Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Checkmarx One

  • 1 minute(s) read
Prev Next

Overview

Nucleus enables you to ingest your Checkmarx One data directly into your Nucleus console using an automated connector. The connector uses the APIs provided by Checkmarx to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.

The Checkmarx One connector supports importing the following types of findings for all projects in your Checkmarx One tenant:

  • SAST code and API vulnerabilities
  • SCA code dependency and container dependency vulnerabilities
  • KICS infrastructure as code compliance findings

Connector Setup

Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

  1. API Access
    Generate a client id and secret key with the appropriate permissions.

  2. Connector Configuration
    Create and configure the connector in your Nucleus project.

  3. Data Ingestion
    Create a data ingest rule to ingest findings from Checkmarx One.

1. API Access

Permissions
The connector requires the ast-viewer role to correctly function.
  1. Sign in to your Checkmarx One tenant with an administrator account.
  2. In the bottom left hand side of the screen, click the cog and navigate to Identity and Access Management.

  3. Make note of your Tenant Name, and then click OAuth Clients on the left hand side of the screen.

  4. Click Create Client.

  5. Enter a name for your Client ID and click Create client.

  6. Update the Expiration period to 365 and enter an email address in the Notification emails field to ensure that you are notified prior to the client secret expiring

  7. Under Role Mappings, add the ast-viewer CxONE role.

  8. At the top of the page, under Secret click Regenerate. Make note of the newly generated secret for later.

  9. At the bottom of the page click Save Client.

2. Connector Configuration

  1. Open Nucleus and go to Integrations > Connector Setup.
  2. Under the Scanners section, click the Checkmarx One icon. You will see the following popup:
  4. In the Setup Checkmarx One Connector popup, enter the following information:
FieldDescription
Name(Optional) Enter a name for your connector.
Description(Optional) Enter a description for your connector.
Instance URLEnter the url for your Checkmarx One Instance.
Tenant NameEnter the tenant name from step 3 above.
API KeyEnter the client id from step 5 above.
API SecretEnter the client secret from step 8 above.
Select Checkbox to ingest by tagOnly ingest assets that have the tag "nucleus-" applied from Checkmarx One
  1. Click Verify Credentials.
  2. Click Save.

3. Vulnerability Data Ingestion

  1. Go to Integrations > Import via Connector.
  2. Select the Checkmarx One connector you just created.
  3. Select All Projects.
  4. Select a schedule to ingest data into Nucleus, or import immediately.
  5. Click Save & Finish.

Status Mappings

Statuses from Checkmarx One are mapped to Nucleus statuses in the following way:

Checkmarx One StatusNucleus Status
TO_VERIFYActive
URGENTActive
CONFIRMEDActive
NOT_EXPLOITABLEFalse Positive
PROPOSED_NOT_EXPLOITABLEPotential

The status is also mapped to the State key in finding references.