CxLink
Notice
This feature is currently only available to Early Adopters.
CxLink, using Zrok tunneling technology, acts as a proxy to simplify and secure integrations between your protected services (e.g., code repositories, private artifactories, bug tracking systems) and CxOne. With CxLink, you can eliminate the need to manually configure networks or open firewalls.
Prerequisites
Install Docker: https://docs.docker.com/get-started/get-docker/
The CxLink client image is distributed as a TAR file (provided by Checkmarx Support) and must be imported manually.
Setup
To set up CxLink:
Register in the Checkmarx Link client through Account Settings in Checkmarx One. Once registered, a token will be generated, which will be required to establish the connection.
Install the Checkmarx Link Client as a Docker container using the provided docker command.
Once the client is installed, it must be updated with the token obtained during registration. This allows it to establish a secure tunnel to Checkmarx One. Ensure the connection appears on the Account Settings page.
Once the secure tunnel is set up, you can import repositories by entering the hostname, which is resolved through the tunnel using the client ID and secret.
Permissions
In case the CxLink option is not visible in the Settings dropdown (see screenshot below), ensure you have the necessary Access Management permissions:
Navigate to Identity and Access Management → Users.
Click Edit in the dropdown menu at the end of your user row.
In Roles Mapping, ensure view-links, create-links, edit-links, and delete-links are selected (these permissions are included in the ast-admin and ast-risk-manager roles).
Client Installation
The CxLink client must be installed to enable communication between CxOne and on-premises services. You must download and unpack the provided TAR archive (supplied by Checkmarx Support) and load the Docker image into your local environment. For Windows, you can use tools like 7-Zip to unpack the archive. You can use gzip for extraction and the Docker CLI to load and run the client image on Linux.
Unpacking the Archive
Navigate to your working directory and unpack the archive gzip -d client.tar.gz or gzip -dk client.tar.gz if you want to keep the original archive.
In Windows, you can use the 7z application for unpacking client.tar.gz
Loading the Docker Image
Load the docker image to your repository.
In Linux:
docker load < client.tar
In Windows cmd:
docker load -i client.tar
Accessing CxLink
Perform the following to access and manage your CxLinks:
Click
then CxLink. The CxLink tab under Account Settings opens.
The CxLink tab displays a table with the following columns:
Name
Description
Private URL (on-prem service URL)
Date Created
Connection Status
Creating and Connecting a New CxLink
Perform the following to create a new CxLink:
Notice
Once a link is created, you can only edit the name and description. The CxLink and Private URL remain unchanged. To edit the link, click on it in the CxLink column to open the Edit CxLink form .
Click the +New button to create a new link. Fill out the form and click Generate.
On the following window, select Docker Command. Copy and save the command below before clicking Done and closing the window!
After creating the link, you must connect it by performing the following:
Open your command prompt terminal.
Navigate to the TAR file (provided by Checkmarx Support) and unpack it
Paste and run the provided Docker command at the end.
Verify your connection is successful by seeing this in your code
and a Connected status by the CxLink.
Now connected, run a scan and copy and paste the CxLink (CxLink from the table) into the Repository URL field.
Click Fetch Branches to ensure it is connected successfully.
Click Next to select your scanners and Scan when done.
Warning
Do not close your tunnel while running; your connection will drop and fail.
Configuring SCM
Perform the following to configure your SCM:
Copy the alias CxLink generated when creating the new link.
Select the New Project—Code Repository Integration option to import your code from the SCM when creating a new project.
Choose your SCM and specify whether it’s Cloud-Hosted or Self-Hosted.
Enter a new instance name, paste the CxLink in the URL field, and enter your unique ID and secret.
Once all mandatory fields are filled out, the Save & Continue button will become available. Click it to proceed with the import.
