- Checkmarx Documentation
- SAST/SCA Integrations
- CI/CD Plugins
- Maven Plugin
- Frequently Asked Questions
Frequently Asked Questions
The Checkmarx Maven Plugin is a reliable and easy to use plugin for the Apache Maven tool.
The plugin allows you to run the Checkmarx Static Application Security Test (SAST), as a stand-alone scan, or as part of any of the Maven life-cycle.
First and foremost, you will need to install Maven.
After installing Maven, you have to install Checkmarx's CxSAST Application.
In order rectify this issue, simply add the following dependency code after the </version> section and before the <configuration> section in the pom.xml file:
<dependencies> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>2.5</version> </dependency> </dependencies>
Read more about the usage and configuration of the CxSAST Maven plugin in the Installation and Configuration sections of this document.
It is not very smart to use your password hardcoded into the pom.xml file. We suggest using a password parameter.
Pass the following argument via the command line:
$ mvn checkmarx:scan -Dcx.password=[your password]
Did you remember to define the <fullTeamPath
> field in the POM.xml file?
When not defined, the default team path is used (CxServer), and most users don't have permissions to run scans on this path.
In order to exclude files from scanning, just write the files names as a comma separated list in the <fileExclusions
> tag like so:
<fileExclusions> <fileExclusion>file_1</fileExclusion> <fileExclusion>file_2</fileExclusion> <fileExclusion>file_3</fileExclusion> </fileExclusions>
To exclude folders, you have to write the module names (not the actual folder names!), as they appear in each folder's pom.xml file <artifactId
> tag, in the <excludeFolders
> tag:
<folderExclusions> <folderExclusion>folder_1</folderExclusion> <folderExclusion>folder_2</folderExclusion> <folderExclusion>folder_3</folderExclusion> </folderExclusions>