---
title: "Checkmarx One"
slug: "checkmarxone"
updated: 2026-03-03T21:15:34Z
published: 2026-03-03T21:15:34Z
canonical: "help.nucleussec.com/checkmarxone"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Checkmarx One

## Overview

Nucleus enables you to ingest your Checkmarx One data directly into your Nucleus console using an automated connector. The connector uses the APIs provided by Checkmarx to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.

The Checkmarx One connector supports importing the following types of findings for all projects in your Checkmarx One tenant:

- SAST code and API vulnerabilities
- SCA code dependency and container dependency vulnerabilities
- KICS infrastructure as code compliance findings

## Connector Setup

### Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

1. **API Access**  
Generate a client id and secret key with the appropriate permissions.
2. **Connector Configuration**  
Create and configure the connector in your Nucleus project.
3. **Data Ingestion**  
Create a data ingest rule to ingest findings from Checkmarx One.

### 1. API Access

PermissionsThe connector requires the **ast-viewer** role to correctly function.

1. Sign in to your Checkmarx One tenant with an administrator account.
2. In the bottom left hand side of the screen, click the cog and navigate to **Identity and Access Management**.
3. ### ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/Screenshot%202024-06-27%20at%2010.46.06%E2%80%AFAM.png)

Make note of your **Tenant Name**, and then click **OAuth Clients**on the left hand side of the screen.![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/Screenshot%202024-06-27%20at%2010.50.48%E2%80%AFAM.png)
4. Click **Create Client**.![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1719449628892.png)
5. Enter a name for your **Client ID** and click **Create client.![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1719449681879.png)**
6. Update the **Expiration period**to******365**and enter an email address in the **Notification emails**field to ensure that you are notified prior to the client secret expiring![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/Screenshot%202024-06-27%20at%2010.59.48%E2%80%AFAM.png)
7. Under **Role Mappings**, add the **ast-viewer** CxONE role.![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/Screenshot%202024-06-27%20at%2011.33.34%E2%80%AFAM.png)
8. At the top of the page, under **Secret** click **Regenerate**. Make note of the newly generated secret for later.![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/Screenshot%202024-06-27%20at%2011.30.09%E2%80%AFAM.png)
9. At the bottom of the page click **Save Client**.

### 2. Connector Configuration

1. Open Nucleus and go to **Integrations****> Connector Setup.**
2. Under the **Scanners** section, click the **Checkmarx One******icon. You will see the following popup:
3. <meta charset="utf-8">![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/Screenshot%202026-03-03%20at%201.11.10%E2%80%AFPM.png)
4. In the **Setup Checkmarx One Connector**popup, enter the following information:

| Field | Description |
| --- | --- |
| Name | (Optional) Enter a name for your connector. |
| Description | (Optional) Enter a description for your connector. |
| Instance URL | Enter the url for your Checkmarx One Instance. |
| Tenant Name | Enter the tenant name from step 3 above. |
| API Key | Enter the client id from step 5 above. |
| API Secret | Enter the client secret from step 8 above. |
| Select Checkbox to ingest by tag | Only ingest assets that have the tag "nucleus-" applied from Checkmarx One |

1. Click **Verify Credentials****.**
2. Click **Save**.

### 3. Vulnerability Data Ingestion

1. Go to **Integrations****> Import via Connector**.
2. Select the Checkmarx One connector you just created.
3. Select **All Projects**.
4. Select a schedule to ingest data into Nucleus, or import immediately.
5. Click **Save & Finish**.

## Status Mappings

Statuses from Checkmarx One are mapped to Nucleus statuses in the following way:

| Checkmarx One Status | Nucleus Status |
| --- | --- |
| TO_VERIFY | Active |
| URGENT | Active |
| CONFIRMED | Active |
| NOT_EXPLOITABLE | False Positive |
| PROPOSED_NOT_EXPLOITABLE | Potential |

The status is also mapped to the State key in finding references.