Checkmarx - Automated Data Load

ZeroNorth Experts
,
1

While ZeroNorth provides an easy and convenient way to orchestrate Checkmarx scans of your build artifacts, sometimes it is necessary or more practical to take the results from an existing Checkmarx scan and then load that into ZeroNorth, still benefiting from ZeroNorth’s dashboarding and analytics. This article describes the set-up and procedure for importing existing Checkmarx scan results into ZeroNorth.

Overview

The Checkmarx import process uses the Checkmarx REST API to extracts the results directly from your Checkmarx server and then loads the results into your ZeroNorth account:

  1. Obtain the Project Name of the desired Checkmarx scan.
  2. Add a Checkmarx Data Load Policy in ZeroNorth.
  3. Run the ZeroNorth Data Load Policy to import the Checkmarx scan results directly from your Checkmarx server.

1. Checkmarx Project Name

A scan in Checkmarx is identified by a Project Name . A Project represents, for example, the application as a bundle scanned by Checkmarx.

You can obtain this information from the Checkmarx web UI using your account credentials.

2. Add a ZeroNorth Data Load Policy

Start by adding a ZeroNorth Data Load Policy (similar to a scan Policy), making sure of the following:

  • The Target must be of type “Artifact”.
  • Policy Type must be set to “Data Load”.
  • The Checkmarx Scenario for the Policy must have been activated with credentials that have access to the desired scan results. For proper Checkmarx API access to the scan results, the credentials used must have Server Manager role.

Then, in the Checkmarx Application Parameters section of the Scan Policy definition:

image
image752×667 36.9 KB

  • Set Application Lookup Strategy to one of:
    • “Discover existing projects” - use the Discover Project Id’s button and then select from the resulting list. This options is available only when the ZeroNorth platform has direct connectivity to your Checkmarx server.
    • “Enter project name manually” - in this option, type in the Project Name .
  • Click Save .

3. Run the ZeroNorth Checkmarx Data Load Policy

The ZeroNorth Scan Policy you just created can be run in one of many ways. Below are two examples.
(These methods work only when the Checkmarx server is directly reachable by the ZeroNorth platform.)

From the UI

  • Sign in to the ZeroNorth UI at https://fabric.zeronorth.io
  • Go to znOPS > Policies .
  • Locate the Policy you just created.
  • Click on the menu and then select Run Now .

Via the ZeroNorth API

Use a curl (or similar) call like this:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: <API Key>' 'https://api.zeronorth.io/v1/policies/<policy ID>/run'

where,

  • Replace <API Key> with your ZeroNorth API key (see this KB article ).
  • Replace <policy ID> with the ID of the Scan Policy you created for this.

The import process should take under a minute to few minutes.