Checkmarx SCA Integrations and Plugins
Checkmarx SCA offers a robust set of integrations that help you to get the most out of SCA’s capabilities.
Checkmarx SCA, can be integrated into development tools, so that open source packages can be automatically scanned during the development process. For example, the Checkmarx Plugin for Jenkins enables SCA scanning to be configured as part of the build step, so that if vulnerabilities are discovered the build process can be terminated.
The Checkmarx Plugins provide software composition analysis based only on the manifest files and fingerprints. This analysis involves compressing and sending only the manifest files, configuration files, file names, and fingerprint data to the Checkmarx SCA cloud. The source code is not sent to the cloud.
In addition to the tools that we offer for integration with your Checkmarx SCA account, we also offer several free plugins the enable any user to integrate SCA analysis into their development workflows.
Caution
This page relates only to integrations for SCA standalone accounts and free SCA tools. For Checkmarx One accounts that use the SCA scanner, integration info is available here.
SCA Standalone Accounts
Platform(Documentation links) | Comments |
---|---|
Supports integration with Checkmarx SCA Resolver, see Configuring the Jenkins Plugin for Scanning. | |
Supports integration with Checkmarx SCA Resolver, see “Adding a Checkmarx SCA Scan Project” in Running a Scan from Azure DevOps. | |
Free Tools
Platform(Documentation links) | Comments |
---|---|
Free tool, no Checkmarx SCA account required. For Checkmarx SCA users, data does not sync with your account. | |
Free tool, no Checkmarx SCA account required. For Checkmarx SCA users, data does not sync with your account. | |
Free tool, no Checkmarx SCA account required. For Checkmarx SCA users, data does not sync with your account. | |
Free tool, no Checkmarx SCA account required. For Checkmarx SCA users, data does not sync with your account. |