While ZeroNorth provides an easy and convenient way to orchestrate Checkmarx scans of your build artifacts, sometimes it is necessary or more practical to take the results from an existing Checkmarx scan and then load that into ZeroNorth, still benefiting from ZeroNorth’s dashboarding and analytics. This article describes the set-up and procedure for importing existing Checkmarx scan results into ZeroNorth.
The Checkmarx import process uses the Checkmarx REST API to extracts the results directly from your Checkmarx server and then loads the results into your ZeroNorth account:
- Obtain the Project Name of the desired Checkmarx scan.
- Add a Checkmarx Data Load Policy in ZeroNorth.
- Run the ZeroNorth Data Load Policy to import the Checkmarx scan results directly from your Checkmarx server.
A scan in Checkmarx is identified by a Project Name . A Project represents, for example, the application as a bundle scanned by Checkmarx.
You can obtain this information from the Checkmarx web UI using your account credentials.
Start by adding a ZeroNorth Data Load Policy (similar to a scan Policy), making sure of the following:
- The Target must be of type “Artifact”.
- Policy Type must be set to “Data Load”.
- The Checkmarx Scenario for the Policy must have been activated with credentials that have access to the desired scan results. For proper Checkmarx API access to the scan results, the credentials used must have Server Manager role.
Then, in the Checkmarx Application Parameters section of the Scan Policy definition:
- Set Application Lookup Strategy to one of:
- “Discover existing projects” - use the Discover Project Id’s button and then select from the resulting list. This options is available only when the ZeroNorth platform has direct connectivity to your Checkmarx server.
- “Enter project name manually” - in this option, type in the Project Name .
- Click Save .
The ZeroNorth Scan Policy you just created can be run in one of many ways. Below are two examples.
(These methods work only when the Checkmarx server is directly reachable by the ZeroNorth platform.)
- Sign in to the ZeroNorth UI at https://fabric.zeronorth.io
- Go to znOPS > Policies .
- Locate the Policy you just created.
- Click on the menu and then select Run Now .
Use a curl (or similar) call like this:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: <API Key>' 'https://api.zeronorth.io/v1/policies/<policy ID>/run'
<API Key>with your ZeroNorth API key (see this KB article ).
<policy ID>with the ID of the Scan Policy you created for this.
The import process should take under a minute to few minutes.