Preparing for Checkmarx Integration with DevOps Change Velocity
ServiceNow DevOps Change Velocity allows you to import data from your DevOps tools into the ServiceNow platform, speeding up change delivery while maintaining compliance. For more details, check the ServiceNow Documentation here: DevOps Change Velocity.
To begin using Checkmarx SAST Integration DevOps Velocity Change, the below plugins need to be installed
· DevOps Vulnerability Integrations (sn_devops_vul_ints)
· Checkmarx CxSAST Vulnerability Integration (x_chec3_cxsast).
For more information on activating a plugin, see Install a ServiceNow Store application.
Navigate to All-> Checkmarx Vulnerability Integration-> Integration
Ensure Checkmarx DevOps Integration is set as True in the Active column.
A Checkmarx SAST user requires the below permissions to get summary details:
· Save/Update Project
· Scan Results
To Configure Checkmarx SAST with DevOps Velocity, refer to ServiceNow Documentation Checkmarx integration with DevOps Change Velocity .
Checkmarx SAST DevOps Field details:
The Change Velocity Tools fields must be filled while establishing a connection with Checkmarx on DevOps.
Field | Description |
---|---|
Tool name | Name of your Checkmarx integration. |
Tool integration | Checkmarx SAST |
Server URL | Base URL of your Checkmarx SAST server |
Tool username/ API ID | Checkmarx SAST username. |
Tool password/ Access token / API Key | Checkmarx SAST password. |
MID server | MID server (To install MID server refer to Checkmarx’s documentation Installation and Configuration of MID Server for Vulnerability Response Integration with SAST) |
Checkmarx DevOps Integration scan summary results.
Once the Integration is completed the retrieved scan summaries from Checkmarx SAST are stored in the following tables. Alternatively, search sn_vul_app_vul_scan_summary or sn_vul_app_vul_scan_summary_details to view the tables :
Table 1: Application Vulnerability Scan Summary: (Search sn_vul_app_vul_scan_summary.LIST in Navigation to access the table)
Below are mapping details from Checkmarx SAST to ServiceNow Application Vulnerability Scan Summary Table
Columns (from SNOW) | Description | Source Field (from CxSAST) |
---|---|---|
Discovered Applications | Project Name. | app_name |
Source scan ID | Scan ID of the project. | scan_id |
Scan summary name | Scan summary with scan ID and last scan date. | scan_id + last_scan_date |
Detected Flaw Count | Total number of vulnerabilities | total_no_flaws |
Last scan date | Last scan date | Last scan Date |
Last scan rating | scan rating | scan rating |
Table 2: Application Vulnerability Scan Summary Details: (Search sn_vul_app_vul_scan_summary_details.LIST in Navigation to access the table)
Below are mapping details from Checkmarx SAST to ServiceNow Application Vulnerability Scan Summary Details Table
Columns (from SNOW) | Description | Source Field (from CxSAST) |
---|---|---|
Category name | Name of the vulnerability category. | category_name |
Severity | Severity of the flaws in the scan report. | severity |
Detected Flaw Count | Number of flaws in the category for a severity. | total_no_flaws |