CxLink
Notice
This feature is available for all Multi-Tenant users. To make it available on Single-Tenant, please contact your CSM.
CxLink, using Zrok tunneling technology, acts as a proxy to simplify and secure integrations between your protected services (e.g., code repositories, private artifactories, bug tracking systems) and CxOne. With CxLink, you can eliminate the need to manually configure networks or open firewalls.
Prerequisites
Install Docker: https://docs.docker.com/get-started/get-docker/
Setup
To set up CxLink:
Register in the Checkmarx Link client through Account Settings in Checkmarx One. Once registered, a token will be generated, which will be required to establish the connection.
Install the Checkmarx Link Client as a Docker container using the provided docker command.
Once the client is installed, it must be updated with the token obtained during registration. This allows it to establish a secure tunnel to Checkmarx One. Ensure the connection appears on the Account Settings page.
Once the secure tunnel is set up, you can import repositories by entering the hostname, which is resolved through the tunnel using the client ID and secret.
Permissions
In case the CxLink option is not visible in the Settings dropdown (see screenshot below), ensure you have the necessary Access Management permissions:
Navigate to Identity and Access Management → Users.
Click Edit in the dropdown menu at the end of your user row.
In Roles Mapping, ensure view-links, create-links, edit-links, and delete-links are selected (these permissions are included in the ast-admin and ast-risk-manager roles).
Client Installation
The CxLink client must be installed to enable communication between Checkmarx One and on-premise services. You can find the latest client version in docker hub and follow the instructions provided when creating a link.
Example: docker pull checkmarx/link-client:1
Accessing CxLink
Perform the following to access and manage your CxLinks:
Click
then CxLink. The CxLink tab under Account Settings opens.
The CxLink tab displays a table with the following columns:
Name
Description
Private URL (on-prem service URL)
Date Created
Connection Status
Creating and Connecting a New CxLink
Perform the following to create a new CxLink:
Notice
Once a link is created, you can only edit the name and description. The CxLink and Private URL remain unchanged. To edit the link, click on it in the CxLink column to open the Edit CxLink form .
Click the +New button to create a new link. Fill out the form and click Generate.
On the following window, select Docker Command. Copy and save the command below before clicking Done and closing the window!
After creating the link, you must connect it by performing the following:
Open your command prompt terminal.
Paste and run the provided Docker command at the end.
Verify your connection is successful by seeing this in your code
and a Connected status by the CxLink.
Now connected, run a scan and copy and paste the CxLink (CxLink from the table) into the Repository URL field.
Click Fetch Branches to ensure it is connected successfully.
Click Next to select your scanners and Scan when done.
Warning
Do not close your tunnel while running; your connection will drop and fail.
Configuring SCM
Perform the following to configure your SCM:
Copy the alias CxLink generated when creating the new link.
Select the New Project—Code Repository Integration option to import your code from the SCM when creating a new project.
Choose your SCM and specify Self-Hosted.
Note
CxLink is unavailable for cloud-hosted SCM configurations.
Enter a new instance name, paste the CxLink in the URL field, and enter your unique ID and secret.
Once all mandatory fields are filled out, the Save & Continue button will become available. Click it to proceed with the import.
