# GitHub Fixer for CxOne

## Introductions

This guide will provide a quick and easy guide to integrate Mobb with your Checkmarx One environment. The GitHub Action referenced in this integration can be found on GitHub Marketplace, under [cx-mobb-fixer-action](https://docs.checkmarx.com/en/34965-68775-generating-a-refresh-token--api-key-.html).

This guide is also recorded in an easy-to-follow video format that can be found here:

{% embed url="<https://www.youtube.com/watch?t=254s&v=lgtQ6WxJtdI>" %}

## Prerequisites

Before starting this integration, you will need to have the following components:

1. A Checkmarx One (CxOne) account
2. A GitHub repository which will be monitored by CxOne

## Step 1 - Set Up Checkmarx monitoring for your GitHub repository

If you have already configured Checkmarx One to monitor your GitHub repository, skip to [Step 2 ](#step-2-set-up-mobb-github-fixer-to-monitor-for-checkmarx-results)below.

Follow the [Checkmarx One guide ](https://docs.checkmarx.com/en/34965-68678-github-cloud.html)on setting up monitoring for your GitHub repository for Pull Request events.

By the end of this step, Checkmarx should be fully configured to run on every Pull Requests. If there are issues found, Checkmarx will automatically populate the comments section in the PR with a scan summary.

Here is an example of this scan summary appearing in a GitHub PR comments section:

<figure><img src="/files/M7unUVkkCNTjF2BPAvTl" alt=""><figcaption></figcaption></figure>

## Step 2 - Set Up Mobb GitHub Fixer to monitor for Checkmarx results

You will need to generate 2 tokens and store them in your GitHub Action's secrets and variables:

1. `cx-api-token` - This is the Checkmarx API Token. You can generate this token by [following the guide here](https://checkmarx.com/resource/documents/en/34965-68775-generating-a-refresh-token--api-key-.html).
2. `mobb-api-token` - This is the Mobb API Token. You can genreate this token by [following the guide here](/mobb-user-docs/administration/access-tokens.md).

Once you have both tokens generated, simply store them in your GitHub repository under the "Settings" tab -> Secrets and variables -> Actions -> New respository secret.

<figure><img src="/files/y83IESH00PB4gNBREHAU" alt=""><figcaption></figcaption></figure>

## Step 3 - Create the workflow `yaml` in your GitHub Repository

The next step involves creating the workflow file in your GitHub repository. To do so, click on Actions -> New workflow.

<figure><img src="/files/gRix3MG3W4NaBRWtp5po" alt=""><figcaption></figcaption></figure>

Select "set up a workflow yourself".

<figure><img src="/files/Y2o06N58Puz86Au3nV03" alt=""><figcaption></figcaption></figure>

In the code editor page, simply copy and paste the following workflow.

<figure><img src="/files/m7DdwncihsxfvjHh1lTd" alt=""><figcaption></figcaption></figure>

```yaml
# Mobb/Checkamrx Fixer on pull requests
# This workflow defines the needed steps to run Checkmarx on every pull request and pass the results to Mobb Fixer.
#
# Secrets in use (add your missing ones):
# CX_API_TOKEN - Your Checkmarx credentials (find how to get it here: https://checkmarx.com/resource/documents/en/34965-68775-generating-a-refresh-token--api-key-.html)
# MOBB_API_TOKEN - Your mobb API Token (find out how to get it here: https://docs.mobb.ai/mobb-user-docs/administration/access-tokens)
# GITHUB_TOKEN - Automatically set by GitHub

name: "Mobb/Checkmarx"

on:
  issue_comment:
    types: [created]

jobs:
  report-and-fix:
    name: Get Report and Fix
    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body,'Checkmarx One – Scan Summary & Details') }} # This makes sure that the comment originates from a PR and not an issue comment
    runs-on: 'ubuntu-latest'
    timeout-minutes: 360
    permissions:
      pull-requests: write
      statuses: write
      contents: read
    steps:
      - name: Run Mobb GH Fixer monitor for CxOne Comments
        if: always()
        uses: mobb-dev/cx-mobb-fixer-action@v1.5
        with:
          cx-api-token: ${{ secrets.CX_API_TOKEN  }}
          mobb-api-token: ${{ secrets.MOBB_API_TOKEN }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          cx-timeout: 20000
```

Then click on "Commit Changes". Note that this workflow file must be stored under the default branch for this integration to work.

The integration is now complete. On every PR, Checkmarx will be triggered to run a SAST scan. Afterward, the Mobb autofixer will run to consume the report from Checkmarx to product fix results directly in your Pull Request.

<figure><img src="/files/LHXCNr8UgUiUEmt7CkdH" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/ci-cd-integrations/github-actions/github-fixer-for-cxone.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.