Skip to main content

Preparing for Checkmarx Integration with DevOps Change Velocity

ServiceNow DevOps Change Velocity allows you to import data from your DevOps tools into the ServiceNow platform, speeding up change delivery while maintaining compliance. For more details, check the ServiceNow Documentation here: DevOps Change Velocity.

To begin using Checkmarx SAST Integration DevOps Velocity Change, the below plugins need to be installed

· DevOps Vulnerability Integrations (sn_devops_vul_ints)

· Checkmarx CxSAST Vulnerability Integration (x_chec3_cxsast).

For more information on activating a plugin, see Install a ServiceNow Store application.

Navigate to All-> Checkmarx Vulnerability Integration-> Integration

Ensure Checkmarx DevOps Integration is set as True in the Active column.

Screenshot (18).png

A Checkmarx SAST user requires the below permissions to get summary details:

· Save/Update Project

· Scan Results

To Configure Checkmarx SAST with DevOps Velocity, refer to ServiceNow Documentation Checkmarx integration with DevOps Change Velocity .

Checkmarx SAST DevOps Field details:

The Change Velocity Tools fields must be filled while establishing a connection with Checkmarx on DevOps.

Field

Description

Tool name

Name of your Checkmarx integration.

Tool integration

Checkmarx SAST

Server URL

Base URL of your Checkmarx SAST server

Tool username/ API ID

Checkmarx SAST username.

Tool password/ Access token / API Key

Checkmarx SAST password.

MID server

MID server (To install MID server refer to Checkmarx’s documentation Installation and Configuration of MID Server for Vulnerability Response Integration with SAST)

Checkmarx DevOps Integration scan summary results.

Once the Integration is completed the retrieved scan summaries from Checkmarx SAST are stored in the following tables. Alternatively, search sn_vul_app_vul_scan_summary or sn_vul_app_vul_scan_summary_details to view the tables :

Table 1: Application Vulnerability Scan Summary: (Search sn_vul_app_vul_scan_summary.LIST in Navigation to access the table)

Below are mapping details from Checkmarx SAST to ServiceNow Application Vulnerability Scan Summary Table

Columns (from SNOW)

Description

Source Field (from CxSAST)

Discovered Applications

Project Name.

app_name

Source scan ID

Scan ID of the project.

scan_id

Scan summary name

Scan summary with scan ID and last scan date.

scan_id + last_scan_date

Detected Flaw Count

Total number of vulnerabilities

total_no_flaws

Last scan date

Last scan date

Last scan Date

Last scan rating

scan rating

scan rating

Table 2: Application Vulnerability Scan Summary Details: (Search sn_vul_app_vul_scan_summary_details.LIST in Navigation to access the table)

Below are mapping details from Checkmarx SAST to ServiceNow Application Vulnerability Scan Summary Details Table

Columns (from SNOW)

Description

Source Field (from CxSAST)

Category name

Name of the vulnerability category.

category_name

Severity

Severity of the flaws in the scan report.

severity

Detected Flaw Count

Number of flaws in the category for a severity.

total_no_flaws