Skip to main content

Checkmarx SAST System Architecture Overview

The Checkmarx SAST system consists of the following components:



SAST supports the following clients (user interfaces):

  • Web Portal- provides an intuitive web interface to create, manage and analyze code scan projects in SAST.

  • Audit Guide- provides the capability to create or customize analysis queries for use in SAST.

  • API Guide- provides the capability for developers to create unique client implementations using the available APIs.

  • CLI- provides a command line interface for the SAST functionality and CI scenarios.

  • IDE Plugins- provide scanning and integrated scan result navigation directly from the IDE development environment.

  • CI/CD Plugins- provide integration to SAST-compatible plugins (for example, Jenkins) for CI/CD scenarios.


SAST includes the following server components:

  • WS (IIS Web Service)- controls Manager actions (i.e., initiating scans, viewing results, and generating reports). Access Control manages roles and users.

  • Manager- manages and integrates system components, and performs all system functions utilizing the IIS Web and Result services.

  • ActiveMQ– manages messaging queues.

  • Engine- performs the code scans.

  • Database- stores scan results and system settings.

  • File System- controls how the data is stored and retrieved.

Architecture Types

SAST supports the following:

The communication between the Client and Manager and between the Manager and the Engine is maintained via HTTP by default but can be configured to be maintained via HTTPS instead.


Starting with SAST v9.4.0, M&O is no longer available for new installation. For previous information about M&O, please refer to Management and Orchestration.