- Checkmarx Documentation
- Checkmarx SAST
- SAST Set Up Guide
- Hardware & Software Requirements
- Server Host Requirements
- Server Host Requirements for Previous Versions
Server Host Requirements for Previous Versions
Server Host Requirements (v9.5.0)
Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable to CxAudit.
Notice
For Proof of Concept (POC), Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend using a commercial version of Microsoft SQL Server. Choose a version that supports your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.
In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
Table of supported components and operating systems: Supported Components and Operating Systems
Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | Web Server | Other Software |
---|---|---|---|---|---|---|---|
Centralized (POC) | 200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) | IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or above NoticeRun msiexec to check .NET Framework 4.7.1 An environment (either Centralized or Distributed) where CxManager and CxEngine are on the same server requires .NET Core 6.x Runtime & Hosting installed on the server. For a Distributed environment where the CxManager is on one server and the CxEngines are on dedicated servers:
– the CxEngines servers require .NET Core 6.x (this information mainly concerns Windows CxEngines and bare-metal Linux CxEngines, because Linux CxEngines using Docker are already set up) Java 1.17 (Oracle or AdoptOpenJdk). C++ Redist 2010 and 2015 SP3 MS SQL Driver For specific details on required prerequisites per product component, see Required Prerequisites for Installing CxSAST in a Distributed Environment. Active MQ : 5.17.1 |
500K | 16 GB | ||||||
Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan. Additional 2 cores for each additional concurrent scan, up to a maximum of 12 cores, (Recommended: 4, 6, or 8 cores ) Max recommended concurrent scans: 3* * Scans of 1M LOC or more are recommended to limit concurrency or run on their own distributed server. | 2.8 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | |
600K | 16 GB | ||||||
1.2M | 24 GB | 2.8 GHz | |||||
2M | 40 GB | ||||||
3M | 56 GB | ||||||
4M | 72 GB | ||||||
Distributed - CxEngine (Production) For multiple CxEngine servers (for concurrent scans), each server should meet the requirements. | 200K | 6 GB | 4 (for 1 concurrent scan) Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores) Recommended socket configuration: Single socket | Recommended: 2.8 GHz | 100 GB (recommended) | NA | |
600K | 12 GB | ||||||
1.2M | 20 GB | Recommended: 2.8 GHz | |||||
2M | 32 GB | ||||||
3M | 48 GB | ||||||
4.5M | 72 GB | ||||||
Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||
Distributed - CxManager without Management & Orchestration Layer (Production) or Web Portal (apart of CxManager) | 10 GB | 4 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||
Distributed - ActiveMQ (Production) | 8 GB | 4 | 2.5 GHz | 250 GB (recommended) | Apache Tomcat 8.5.81 | ||
Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400 GB (recommended) | NA | MS SQL Server (Express not recommended) 2012/2014/2016/2017/2019 MSSQL 2019 is supported on CxSAST 9.3 and up |
** Note: GB RAM / LOC numbers for Javascript are higher.
Notice
As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux
Notice
The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.
Notice
For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Notice
To learn more about socket configuration, use our Engine Socket Configuration guide
DB Latency
Acceptable Latency | Components | |
---|---|---|
Network | <5ms, ideally <1ms | CxManager(s), SQL Server(s), ActiveMQ |
Network | <30ms | CxEngines |
Disk I/O | <20ms avg | CxManager, CxEngine, SQL Server, ActiveMQ |
Notice
CxSAST supports the following hardening policy:CIS Microsoft Windows Server 2016 Benchmark Level 1
The security hardening recommendations for the Checkmarx installation are the following:
Checkmarx Application -
Configure Checkmarx System Admin login from dedicated IP`s only
Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.
Use SAML based authentication for the system (replacing local users)
If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)
Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible
Application Hosting Servers -
Follow NIST standard
Use - https://www.ssllabs.com/ssltest/analyze.htmlfor checking general security of the implementation.
Recommended Resolutions
For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.
Server Host Requirements (v9.4.5)
Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.
