- Checkmarx Documentation
- Checkmarx One
- Checkmarx One Integrations
- CI/CD Integrations
- Checkmarx One Jenkins Plugin
Checkmarx One Jenkins Plugin
The Checkmarx One Jenkins plugin enables you to integrate the full functionality of the Checkmarx One platform into your Jenkins pipelines. For your CI/CD integration, you can use this plugin to trigger scans running Checkmarx SAST, Checkmarx SCA, IaC Security, and API Security scanners.
This plugin provides a wrapper around the Checkmarx One CLI Tool, which creates a zip archive from your source code repository and uploads it to Checkmarx One for scanning. This allows for easy integration with Jenkins while enabling scan customization using the full functionality and flexibility of the CLI tool.
Note
The plugin code can be found here.
Main Features
Configure Jenkins pipelines to automatically trigger scans running Checkmarx SAST, Checkmarx SCA, IaC Security, and API Security scanners
Supports integrating Checkmarx One build steps into FreeStyle or Pipeline projects
Supports the use of CLI arguments to customize scan configuration, enabling you to:
Customize filters to specify which folders and files are scanned
Apply preset query configurations
Customize SCA scans using Checkmarx SCA Resolver
Set thresholds to break the build
Send requests via a proxy server
View scan results summary and trends in the Jenkins environment
Direct links from within Jenkins to detailed Checkmarx One scan results
Generate customized scan reports in various formats (JSON, HTML, PDF, etc.)
Generate SBOM reports (CycloneDX and SPDX)
It can be configured to update to the latest CLI version automatically
Prerequisites
Notice
The plugin supports CloudBees.
A Jenkins installation LTS 2.375 or above (Supported Operating systems: Windows and Linux)
You have a Checkmarx One account and an OAuth Client ID and Client Secret for that account. To create an OAuth client, see Creating an OAuth Client for Checkmarx One Integrations.