Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Introduction
  • Downloading Checkmarx One CLI
  • Locating the Scan ID
  • Generate JSON Report

Was this helpful?

  1. Integrating SAST Findings
  2. Checkmarx

Generating Checkmarx One JSON Report from CLI

PreviousCheckmarxNextSnyk

Last updated 6 months ago

Was this helpful?

Introduction

The Checkmarx One CLI provides the ability to generate a higher fidelity JSON report that helps Mobb generate a more in-depth fix analysis compared to the JSON report generated directly from the Checkmarx One UI. This guide walks through the process of running the Checkmarx One CLI to generate this high fidelity JSON report.

Downloading Checkmarx One CLI

  1. The first step is to download the latest version of the Checkmarx One CLI from the following .

  2. Select the version that runs on your Operating System that runs on your workstation.

Locating the Scan ID

  1. Login to your Checkmarx One account.

  2. Go to Scan Management -> Scans. Locate the relevant scan and copy the Scan ID as shown:

Generate JSON Report

  1. Extract the the Checkmarx One CLI

  2. Open a terminal and navigate to the root folder of the CLI command

For example (Powershell):

cd C:\ast-cli_2.2.0_windows_x64
.\cx.exe configure set --prop-name cx_apikey --prop-value <YOUR_CHECKMARX_API_KEY>
  • Replace <YOUR_CHECKMARX_API_KEY> with your Checkmarx One API key generated

  1. Run the report command to generate a json report

.\cx.exe results show --scan-id <YOUR_SCAN_ID> --report-format=json --output-name report

Replace <YOUR_SCAN_ID> with your the Scan ID you captured during the step above.

Authenticate to the Checkmarx One CLI. You will need a Checkmarx One API Key to perform this step. If you're not sure where to get the API key, click .

There should now be a file called report.json located in the same directory as your terminal's directory location. You can now proceed to submit this report file with Mobb following the steps .

here
link
here