Preparing CxSAST for Installation
Before installing CxSAST, make sure that you understand the System Architecture and that your server host(s) complies with the Server Host Requirements. To install CxSAST, you have to download the archive, extract the installation executable CxSetup.exe and install the required third-party components.
Notice
To install and configure high-availability solutions, refer to the relevant instructions. A diagram that outlines the architecture for high-availability solutions is available here.
Installation Permissions
The user performing the installation must have administrative network permissions (user name and password) for the computer/server running CxSAST Services.
SQL Server Database
If the database uses Windows domain authentication, the station with the product installed on it must be added to a Windows domain. In addition, the user account performing the installation (Centralized or CxManager) must have SA permission on the database server for the duration of the installation process. If SA permission is unavailable, certain prerequisites must be fulfilled prior to the installation:
Build three SQL databases using the names; CxDB, CxActivity, and CxARM.
Create a login User for Windows and associate it with DB_owner permission for CxDB, CxActivity, and CxARM. This user should be a dedicated Service user and the same user must perform the installation, refer to Configuring CxSAST for using a non-default User (Network Service) for CxServices & IIS Application Pools for additional information.
If the database uses SQL Server native authentication, prepare an SQL Server user account. This account must have SA permissions for the duration of the installation process. If SA permission is unavailable, certain prerequisites must be fulfilled prior to the installation.
Build three SQL databases using the names CxDB, CxActivity, and CxARM.
Create a login for SQL User and associated it with the DB_owner permission for CxDB, CxActivity, and CxARM. Define this user in the CxSAST installation. When installing SQL, you are asked to define a password to access the internal CxARM database. This password must not exceed 32 characters.
For upgrades, all previously defined SQL connection parameters are loaded from the existing configuration. If Windows authentication is being used, run the installer with the same user that is defined for the CxServices or any other Windows-authenticated user with DB owner permission on CxDB, CxActivity, and CxARM. Make sure that the SQL User's password does not consist of more than 32 characters. This may mean that you have to reset this password before you start upgrading.
To change the user credentials used for CxDB connectivity, refer to Configuring User Credentials for CxDB Connectivity.
AWS RDS
DBaaS is not supported natively, but AWS RDS is. To enable RDS, you need to create three databases: CxDB, CxActivity, and CxARM. Give the user that you created the Checkmarx dbo privileges for the newly created databases. Run the installer again and when the installation connects to the Database and you see a message about the three databases already existing, click continue. Once the installation is complete the RDS should work.
Preparing for Installation
Follow the instructions below to obtain/validate your license and make the installation package available.
Obtaining and Validating a License
It is recommended to obtain a license before you start your installation. This way you are able to provide the license during the installation and can use the product immediately after the installation is completed.
Your CxSAST license is tied to a specific computer. Run the Cx HID Generator, which can be downloaded from the Checkmarx Utilities page, and an HID (hardware identification number) is provided.
To receive your license, submit the Hardware ID to your technical contact or sales representative. If you are not sure whom to send the Hardware ID to, open a support ticket.
Notice
If CxSAST is already installed and you have not yet obtained a permanent CxSAST license, Go toStart> All Programs > Checkmarx, and click HIDto generate the Hardware ID. Then go to Start > All Programs > Checkmarx, and click HardwareId. The HardwareId.txt file opens, displaying the generated Hardware ID. Submit the Hardware ID to your Checkmarx sales representative or open a support ticket to obtain your production license file.
Making the Installation Package Available
To make the installation package available on each server component host:
Download the CxSAST installation package. The installation package downloads as a zip archive.
Copy the zip archive to each server component host and extract it there to a folder of your choice. To extract the zip archive, you may have to enter a password that has been provided by Checkmarx support.
Install the required third-party components, as described in the following section, and then start installing CxSAST by running CxSetup.exe .
Prerequisites
If not already installed on the server host, you have to make the third-party components listed below available before you can complete installing the CxSAST application. The required resources and installation packages are available in the extracted CxSAST installation package in a folder called third_party. When you extract the third_party_<version>. zip file, copy the third_party folder to the same folder where the CxSetup.exe installation file is located.
C++ Redist 2010 and 2015 SP3
IIS v7.0 or higher
ASP.NET Core 3.1.11 Runtime & Hosting
MS SQL
Java JRE 1.8.0 (64-bit)
For additional information, refer to Server Host Requirements.
Notice
The third-party components can be installed and made available as part of the CxSAST setup at the Prerequisite Check stage, although it is recommended to do it beforehand. Additional information on these third-party components is available under Preparing the Environment.
The approved and recommended Java version is 1.8. The minimum version for Oracle is 8u241 and for AdoptOpenJdk is 8u242.
CxSAST requires the 64-bit version of Java. The 32-bit version results in an error during the installation.
In case Java JRE is automatically updated to a new version, you have to manually update the JRE folder path in the CX_JAVA_HOME environment variable, otherwise, CxSAST stops operating.
IIS
Navigate to the third_party folder in the setup folder of your CxSAST installation package, for example, C:\Users\<name>\Downloads\Software Installations\CxSAST 9.0\CxSAST.900.Release.Setup_9.0.0.32148-1.
Navigate to the IIS_Installation_instructions folder and refer to the instructions there on installing and enabling IIS for the Windows version in use.
C++, .NET, MS SQL
In the third_party folder, navigate to the folder with the first component to install.
Run the setup and follow the onscreen instructions.
Repeat this for the remaining components that have to be installed yet.
Notice
When installing SQL, you are asked to define a password to access the internal CxARM database. This password must not exceed 32 characters.
If you upgrade, you may have to reset the existing password as passwords could exceed 32 characters in previous versions.
Java
The files of the required Java Runtime Environment are available in a zip archive and are only copied into a new folder and not installed.
To make the Java Runtime Environment available:
In the third_party folder, navigate to the Java folder. In this folder, there is one zip file listed.
Open the zip archive and extract its content to a folder of your choice.
Notice
The zip archive contains a folder called openjdk-8u242-b08-jre that accommodates all the required files for installing and operating CxSAST successfully.
The openjdk-8u242-b08-jre folder is also referred to as the JRE folder throughout this document.
Copy the openjdk-8u242-b08-jre to a non-personal folder under a folder created for Java application. This folder may for example be <root directory>:\Program Files on your PC.
Notice
In case Java JRE is automatically updated to a new version, you have to manually update the JRE folder path in the CX_JAVA_HOME environment variable, otherwise, CxSAST stops operating.