- Checkmarx Documentation
- Checkmarx One
- Checkmarx One CLI Tool
- Configuring the Checkmarx One CLI
- Checkmarx One CLI Config and Environment Variables
Checkmarx One CLI Config and Environment Variables
The CLI tool provides the ability to permanently store CLI options in configuration files.
The configuration files are kept in the users home directory under a subdirectory named ($HOME/.checkmarx).
CLI Configuration Parameters
The following table contains all the values that can be stored in CLI configuration files:
Authentication Parameters
- cx_apikey
An API Key to login to the Checkmarx One server.
- cx_base_auth_uri
The URL of the Checkmarx One User Management server.
- cx_base_uri
The URL of the Checkmarx One server.
- cx_client_id
The client ID that is used for client authentication.
- cx_client_secret
The client secret that is used for client authentication.
- cx_tenant
The customer's tenant name.
Additional Configuration Parameters
- cx_http_proxy
An alternative method for specifying an optional proxy server. This enables users to designate a specialized proxy for use with Checkmarx One that doesn't affect the proxy used for other applications. When this is used it overrides the value of
http_proxy.- cx_ignore_proxy
Set this environment variable as
truein order to ignore any proxies configured in your system, so that all Checkmarx One CLI commands run directly from your local machine. Alternatively, this can be done by using the global flag--ignore-proxy.- http_proxy
An optional proxy server configuration.
- sca-resolver
The path to a correctly configured SCA resolver executable.
Configuration Flags
The following flags are used with the configure set command.
Notice
The --prop-name and --prop-value flags must be used with each configure set command.
- ---help, -h
Help for the configure command.
- --prop-name <string>
Name of property set.
- --prop-value <string>
Value of property set.
Below are several examples for the CLI Configuration usage:
./cx configure set --prop-name cx_base_uri --prop-value "http://<AST-server>[:<port>]" ./cx configure set --prop-name cx_base_auth_uri --prop-value <AST User Management URI> ./cx configure set --prop-name cx_client_id --prop-value <Client ID> ./cx configure set --prop-name cx_client_secret --prop-value <Client Secret> ./cx configure set --prop-name http_proxy --prop-value <Proxy server> ./cx configure set --prop-name cx_apikey --prop-value <apikey> ./cx configure set --prop-name cx_tenant --prop-value <Tenant name>
Configuration Profiles
The --profile option (CLI parameter) provides a powerful tool to quickly switch between different sets of configurations.
The user can add a profile name to any CLI command and it utilizes the corresponding profile settings.
The following example sets up a profile named test and calls a CLI command to utilize it.
# Create the "test" profile ./cx configure set --prop-name cx_base_uri --prop-value "http://Checkmarx One-server" --profile test # Use the "test" profile to retrieve the scan list ./cx scan list --profile test # The below command uses the default profile (not the "test" profile) ./cx scan list
The configure command supports an interactive mode that prompts for the following settings:
Checkmarx One Base-URI
Checkmarx One Base Auth URI
Checkmarx One Tenant
Option to select API Key authentication or Client ID/Secret
Set one of the following:
API Key authentication
Checkmarx One Client ID / Checkmarx One Client Secret
For example:
user@laptop:/ast$ ./cx.exe configure Setup guide: https://checkmarx.atlassian.net/wiki/x/mIKctw Checkmarx One Base URI [https://ast.checkmarx.net/]: https://ast.checkmarx.net/ Checkmarx One Base Auth URI (IAM) [https://iam.checkmarx.net/]: https://iam.checkmarx.net/ Checkmarx One Tenant [mytenant]: mytenant Do you want to use API Key authentication? (Y/N): N Checkmarx One Client ID []: myclientId Client Secret []: myclientSecret
Notice
If the CLI has previously stored values to the above parameters, they will be presented when using the configure command.
To keep the existing values, press Enter.
Environment Variables
The CLI tool supports several Environment Variables.
The below table includes all the Environment Variables that can be configured using the CLI tool.
Note
The Environment Variables configuration is valid per shell session.
This means that if Environment Variables were configured, but the CLI/CMD windows are closed, the configured Environment Variables will not be saved.
To use them again, you will need to configure them once again in a new shell session.
- CX_APIKEY
The API key to login to Checkmarx One with.
- CX_BASE_IAM_URI
The URL of the Checkmarx One User Management server. This is optional and only required when using a different instance than the Checkmarx One's built in one.
- CX_BASE_URI
The URL of the Checkmarx One server.
- CX_CLIENT_ID
The client ID that is used for client authentication.
- CX_CLIENT_SECRET
The client secret that is used for client authentication.
- CX_HTTP_PROXY
An alternative method for specifying an optional proxy server. This enables users to designate a specialized proxy for use with Checkmarx One that doesn't affect the proxy used for other applications. When this is used it overrides the value of
HTTP_PROXY.- CX_TENANT
The tenant that is used for client authentication.
- HTTP_PROXY
Triggers the CLI to use a proxy server.
Setting Environment Variables
Linux/MAC
To set an Environment Variable on Linux/MAC operating systems, use the export command.
For example:
# Configure the CX_BASE_URI as an environment variable export CX_BASE_URI=https://<URL of the Checkmarx One server> # Configure the CX_APIKEY as an environment variable export CX_APIKEY=<APIKEY>
Windows
To set an Environment Variable on Windows operating systems, use the setx command.
For example:
# Configure the CX_BASE_URI as an environment variable setx CX_BASE_URI https://<URL of the Checkmarx One server> # Configure the CX_TOKEN as an environment variable setx CX_APIKEY <APIKEY>