- Checkmarx Documentation
- Checkmarx SAST
- SAST User Guide
- System Management
- Management Settings
- Application Settings
Application Settings
Notice
From v9.0.0 and up, for SMTP and Domain Management settings, see Access Control Settings.
General Settings
The General screen enables you to set the paths, folders, web server address, and language as well as other application specific settings and SMTP.
To open general settings:
Select Settings > Application Settings > General. The General Settings window is displayed.
Server Settings
In the Server settings panel, you can set folder locations, maximum number of scans, default settings and automatic sign in.
Click Edit. The setting fields are enabled. The panel includes the following settings:
Reports Folder - Set the reports folder to save reports in (e.g., C:\CxReports)
Results Folder - Set the results folder to save results in (e.g., C:\Program Files\Checkmarx\Checkmarx Jobs Manager\Results)
Executables Folder - Set the executables folder to save executables in (e.g., C:\Program Files\Checkmarx\Executables)
Path to GIT client executable - Set the GIT client executable path (e.g., C:\Program Files\git\bin\git.exe).
Notice
The validation of 'git.exe' and 'p4.exe' is no longer mandatory in CxSAST when defining the 'Path to GIT client executable' and the 'Path to Perforce command-line client executable' parameters.
Path to P4 command line client executable - Set the Perforce client executable path (e.g., C:\Program Files\Perforce\p4.exe)
Notice
If you haven't already done so, download the P4 command line executable (HELIX P4: COMMAND-LINE) from: https://www.perforce.com/downloads/helix, run the .exe file making sure the installed files are placed into a directory that CxSAST can access (i.e., C:\Program Files\Perforce)". Use this same directory to fill the Path to P4 command line client executable parameter field.
Maximum number of concurrent scans - Set the maximum number of concurrent scans a CxManager can run. The default is 2.
This value cannot exceed the licensed number of concurrent scans. Limiting the number of concurrent scans to stay within the licensed number can help prevent the CxManager from running out of resources.
CxScansManager service must be restarted before any changes to this setting take effect.
Time remaining until task completion (min) - Set the time remaining until the task is complete.
Web Server Address - Set the web server address in order to access links in generated report from outside the organization.
Long Path Support - Enables long path support for the CxSAST application. Enabling long path support is required on all CxEngines and all CxManagers. Without long path support, the path of source file to be scanned is limited to 260 characters.
Default Server Language - Set the default server language.
Allow Auto Sign In - Enable/Disable auto sign in.
SMTP Settings
The SMTP settings panel enables you to set the host settings and default credentials of your SMTP.
Click Edit. The setting fields are enabled. This panel includes the following settings:
Host - Type in the host domain.
Port - Select a port number.
Encryption Type - Select the encryption type.
Email from Address - Notification by E-mail address.
Use Default Credentials - Enable/disable default credentials. If enabled, the default credentials of the host are used.
User Name - Enter the user name.
Password - Enter the password.
CxOSA Settings
For more information about CxOSA Settings and Open Source Analysis (CxOSA) in general,see CxOSA Settings in the Checkmarx CxOSA Documentation.
License Details
CxSAST lets you view the details of the license you obtained. To view the license details, do the following:
Select Settings > Application Settings > License Details. The License Details window is displayed.
The License Details screen is divided into the following windows:
General
The General panel provides general license information.
This includes the following information:
Edition - CxSAST license edition (SDLC or Security Gate). To learn more about the different editions please refer to License Editions Overview.
Expiration Date - Lcense expiry date
LOC - The number of lines of code the license was bought for
HID - Hardware identification number
CxOSA License - Open Source Analysis license status (Enabled, Disabled or Conditional with expiration date for Conditional version). For more information about CxOSA License and Open Source Analysis (CxOSA) in general,see CxOSA License Details in the Checkmarx CxOSA Documentation.
Notice
To request a new license, if you have not yet obtained a permanent license, copy your Hardware ID, which you will need in order to obtain a license from Checkmarx. Or, you can later obtain your hardware ID by using the shortcut in the Windows / Start menu Checkmarx folder.
Supported Languages
The Supported Languages panel includes the supported languages used in default queries.
Capacity
The Capacity panel provides information about the number of users (combined roles), projects and engines available and in use in the system according to the current license.