Notice
For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.
In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | OS | Web Server | Other Software | |
---|---|---|---|---|---|---|---|---|---|
Centralized (POC) | 200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) | See:
| IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or above NoticeRun msiexec to check .NET Framework 4.7.1
Java 1.8 (Oracle or AdoptOpenJdk). NoticeThe minimum version for Oracle is 8u241 and for AdoptOpenJdk, it is 8u282. C++ Redist 2010 and 2015 SP3 MS SQL Driver For specific details on required prerequisites per product component, see Required Prerequisites for Installing CxSAST in a Distributed Environment (v9.4.5 and up). | |
500K | 16 GB | ||||||||
Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan. Additional 2 cores for each additional concurrent scan, up to a maximum of 12 cores, (Recommended: 4, 6, or 8 cores ) Max recommended concurrent scans: 3* * Scans of 1M LOC or more are recommended to limit concurrency or run on their own distributed server. | 2.8 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | |||
600K | 16 GB | ||||||||
1.2M | 24 GB | 2.8 GHz | |||||||
2M | 40 GB | ||||||||
3M | 56 GB | ||||||||
4M | 72 GB | ||||||||
Distributed - CxEngine (Production) For multiple CxEngine servers (for concurrent scans), each server should meet the requirements. | 200K | 6 GB | 4 (for 1 concurrent scan) Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores) Recommended socket configuration: Single socket | Recommended: 2.8 GHz | 100 GB (recommended) | NA | |||
6 00K | 12 GB | ||||||||
1.2M | 20 GB | Recommended: 2.8 GHz | |||||||
2M | 32 GB | ||||||||
3M | 48 GB | ||||||||
4.5M | 72 GB | ||||||||
Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||||
Distributed - CxManager without Management & Orchestration Layer (Production) or Web Portal (apart of CxManager) | 10 GB | 4 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||||
Distributed - ActiveMQ (Production) | 8 GB | 4 | 2.5 GHz | 250 GB (recommended) | |||||
Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400GB (recommended) | NA | MS SQL Server (Express not recommended) 2012/2014/2016/2017/2019 MSSQL 2019 is supported on CxSAST 9.3 and up |
** Note: GB RAM / LOC numbers for Javascript are higher.
Notice
As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux.
Notice
The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.
Cloud Environments
For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Engine Socket configuration
To learn more about socket configuration, use our Engine Socket Configuration guide
DB Latency
Acceptable Latency | Components | |
---|---|---|
Network | <5ms, ideally <1ms | CxManager(s), SQL Server(s), ActiveMQ |
Network | <30ms | CxEngines |
Disk I/O | <20ms avg | CxManager, CxEngine, SQL Server, ActiveMQ |
Server Hardening Checklist
CxSAST supports the following hardening policy: CIS Microsoft Windows Server 2016 Benchmark Level 1
The security hardening recommendations for the Checkmarx installation are the following:
Checkmarx Application -
Configure Checkmarx System Admin login from dedicated IP`s only
Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.
Use SAML based authentication for the system (replacing local users)
If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)
Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible
Application Hosting Servers -
Follow NIST standard
Use - https://www.ssllabs.com/ssltest/analyze.html for checking general security of the implementation.
Recommended Resolutions
For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.
Server Host Requirements (v9.4.0 to 9.4.4)
Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.
Notice
For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.
