CxSAST Reporting Manager Installation (as a Windows Service)
The CxSAST Reporting Service Manager can be installed as a Windows service and CxSAST Reporting Client deployed on IIS. The service and client require the following dependencies:
Dependency Requirements
The Manager can be installed as a Windows service and CxSASTReporting Client deployed on IIS. It requires the dependencies described in CxSAST Reporting Windows Prerequisites.
The Authorization Setup Script must be executed prior to the Client API Installation. The script and guide can be found at CxSAST Reporting Authorization Setup.
Installation
Notice
For best results, use the exact path and folder names indicated in the instructions.
Download the latest artifacts for CxSASTReportingService.
Extract zip contents of CxSASTReportingService to
C:\Checkmarx\CxReportingService.Give binaries folder and exported scans source code folder permissions.
Right-click the CxReportingService folder and select the Properties option.
Click the Security tab, press Edit , and Add. Click the Advanced option, Find Now , and from the search results choose the same user as applied to CxSAST services and CxSASTReportingService Windows Service.
Click OK and give it full permissions by selecting the Full control checkbox, click Apply , and OK.
Check the appsettings.json file for the required settings, especially the DB connection and reports configuration, as shown in the following code:
{ "Database": { "CxDBClient": { "ConnectionString": "Data Source= ;Initial Catalog=CxDB;Integrated Security=False;User ID= ;Password= ;Pooling=True;", // ConnectionString for the CxSAST DB instance to export "EncryptionKey": "", "EncryptionVector": "" } }, "ReportConfigurations": { "NumberOfReportsToGenerateInParallel": 2, "NumberOfRetries": 3, "ReportsExecutionInterval": 10, "ReportsOutputPath": "C:\\CxReporting", "ReportsRetentionPeriod": 3 "ReportsRetentionPeriodFormat": "D", "ReportingApiUrl": "http://localhost:5555", "ProjectStatusCustomFieldName": "ASA_Status", "ProjectStatusCustomFieldValue": "Delivered", "ProjectOnboardingDateCustomFieldName": "Onboarding_Date", "SyncDataInfo": "0 0/1 * 1/1 * ? *" } }Example
{ "Database": { "CxDBClient": { "ConnectionString": "Data Source=10.35.26.165;Initial Catalog=CxDB;Integrated Security=False;User ID=test;Password=Cx123456;Pooling=True", "EncryptionKey": "", "EncryptionVector": "" } }, "ReportConfigurations": { "NumberOfReportsToGenerateInParallel": 1, "NumberOfRetries": 3, "ReportsExecutionInterval": 10, "ReportsOutputPath": "C:\\CxReporting", "ReportsRetentionPeriod": 3 "ReportsRetentionPeriodFormat": "D", "ReportingApiUrl": "http://localhost:5555", "ProjectStatusCustomFieldName": "ASA_Status", "ProjectStatusCustomFieldValue": "Delivered", "ProjectOnboardingDateCustomFieldName": "Onboarding_Date", "SyncDataInfo": "0 0/1 * 1/1 * ? *" } }Note
Since version 5.x you may need to add also TrustServerCertificate=True to the connection string to allow connections against old SQL Server versions. For more details about the parameters and their purpose, see the AppSettings Parameters page.
Validate the updated appsettings.json file. The connection string parameter must have valid user credentials with access to the CxDB, otherwise, the CxReportingService will not run.
As the CxSASTReportingService accesses the CxSAST database, the DB user requires the following permissions:
Default Database: CxDB
CxActivity membership: db_ddladmin role in addition to db_datareader. DefaultSchema dbo
CxDB membership: db_ddladmin role in addition to db_datareader and db_datawriter roles. DefaultSchema dbo
tempdb membership: db_ddladmin role in addition to db_datareader and db_datawriter roles. DefaultSchema dbo
Create the Windows service, by running the following commands in a CMD command line with Administrator privileges:
## Create windows service # binPath should point to the actual CxReportingService.Api.dll in case you chose a different installation path for your CxReportingServicefolder sc create CxReportingService start= delayed-auto binpath= "C:\Program Files\dotnet\dotnet.exe \"C:\Checkmarx\CxReportingService\CxReportingService.dll\" --run-as-winservice" displayname=CxReportingService ## Add the description to the win service sc description CxReportingService "Checkmarx Reporting Service"
Or, by executing the following command in PowerShell with Administrator privileges:
New-Service -Name "CxReportingService" ` -BinaryPathName '"C:\Program Files\dotnet\dotnet.exe" "C:\Checkmarx\CxReportingService\CxReportingService.dll" --run-as-winservice' ` -Description "Checkmarx Reporting Service"
Keep in mind that the dotnet installation path might vary. Confirm the full path by running the following command:
get-command dotnet | select -expandproperty PathIf the path differs from
C:\Program Files\dotnet\dotnet.exe, please contact Checkmarx support.If you are running other Cx services on top of CxSAST, you might run into conflicts related to the service execution port.
To avoid any port conflicts, instead of running:
sc create CxReportingService start= delayed-auto binpath= "C:\Program Files\dotnet\dotnet.exe C:\Checkmarx\CxReportingService\CxReportingService.dll --run-as-winservice" displayname=CxReportingService
Run the following command:
sc create CxReportingService start= delayed-auto binpath= "C:\Program Files\dotnet\dotnet.exe C:\Checkmarx\CxReportingService\CxReportingService.dll --urls "http://<IP or machine name>:<port>" --run-as-winservice" displayname=CxReportingService
that allows you to define the CxReporting service port.
Once your CxSASTReportingService Windows service is created, you need to validate or modify the Log On account to a user with permission to access the CxSAST databases, binaries, and sources folder path. You will need to access the Windows “Services“ view for this.
Right-click on the service and choose Properties.
On the Log On tab, click This account and Browse.
Click the Advanced option, Find Now , and from the search results, choose the same user applied to your CxSAST services. (In our case, it was Network Service user.)
Click OK.
When all configurations are set, Start the Service.