Settings for Specific Scanners
There are specialize settings for each of the following Checkmarx One scanners: SAST, IaC Security, SCA, API Security and Container Security.
Important
Each scanner has a different set of parameters.
It isn’t possible to configure the same parameter twice.
Clicking the
icon will clear the configuration field.Selecting the Allow Override checkbox
will allow overriding the same parameter in a higher level of configuration. For more information see Configuring Project RulesBy default, "Allow override" is selected for all the parameters in the account settings.
Configuration Hierarchy
Scanners parameters configuration work in hierarchy.
During parameters configuration, the system considers the Tenant level as the highest configuration level followed by Project level, Config as Code and Scan level.
Parameters are inherited from one level to the other, starting from Tenant level.
Removing parameters from a lower configuration level can be performed only by deleting the parameter configuration from the higher configuration level. In this case the parameter won't be presented in the lower configuration level.
In case users edit a parameter in a lower configuration level, a icon will appear at the right. Deleting the parameter can't be performed, as the parameter is inherited from the higher configuration level. This behavior is designed to emphasize that the configuration exist at the Tenant level and it is set with "X" value.
In case using the icon, it might appear that the parameter is deleted, but it is not. In case exiting the page and returning, the parameter will be presented again.
Note
When running a scan, the system considers the Scan level as the highest configuration level, followed by Config as Code, Project level and Tenant level.