The Query List

The Query tab contains a list of all programming languages used in the query, and under each language, a navigation tree of all associated queries.


The tree structure is as follows:

  • Cx - Built-in queries provided by Checkmarx, for the current code language, grouped by type and severity. Most building-block queries are in the first General group.

  • Corp - Customized queries available to all CxAudit users. If they are defined as Executable (in query properties), they are also run in regular CxSAST scans. Corp queries include:

    • CxDefaultQuery - An ad-hoc query for ad-hoc analysis or experimentation. This query can be run only manually in CxAudit, but is not executable in regular scans.

    • General queries - Customized versions of building-block queries from Cx > General. The Corp version overrides the Cx version.

    • Custom queries - Groups and queries created in CxAudit. A query with the same name as a Cx query, in a group with the same name as the Cx query's group, overrides the Cx query.

  • Per-Team or Per-Company folder(s) - These do not exist by default; you can create them when refining a query. Queries in these folders apply to all projects available to the relevant team or company.

  • Project - Customized queries that apply only to the current project.

Groups and queries marked with an asterisk (*) have changes and are not saved to the server.