Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Option 1 - Upload Vulnerability Report
  • Option 2 - Scan via Mobb CLI
  • Option 3 - Browse Checkmarx Projects

Was this helpful?

  1. Integrating SAST Findings

Checkmarx

PreviousIntegrating SAST FindingsNextGenerating Checkmarx One JSON Report from CLI

Last updated 3 days ago

Was this helpful?

Depending on the SAST tool used, we support different methods of consuming the SAST result for Mobb to generate automated remediations. In this example, we will see how Mobb works with Checkmarx.

With Checkmarx, we support 3 different methods:

Option 1 - Upload Vulnerability Report

Select "Upload Vulnerability Report"

Next, you must upload a Checkmarx SAST report in .json or .xml format. Once the report is uploaded, click “Continue”.

The next screen prompts you to connect to your code repository. Mobb currently supports GitHub, GitLab, Azure DevOps and Bitbucket as SCM tools.

You can either use the “Pick a repository from your list” where Mobb will prompt you to connect to your repository, or use the second option - “Add a specific code repository” to supply the URL.

  • Pick a repository from your list - This option provides you the ability to look up your connected GitHub, GitLab, Azure Repo or Bitbucket Cloud accounts to pick a repository.

  • Add a specific code repository - This option allows you to specify a public or private repository URL.

    • Public repository - Mobb will instantly connect to the repository to extract the content required to generate the fix data

    • Private repository

      • Accessible repository: If your SCM is already connected and the private repository is in these accounts, Mobb will instantly connect to the repository to extract the content required to generate the fix data

      • Inaccessible repository: If your SCM is not connected, Mobb will prompt you to connect your SCM account. Alternatively, you can also upload the source code in a zip file.

Once you have connected your repository, you are ready to run the analysis. To do so, click on “Continue”.

Note that if you are getting a warning that says "The code provided has been updated after the vulnerabilities were detected. Some vulnerabilities might be missing." You may want to provide a more recent SAST report or adjust your Git branch to an earlier one.

After the analysis, you can review the available fixes on the project page. To access the fix page, click the “Link to fix” button next to the issue you wish to review.

Mobb provides an intuitive UI that allows you to influence the fix's direction through simple questions. Once you are satisfied with the fix recommendation, you can either commit the changes back to your source code repository, download the .diff file, or save fix data:

  • Create a Pull Request - This allows you to commit the fix directly to your source code repository by automatically creating a Pull Request.

  • Commit directly to target branch - This option will commit the fix directly to a specified branch

  • Download the .diff file - This option allows you to download the .diff file and apply the fix manually through your IDE.

This tutorial will use the “Create Pull Request”. To do so, click on "More Options" to expand the pull request options. Mobb will create a temporary branch for this pull request and auto-populate the pull request title as well as the pull request description.

Once you are satisfied, click “Propose changes”. This will initiate a Pull Request in your SCM.

Option 2 - Scan via Mobb CLI

This option provides you with a CLI command that you can run on your workstation to perform both a SAST scan followed by the Mobb analysis.

Please note that this option will require you to have access to your own Checkmarx (CxOne) account and is not supported with the on-prem CxSAST version

To use this option, select “Scan via Mobb CLI”.

Next, we will need to pick a repository. Same as the previous option, you can either use the “Pick a repository from your list” to establish a connection to your SCM account or alternatively, you can use the second option - “Add a specific code repository” to supply the URL to your repository.

Once we have specified the source code repository, we will be presented with the command to run in our own desktop environment.

Please note that for this step, you must have the latest nodeJS version installed. To install Node.js, visit the URL:

Pick the latest version of Node.js supported for your platform and install it.

Note that if you are running this command in a Windows command prompt, make sure you edit the multi-line character from \ to^.

Example for windows command prompt:

npx mobbdev@latest scan ^
--mobb-project-name "antonychiu/mobb-cx-integration" ^
--repo https://gitlab.com/antonychiu/mobb-cx-integration ^
--scanner checkmarx ^
--ref main ^
--cx-project-name antonychiu/mobb-cx-integration

During the command prompt, Mobb CLI will ask for a few Checkmarx-related inputs that you will need to provide to complete the SAST scan.

Once the analysis is complete, press any key to open the link to the analysis. If the page to the Mobb analysis doesn’t open, you can copy the URL and paste it into your browser.

Like before, you will see the analysis page and the available fixes. From there, you can review the fixes and commit them back to your source code repository.

Option 3 - Browse Checkmarx Projects

This option allows you to connect to your own Checkmarx (CxOne) account directly and access the scan results from the Checkmarx Projects.

Please note that this option will require you to have access to your own Checkmarx (CxOne) account and is not available for CxSAST (on-prem)

To use this option, select the “Browse Checkmarx projects” option.

In the next screen, you will be required to provide your tenant information as well as the Checkmarx API key. Once ready, click on “Continue”.

On the next screen, you can browse through your Checkmarx projects to select which ones you wish to perform analysis against SAST findings. Once you have selected the projects, click on “Continue”.

This will take you to the analysis page of the first Checkmarx project you selected, along with the available fixes. From there, you can review the fixes and commit them back to your source code repository, or use the side menu to move to other projects.

If you need help generating a .json report in CxOne, refer to

If your SCM tool is hosted on-premise, you will either need to deploy a , or use the "upload zip file" feature.

Checkmarx documentation here
Mobb broker
https://nodejs.org/en/download
Upload Vulnerability Report
Scan via Mobb CLI
Browse Checkmarx Projects
The 3 methods to consume Checkmarx SAST scan results
Example of a repository that is accessible
Example of a repository that is inaccessible
Confirmation screen before submitting the fix analysis
Here are the options to either create a pull request or commit directly to a target branch
Here is how to download the fix as a patch (.diff) file
Create a pull request screen
Scan via Mobb CLI
Running the Mobb CLI in a terminal with CX scan