Skip to main content

Software Supply Chain Security

We have created a new module within Checkmarx One for detecting a wide range of risks affecting your software supply chain. Currently, this includes Secret Detection and Repository Health (OSSF Scorecard).

Prerequisites

  • A Checkmarx One account with a Professional or Enterprise license

    Notice

    For Professional license, Secret Detection is an Add-on option.

  • To run Repository Health (OSSF Scorecard) scans, your code needs to be in a GitHub repository and you need to have a Token for that repo (even if it is a public repo)

Workflow

Software Supply Chain Security (SCS) scans can be run on your Checkmarx One projects via our web application (UI), the Checkmarx One CLI tool, or REST API. Once the scan is completed, the results are shown in a new Software Supply Chain tab in your Workspace Workspace.png. You can drill down to see detailed info about the risks that were detected by each of these scanners.

Notice

Alternatively, you can access the results for a specific project by opening the SCS results viewer for that project from the Projects tab.

In this section: