id | Package | SCA: Package name/ Package ID for CxSCA |
Exploitable path | Source Notes | SCA: Exploitable path details(File name, Line no, Exploitable path method ) |
Table 4. Application Vulnerability Entries Item transforms map fields:
Source Field (from CxSAST) | Target Field (from SNOW) | Description |
---|---|---|
category_name | Category name | Category name of vulnerability |
scan_type | Scan type | For scan type SAST and IaC, it is 'Static,’ and for SCA, it is ‘SCA’ |
source_severity | Source Severity | Severity information of vulnerability in Numeric value |
cvssScore | CVSS Base Score | For scan type ‘SCA’ cvssScore is mapped |
cvssVector | CVSS Vector | For scan type ‘SCA’ attack Vector is mapped |
first_found_date | First detection date | The date and time this result was found in the tenant |
Owasptop10 | OWASP | OwaspTop10 information |
cwe_id | CWE entry | CWE-ID |
category_group | Category Group | Category Group |
SANSTop25 | Short description | SANSTop25 information |
query_id CWE-cweID | Source Entry ID | Source Entry ID for SAST Scanner |
Checkmarx -id | Source Entry ID | Source Entry ID for SCA Scanner |
cweId, queryName | CWE entry | List contains cweID and query |
Checkmarx Transform Map Script Timing and Purpose
The following transform scripts are run during the transformation process.
When the script is run | Purpose |
---|---|
onComplete (when an import set has completed transformation) | The script processes the data source and updates the count of AVITs created, updated, or unchanged, as well as those imported as part of this integration. This script is for internal use and should not be modified or deleted. |
Viewing Checkmarx Vulnerability Integration Import
To check the data for the Checkmarx Application List Integration or Application Releases table, search sn_vul_app_release_list.do in Navigation.
To check data for Checkmarx Scan Summary Integration or Application Vulnerability Scan Summaries, search sn_vul_app_vul_scan_summary_list.do in Navigation.
To check data on Checkmarx Application Vulnerable Item Integration or Application Vulnerable Item, search sn_vul_app_vulnerable_item_list.do in Navigation. Search sn_vul_app_vul_entry_list.do in Navigation to view Application Vulnerable Entries.