This includes the following information:
Users - Number of users available in the system (i.e., Server Managers, Service Provider Managers, Company Managers, Scanners and Reviewers)
Auditors - Number of users available in the system that have auditing permissions and can run CxAudit (i.e Auditors Users)
Projects - Number of projects available in the system
Number of Concurrent Scans - Number of concurrent scans available in the system.
License Expiration Notification
The License Expiration Notification panel provides notification behavior settings for when your CxSAST license is about to expire.
Notification by E-mail - If checked, a notification email is automatically sent to the CxSAST Administrator User on a weekly basis, starting 90 days (defined in the database) before the actual license is set to expire.
Notice
The Notification by email address is defined under Email Notifications in the Server SMTP Setting.
Installation Information
The Installation Information screen provides a list of all the CxSAST components installed with their characteristic parameters. To display the installation information, do the following:
1. Select Settings > Application Settings > Installation Information. The Installation Information window is displayed with the following information:
Installation Path: Location of the installation.
Version:The CxSAST version with build#.
DNS: System name of the host where the component is installed This information also indicates, if the system is a centralized or a distributed installation.
IP: The IP address of the host where the component is installed.
Hotfix: The Hotfix number. 0, if no hotfix has been installed.
State: Current state of the respective component.
2. Click the Download System Log button to download the system log file.
Content Pack version
The permission (download_system_logs) is required to perform the 'Download System Log' task.
The latest queries pack version is also listed in cases where a content pack is installed. For additional information on the Content Pack for your version, refer to the relevant version release notes section.
External Services Settings
CxSAST offers additional tools for application security and development environments in order to improve secure coding and practices using external service providers. By activating this feature, a secure handshake is performed between your organization, Checkmarx external servers and the external service providers.
To open external services settings:
1. Select Settings > Application Settings > External Services Settings. The External Services Settings window is displayed.
2 Click the Activate/Reactivate External Services button to activate or reactivate (if deactivated) a secure communication path between your organization, CxSAST and the service provider.
Notice
In cases where the automatic activation process doesn't perform as expected, you may need to request a manual activation. Please contact Checkmarx support.
3. Click <Edit>. The Codebashing Settings fields are enabled.
Enable Codebashing - If selected, enables anonymous data collection in order to provide user analytics. The second checkbox, enables non-anonymous data collection in order to provide user analytics. This option, if selected, sends user details (email) to Codebashing for Analytics View.
Engine Management
Engine Server Management provides an interface for viewing real-time engine server status information that includes the number of engine servers in the system, their status, location (URL) and scan size. Available actions on the Engine Management interface include registering, editing, blocking/unblocking and unregistering engine servers as explained below.
To open the Engine Management:
Select Settings > Application Settings > Engine Management. The Engine Management window is displayed.
Notice
The Engine Server Management screen refreshes every 20 seconds.
Engine Server Management provides real-time information about the status of each engine server in the system. Each engine server is listed according to its status. The engine server list includes the following information:
Field | Description |
---|---|
Selector | Select all engines in case you want to unregister all of them. |
Engine Server Name | Name of the engine server |
Status | Status of the engine server:
|
Engine URL | URL of the engine server |
Scan Size | The range of the number of lines (LOC) allowed to be scanned on this engine. |
Maximum Scans | The max number of concurrent scans allowed on this engine. |
Engine Version | Engine version number |
Engine Operating System | The operating system of the host on which the Engine server is installed. |
Actions | The following actions are available:
|
Performing Engine Server Management Actions
The Engine Management interface allows you to perform the following:
Registering a new engine server
Editing an engine server
Blocking/unblocking an engine server
Unregistering an engine server
Registering a New Engine Server
You can register (add) a new engine server to the system as follows:
1. Click <REGISTER ENGINE SERVER> to display the Register Engine Server dialog.
2. Define the following server attributes:
Parameter | Description |
---|---|
Server Name | Enter the name of the engine server. Each engine server should have a unique name. |
Server URI | Enter the URI address of the engine server. The URL looks as follows: http(s)://<host name or IP address>:<port>, for example http://172.17.180.92:8088 |
Scan LOC Limit | Enter the scan LOC (lines of code) limit. The 'From' and 'To' definition must be a whole number between 0 - 999,999,999. |
Max Concurrent Scans | Enter the allowed max number of concurrent scans, which must be a whole number between 1 - 999,999,999. NoticeThe max number you can enter depends on the resources of your system. |
3. Click <UPDATE> to save the changes. The new engine server is added to the engine list.
Editing an Engine Server
You can edit an existing engine server's attributes in the system as follows:
1. In the Engine Server table, under Actions, click and select Edit. The Edit Engine Server dialog is displayed.
2. Modify the engine parameters accordingly. For additional information on parameters, refer to Registering a New Engine Server.
