- Checkmarx Documentation
- SAST/SCA Integrations
- IDE Plugins
- Eclipse Plugin
- Scans Triggered from Eclipse
Scans Triggered from Eclipse
Developers who work in an integrated development environment (IDE) such as the Eclipse plugin, as part of a much larger development project managed in source control, may wish to scan their code before uploading it to their source control repository.
The Eclipse plugin allows the developer to scan the code from within the Eclipse project. When scanning code from the Eclipse project, the scanned coded is always the local code, which resides in the Eclipse project, regardless the project’s location type (Local/Shared/Source Control). This means that projects may contain scans of different location types, and the location type can be viewed as a scan property.
Usually, scan results of local code are not relevant to the entire team, and their visibility should therefore be limited to the scan owner. In addition, results of interim scans are likely to adversely affect the count of detected issues throughout the day as many of them may get resolved before the code is uploaded to the source control repository. Interim scans are scans being carried out while the code is still being processed during the work day.
If the user chooses to keep these scans private, the scans are only visible to the following entities:
The scan's owner (the user)
Users with Server Manager privileges
Users whose location in the hierarchy is higher than that of the user. These users can only read or delete private projects defined in lower hierarchy levels, and they cannot edit or modify these projects.
The CxSAST Eclipse plugin provides the user with two ways to keep scans private:
Define the scan as private from within a public project
Define the project as private, which means defining all project's scans as private (invisible to other users).
Notice
The operations explained on this page must be carried out by a user with the appropriate credentials in CxSAST server. To ensure you have such credentials, refer to Setting Up the Eclipse Plugin.
Defining Scans as Private
By default, all scans are private.
To define a scan as private in an existing (not bound) public project:
Right-click the project's name.
Click CxViewer > Scan. The Project Scan dialog appears.
To bind and scan the source again, click <Yes>. The Results View dialog appears.
To assign the source to a different project from the list or add a new project, click <No>. In this case, the Upload Sources dialog appears again to define a scan associated with a different or new project and without binding. For additional information and instructions, refer to Configuring Projects as Private.
To bind a project and define a scan as private:
Bind the CxViewer project to an existing public project as follows:
Right-click the project's name.
Click CxViewer > Bind Project.
Select the project to which the CxViewer project is going to be bound.
Click Bind.
Scan the newly bound project as follows:
Right-click the project's name.
Click CxViewer > Scan. The Results Visibility dialog appears.
In the Results Visibility dialog, click <Yes> to make the scan private.
Session Timeout
The session time is defined as the defined time set for the CxSAST server host to perform activity with the plugin.
If the session times out, all Checkmarx instances are reset and you are asked to log in again as illustrated below.
The last 15% of a session (in seconds) is called the Idleness Period. If there is user activity during this period, the session is automatically extended.