Skip to main content

Configuring Ant Integration

Integration is achieved with the Checkmarx CxConsole command-line interface plugin. The following procedure explains how to install the plugin and how to customize your project XML file to call a scan. The procedure contains recommendations and examples that may vary according to the environment and use case.

To customize a code build project to automatically call a CxSAST scan:

  1. Go to, and download the CLI plugin.

  2. Extract the downloaded zip archive into a local folder, a folder that does not require Administrator privileges to execute.

  3. In the following steps, you customize your project build.xml file for CxSAST integration. An example of a fully customized build.xml file is available.

  4. Add the following syntax to any part of your project build.xml file, inside the <project> XML tag for your source code project, but not inside any lower-level tag.

    <!-- CxConsole initiation -->
    <!-- Mandatory Parameters -->
    <property name="ProjectName" value="project_name"/>
    <property name="CxServer" value=""/>
    <property name="CxUser" value="username"/>
    <property name="CxPassword" value="password"/>
    <property name="Locationtype" value="folder"/>
    <property name="locationpath" value="full_path"/>
    <!--Optional Scan parameters -->
    <property name="preset" value="Default"/>
    Example of CxConsole CLI command:
    "C:\Program Files\Checkmarx\CxConsole_6.2.6.2\runCxConsole.cmd" Scan -ProjectName Test -CxServer http://localhost -CxUser admin@cx -CxPassword admin -Locationtype folder -locationpath 
    <target name="CxScan">
        <!-- runCxConsole.cmd full path -->
            <property name="CxConsole" location="C:\CxConsole_6.2.6.2\runCxConsole.cmd"/>
            <echo message="Initiating Checkmarx Scan"/>
            <exec executable="${CxConsole}">
                <arg value="Scan"/>
                <arg value="-ProjectName"/>
                <arg value="${ProjectName}"/>
                <arg value="-CxServer"/>
                <arg value="${CxServer}"/>
                <arg value="-CxUser"/>
                <arg value="${CxUser}"/>
                <arg value="-CxPassword"/>
                <arg value="${CxPassword}"/>
                <arg value="-Locationtype"/>
                <arg value="${Locationtype}"/>
                <arg value="-locationpath"/>
                <arg value="${locationpath}"/>
                <arg value="-preset"/>
                <arg value="${preset}"/>
                <arg value="-v"/>

    For further information on <exec> syntax, go to .

  5. In the above-added code, modify the following parameter values:




    CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.


    IP address or resolvable name of CxSAST web server.


    CxSAST account username.


    CxSAST account password.


    Do not change.


    Full path to source code location (folder).


    The named set of queries to be executed.


    location should be the full path to runCxConsole.cmd .

  6. Save the changes to build.xml .

  7. Optionally, test the integration by running:

    ant CxScan

Running your build process now automatically initiates a Checkmarx CxSAST scan.