Skip to main content

Maven Plugin Overview

The Checkmarx Maven Plugin runs with CxSAST and CxOSA as explained below.

CxSAST is a security solution provided by Checkmarx that scans application source code for vulnerabilities. You can integrate CxSAST with any Maven code build process, enabling a project XML file to automatically initiate a CxSAST scan. Integration is achieved with the Checkmarx's Maven plugin. The plugin can be found on the central repository and is simple to install and configure.

For CxOSA 8.7.0 and higher, Maven uses an improved core library with better compatibility and increased result accuracy. The new capability extracts dependencies resolving manifest files at the customer side and therefore supports the scanning of Maven pom.xml files. For all Maven configuration files, CxManager downloads the necessary packages, calculates metadata, and submits them to the cloud engine. Repositories must be accessible to CxManager.

Notice

These pages cover the Maven Plugin supported for CxSAST version 9.0.0 and higher unless noted otherwise.