In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | OS | Web Server | Other Software | |
---|---|---|---|---|---|---|---|---|---|
Centralized (POC) | 200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) |
| IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or above NoticeRun msiexec to check .NET Framework 4.7.1
Java 1.8 (Oracle or AdoptOpenJdk). NoticeThe minimum version for Oracle is 8u241 and for AdoptOpenJdk, it is 8u282. C++ Redist 2010 and 2015 SP3 MS SQL Driver For specific details on required prerequisites per product component, see Required Prerequisites for Installing CxSAST in a Distributed Environment (v9.4.0 and up). | |
500K | 16 GB | ||||||||
Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan. Additional 2 cores for each additional concurrent scan, up to a maximum of 12 cores, (Recommended: 4, 6, or 8 cores ) Max recommended concurrent scans: 3* * Scans of 1M LOC or more are recommended to limit concurrency or run on their own distributed server. | 2.8 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | |||
600K | 16 GB | ||||||||
1.2M | 24 GB | 2.8 GHz | |||||||
2M | 40 GB | ||||||||
3M | 56 GB | ||||||||
4M | 72 GB | ||||||||
Distributed - CxEngine (Production) For multiple CxEngine servers (for concurrent scans), each server should meet the requirements. | 200K | 6 GB | 4 (for 1 concurrent scan) Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores) Recommended socket configuration: Single socket | Recommended: 2.8 GHz | 100 GB (recommended) | NA | |||
6 00K | 12 GB | ||||||||
1.2M | 20 GB | Recommended: 2.8 GHz | |||||||
2M | 32 GB | ||||||||
3M | 48 GB | ||||||||
4.5M | 72 GB | ||||||||
Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||||
Distributed - CxManager without Management & Orchestration Layer (Production) or Web Portal (apart of CxManager) | 10 GB | 4 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||||
Distributed - ActiveMQ (Production) | 8 GB | 4 | 2.5 GHz | 250 GB (recommended) | |||||
Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400GB (recommended) | NA | MS SQL Server (Express not recommended) 2012/2014/2016/2017/2019 MSSQL 2019 is supported on CxSAST 9.3 and up |
** Note: GB RAM / LOC numbers for Javascript are higher.
Notice
As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux.
Notice
The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.
Cloud Environments
For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Engine Socket configuration
To learn more about socket configuration, use our Engine Socket Configuration guide.
DB Latency
Acceptable Latency | Components | |
---|---|---|
Network | <5ms, ideally <1ms | CxManager(s), SQL Server(s), ActiveMQ |
Network | <30ms | CxEngines |
Disk I/O | <20ms avg | CxManager, CxEngine, SQL Server, ActiveMQ |
Server Hardening Checklist
CxSAST supports the following hardening policy: CIS Microsoft Windows Server 2016 Benchmark Level 1
The security hardening recommendations for the Checkmarx installation are the following:
Checkmarx Application -
Configure Checkmarx System Admin login from dedicated IP`s only
Use SSL for HTTPS based browsing – prohibit using HTTP. For more information, see Enabling and Configuring SSL and TLS.
Use SAML based authentication for the system (replacing local users)
If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)
Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible
Application Hosting Servers -
Follow NIST standard
Use - https://www.ssllabs.com/ssltest/analyze.html for checking general security of the implementation.
Recommended Resolutions
For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.
Server Host Requirements (v9.2.0 to v9.3.0)
Server host requirements depend on whether the installation is Centralized or Distributed, and on how many lines of code will need to be scanned. These requirements are also applicable for CxAudit.
Notice
For POC, Microsoft SQL Express (pre-installed with CxSAST) can be used. For Production, we recommend working with a commercial version of Microsoft SQL Server. The version used will depend on your scalability and performance needs. For more details about features supported by the different editions of SQL Server, please use the following link.
In addition to the requirements in the table below, in general, CPU clock speed and disk speed will affect scan time. For exact tested versions, see the CxSAST Release Notes.
