Configuring Ant Integration
Integration is achieved with the Checkmarx CxConsole command-line interface plugin. The following procedure explains how to install the plugin and how to customize your project XML file to call a scan. The procedure contains recommendations and examples that may vary according to the environment and use case.
To customize a code build project to automatically call a CxSAST scan:
Go to https://checkmarx.com/plugins/, and download the CLI plugin.
Extract the downloaded zip archive into a local folder, a folder that does not require Administrator privileges to execute.
In the following steps, you customize your project build.xml file for CxSAST integration. An example of a fully customized build.xml file is available.
Add the following syntax to any part of your project build.xml file, inside the <project> XML tag for your source code project, but not inside any lower-level tag.
<!-- CxConsole initiation --> <!-- Mandatory Parameters --> <property name="ProjectName" value="project_name"/> <property name="CxServer" value="http://xxx.xxx.xxx.xxx"/> <property name="CxUser" value="username"/> <property name="CxPassword" value="password"/> <property name="Locationtype" value="folder"/> <property name="locationpath" value="full_path"/> <!--Optional Scan parameters --> <property name="preset" value="Default"/> <!-- Example of CxConsole CLI command: "C:\Program Files\Checkmarx\CxConsole_6.2.6.2\runCxConsole.cmd" Scan -ProjectName Test -CxServer http://localhost -CxUser admin@cx -CxPassword admin -Locationtype folder -locationpath :\Users\joe\Desktop\Projects\Java\1_Under_70K\BookStore_Java_21412lines\BookStore_Java_21412lines\ --> <target name="CxScan"> <parallel> <!-- runCxConsole.cmd full path --> <property name="CxConsole" location="C:\CxConsole_6.2.6.2\runCxConsole.cmd"/> <echo message="Initiating Checkmarx Scan"/> <exec executable="${CxConsole}"> <arg value="Scan"/> <arg value="-ProjectName"/> <arg value="${ProjectName}"/> <arg value="-CxServer"/> <arg value="${CxServer}"/> <arg value="-CxUser"/> <arg value="${CxUser}"/> <arg value="-CxPassword"/> <arg value="${CxPassword}"/> <arg value="-Locationtype"/> <arg value="${Locationtype}"/> <arg value="-locationpath"/> <arg value="${locationpath}"/> <arg value="-preset"/> <arg value="${preset}"/> <arg value="-v"/> </exec> </parallel> </target>
For further information on
<exec>
syntax, go to ant.apache.org/manual/Tasks/exec.html .In the above-added code, modify the following parameter values:
Property
Description
ProjectName
CxSAST project name. If the project doesn't yet exist, CxSAST creates a new project with this name.
CxServer
IP address or resolvable name of CxSAST web server.
CxUser
CxSAST account username.
CxPassword
CxSAST account password.
Locationtype
Do not change.
Locationpath
Full path to source code location (folder).
Preset
The named set of queries to be executed.
CxConsole
location
should be the full path to runCxConsole.cmd .Save the changes to build.xml .
Optionally, test the integration by running:
ant CxScan
Running your build process now automatically initiates a Checkmarx CxSAST scan.