3. Click <UPDATE> to save the changes.
Blocking/Unblocking an Engine Server
Blocking prevents the engine server from accepting any new scan requests from the system. Scans requested by the system before the engine server has been blocked, continue uninterrupted until they are completed. To block an engine server, do the following:
1. In the Engine Server table, under Actions, click and select Block. The Block Engine Server dialog is displayed.
2. Click <BLOCK ENGINE>. The status of the engine server switches to Blocked in the list.
To unblock an engine server, do the following:
Follow the instructions above and select
Unblock. Once the engine server is unblocked, the status of the engine server returns to the previous status, usually
Idle, and resumes accepting new scan requests from the system.
To block multiple engine servers:
1. Select at least two engine servers. You are now able to perform a batch job .
2. Click and then select Block from the menu. The selected engine servers in the list are blocked.
To unblock multiple engine servers:
1. Select at least two engine servers. You are now able to perform a batch job .
2. Click and then select Unblock from the menu. The selected engine servers in the list are unblocked.
Notice
In order to block (unblock) engine servers as a batch job, all the selected engine servers must be unblocked (blocked), otherwise the Block/ Unblock command is unavailable.
Unregistering an Engine Server
You can unregister (remove) an engine server from the system as follows:
1. In the Engine Server table, under Actions, click and select and select Unregister. The Unregister Engine Server dialog is displayed.
2. Click <YES, UNREGISTER ENGINE> to remove the engine server from the Engine Management list.
To block multiple engine servers:
1. Select at least two engine servers. You are now able to perform a batch job .
2. Click and then select Unregister from the menu. You are asked to confirm your request.
3. Click <YES, UNREGISTER ENGINES> to remove the selected engine servers from the list.
Notice
You cannot unregister engine servers that are currently running a scan.
If you run a batch job and some of the selected engine servers are currently running a scan, you are notified that the scanning engine servers cannot be unregistered. If you still want to unregister these engine servers, you have to repeat the unregistering process for them.
Issue Tracking Settings
Issue tracking for CxSAST can be performed using JIRA integration. JIRA is a proprietary issue tracking product that allows bug tracking and agile project management.
Notice
To configure JIRA integration, CxSAST Manager permissions are required. To enable CxSAST scanners to configure JIRA integration, please contact Checkmarx support.
To configure JIRA integration:
1. On the CxSAST server (in a distributed deployment: on CxManager), open the following file for editing:
C:\Program Files\Checkmarx\CheckmarxWebPortal\Web\web.config
2. Under the appSettings element, add:
<add key="EnableIssueTracking" value="true"></add>
3. Log off the CxSAST Web Portal, if currently logged in.
4. Log in to the CxSAST web interface and go to Settings > Application Settings > Issue Tracking Settings, and click Add Issue Tracking System:
5. Provide the top-level URL of your JIRA server, including the protocol (http or https) and port number, and a user account with permissions for creating issues and for reading issue metadata, and click Create
6. Create a CxSAST project, and in the Advanced Actions stage, under Issue Tracking Settings, select the JIRA server.
7. Click Select, and configure JIRA issue submissions:
8. Set the JIRA Project and Issue Type.
9. Configure default values for issue fields: Select each JIRA Field, select a Field Default and click Set. Make sure to configure values for all mandatory fields (marked with *).
10. Click Save.
11. Back in the CxSAST project, click Finish.
License Editions Overview
This document outlines the highlight the differences between the CxSAST license editions.
For a detailed comparison, contact Checkmarx support.
SDLC Edition | Security Gate Edition | |||
---|---|---|---|---|
CxPortal | ||||
Access Control | ||||
IDE Plugins | ||||
Source Code Repository (git, svn, TFS) | ||||
M&O | ||||
Build Servers | ||||
REST API / CLI | ||||
Management & Collaboration tools (Sonar, Github, etc.) | ||||
Ticketing systems (e.g Jira) | ||||
ServiceNow |