Initiate Checkmarx Scan

[fergalcoll]

Hey,

I'm trying to initiate a Checkmarx scan, running the docker image with the following

-t checkmarx
--checkmarx-user
--checkmarx-password
--checkmarx-server
--checkmarx-project

I added runCxConsole.sh to the Path Variable

What am I missing?

[omerlh]

Hey, sorry for the late response.
Checkmarx cli is not bundled with the docker image, but if you want - you can raise a PR and fix that :)
A better option will be to use the dynamic task - run the scan, export the JSON report and feed it to glue for parsing. This way, you can use whichever version of checkmarx CLI you need, without the need to update Glue, and let Glue focus on what it does the best.

[fergalcoll]

Thanks, is Checkmarx JSON output supported in the dynamic task?

[omerlh]

Should be easy to add it, let's take it offline to OWASP Slack? DM me and we can figure it out together, I did it multiple times in the past :)

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.