Code Repository Integrations
Checkmarx One supports integration with most of the popular Code Repository platforms. You can import a project from your code repository directly to Checkmarx One, enabling automated scanning of your source code whenever the project is updated. Checkmarx One listens for commit events and uses a webhook to trigger Checkmarx scans when a push, or a pull request occurs. Once a scan is completed, the results can be viewed in Checkmarx One.
Code Repository Integrations - Feature Parity
The following table shows support for Checkmarx One features for each code repository.
Create new integration | Convert manual project to integration | Monitor new repositories | Code repository coverage | Suggested repositories | ||||
---|---|---|---|---|---|---|---|---|
Documentation Links | ||||||||
GitHub Cloud | UI/API | UI/API | UI/API | UI | UI | |||
GitHub Self-Hosted | UI/API | UI/API | UI/API | UI | UI | |||
GitLab Cloud | UI | UI/API | UI | |||||
GitLab Self-Hosted | UI | UI/API | UI | |||||
Bitbucket Cloud | UI | UI/API | ||||||
Bitbucket Self-Hosted | UI | UI/API | ||||||
Azure DevOps Cloud | UI | UI/API | UI | |||||
Azure DevOps Self-Hosted | UI | UI/API | UI |
Code Repository Permissions
Only users with the required permissions in the code repository are able to set up integrations with Checkmarx One (create a “Code Repository Integration”).
Notice
Checkmarx requires the permissions described below solely for the purpose of using the code repository APIs to create a webhook that triggers scans when relevant activity occurs in the repo (Push or Pull request). Checkmarx does not initiate any changes to the repo itself.
The following table explain the permissions needed to set up an integration with each of the supported code repositories.
Code Repository | Code Repository Level | Code Repository Role | Allowed in Checkmarx One |
---|---|---|---|
GitHub | Organization | Owner |
|
Repository | Admin |
| |
GitLab | Group | Maintainer/Owner |
|
Project | Maintainer/Owner |
| |
Bitbucket | Workspace | Administrator/Developer who is configured as an Admin on the workspace level | Set up an integration with any project in the workspace |
Project | Owner/Admin |
| |
Member/Contributor | Set up an integration with the repository that is assigned to the user | ||
Azure DevOps | Group | Owner/Users that are assigned directly or indirectly to the Project Collection Administrator organizational group NoteBy default, the group Project Collection Service Accounts is a member of the Project Collection Administrator group, so that its members inherit the permissions needed to set up integrations from the parent group. |
|
Project | Member of a project group for which Project Administrator permissions exist. |
|
Code Repository Integration without Admin Permissions
Checkmarx One also supports integration with most of the popular code repository platforms for users without Admin permissions for the relevant organization/repository.
You can import a project from your code repository directly to Checkmarx One, scan the code manually, and once a scan is completed the results can be viewed in Checkmarx One.
However, the feature comes with some limitations.
It is not possible to perform the following via Checkmarx One:
Create a Webhook for the organization level (organization level Webhooks are supported only for GitHub).
Create a Webhook for the repository level.
See the code repository coverage widget statistics.
Push & pull requests events via code repository won’t trigger automatic scan in Checkmarx One.
The following table explain the permissions needed to set up an integration with each of the supported code repositories for users without Admin permissions.
Code Repository | Code Repository Level | Code Repository Role | Allowed in Checkmarx One |
---|---|---|---|
GitHub | Organization | Member | Set up an integration with permitted repositories in the organization |
Repository | Member | Set up an integration with the repository that is assigned to the user | |
GitLab | Group | Developer/Reporter/Guest | Set up an integration with permitted projects in the group |
Project | Developer/Reporter | Set up an integration with the repository that is assigned to the user | |
Bitbucket | Workspace | Users which are not configured as workspace Admins | Set up an integration with permitted projects in the group |
Project | Designated as Admin for a specific repo |
| |
Azure DevOps | Group | Users who are not assigned to the Group Project Collection Administrator organization | Set up an integration with permitted projects in the group |
Project | Member of a project group for which the following permissions exist:
| Set up an integration with the repository that is assigned to the user |