Purpose | Lines of Code | Installed RAM** | Cores | CPU Speed | Disk | OS | Web Server | Other Software |
---|---|---|---|---|---|---|---|---|
Centralized (POC) | 200K | 8 GB | 6-8 | 2.8 GHz | 80 GB (recommended) | See:
| IIS 7/7.5/8/8.5/10 | Windows Installer 3.1 or above NoticeRun msiexec to check .NET Framework 4.7.1 .NET Core 2.1.x Runtime & Hosting NoticeFor distributed installation, the .NET Core 2.1.x Runtime & Hosting is required where the CxManager is being installed. Java 1.8 (Oracle or AdoptOpenJdk). NoticeThe minimum version for Oracle is 8u241 and for AdoptOpenJdk, it is 8u242. C++ Redist 2010 and 2015 SP3 MS SQL Driver For specific details on required prerequisites per product component, see Required Prerequisites for Installing CxSAST in a Distributed Environment (v9.3.0) |
500K | 16 GB | |||||||
Centralized (Production) | 200K | 10 GB | Minimum: 8 for 1 concurrent scan. Additional 2 cores for each additional concurrent scan, up to a maximum of 12 cores, (Recommended: 4, 6, or 8 cores ) Max recommended concurrent scans: 3* * Scans of 1M LOC or more are recommended to limit concurrency or run on their own distributed server. | 2.8 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | ||
600K | 16 GB | |||||||
1.2M | 24 GB | 2.8 GHz | ||||||
2M | 40 GB | |||||||
3M | 56 GB | |||||||
4M | 72 GB | |||||||
Distributed - CxEngine (Production) For multiple CxEngine servers (for concurrent scans), each server should meet the requirements. | 200K | 6 GB | 4 (for 1 concurrent scan) Additional 2 cores for each additional concurrent scan (Recommended: 4, 6, or 8 cores) Recommended socket configuration: Single socket | Recommended: 2.8 GHz | 100 GB (recommended) | NA | ||
6 00K | 12 GB | |||||||
1.2M | 20 GB | Recommended: 2.8 GHz | ||||||
2M | 32 GB | |||||||
3M | 48 GB | |||||||
4.5M | 72 GB | |||||||
Distributed - CxManager with Management & Orchestration Layer (Production) | 14 GB | 8 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | |||
Distributed - CxManager without Management & Orchestration Layer (Production) or Web Portal (apart of CxManager) | 10 GB | 4 | 2.5 GHz | 250 GB (recommended) | IIS 7/7.5/8/8.5/10 | |||
Distributed - ActiveMQ (Production) | 8 GB | 4 | 2.5 GHz | 250 GB (recommended) | ||||
Distributed - Database (Production) | 12 GB | 6-8 | 2.5 GHz | 350-400GB (recommended) | NA | MS SQL Server (Express not recommended) 2012/2014/2016/2017/2019 MSSQL 2019 is supported on CxSAST 9.3 and up |
** Note: GB RAM / LOC numbers for Javascript are higher.
Notice
As of CxSAST 9.3 the engine can be installed on a Linux machine. For more details please refer to: Installing and Configuring the CxEngine Server on Linux.
Notice
The Checkmarx Server requires dedicated memory allocation; features such as Memory Ballooning cannot be used.
Cloud Environments
For Cloud Environment installations (AWS, etc.), these requirements may not exactly match the ones for Centralized or Distributed installations because you are choosing from predefined hardware packages and not defining your own specifications.
Engine Socket configuration
To learn more about socket configuration, use our Engine Socket Configuration guide
DB Latency
Acceptable Latency | Components | |
---|---|---|
Network | <5ms, ideally <1ms | CxManager(s), SQL Server(s), ActiveMQ |
Network | <30ms | CxEngines |
Disk I/O | <20ms avg | CxManager, CxEngine, SQL Server, ActiveMQ |
Server Hardening Checklist
The security hardening recommendations for the Checkmarx installation are the following:
Checkmarx Application -
Configure Checkmarx System Admin login from dedicated IP`s only
Use SSL for HTTPS based browsing – prohibit using HTTP
Use SAML based authentication for the system (replacing local users)
If applicable – enable 2FA/MFA through the SAML IDP (Checkmarx does not support that as a feature)
Install the Checkmarx application in a distributed mode exposing the least Checkmarx components to users as possible
Application Hosting Servers -
Follow NIST standard
Use - https://www.ssllabs.com/ssltest/analyze.html for checking general security of the implementation.
Recommended Resolutions
For the CxSAST application, it is recommended to use a display with any one of the following resolutions; 1280x720, 1280x800, 1366x768, 1920x1080.