Container Security CLI Scans Run in the Cloud
Container Security scans in the CLI will now run in the cloud by default, reducing resource usage on your machine and improving performance and scalability by resolving everything in the cloud. This means images will be uploaded and scanned in the cloud, rather than being processed locally.
What Stays the Same?
Local scans are still available if needed - users can continue to run scans locally by adjusting the scan command as shown below.
There are no UI or results changes as part of this update – scan results will appear in Checkmarx One exactly as before.
Why Are We Making This Change?
Faster and more scalable scans with improved performance.
Better registry integration for pulling and scanning images directly from supported registries (DockerHub, GitHub, JFrog).
Consistent experience across Checkmarx scanning engines.
Impact on Private Registries
If you have not yet integrated your private registry with Checkmarx One or if you are using a private registry that is not currently supported in Checkmarx One, you’ll need to run scans locally to ensure images are scanned. To do this, simply add the following flag to your CLI scan command: --containers-local-resolution
Example:
./cx scan create --project-name <Project Name> -s <Repository URL> --branch <branch name> --scan-types container-security --containers-local-resolution