Generating Checkmarx One JSON Report from CLI

Introduction

The Checkmarx One CLI provides the ability to generate a higher fidelity JSON report that helps Mobb generate a more in-depth fix analysis compared to the JSON report generated directly from the Checkmarx One UI. This guide walks through the process of running the Checkmarx One CLI to generate this high fidelity JSON report.

Downloading Checkmarx One CLI

1. The first step is to download the latest version of the Checkmarx One CLI from the following link.

2. Select the version that runs on your Operating System that runs on your workstation.

Locating the Scan ID

1. Login to your Checkmarx One account.

2. Go to Scan Management -> Scans. Locate the relevant scan and copy the Scan ID as shown:

Generate JSON Report

1. Extract the the Checkmarx One CLI

2. Open a terminal and navigate to the root folder of the CLI command

For example (Powershell):

cd C:\ast-cli_2.2.0_windows_x64

3. Authenticate to the Checkmarx One CLI. You will need a Checkmarx One API Key to perform this step. If you're not sure where to get the API key, click here.

.\cx.exe configure set --prop-name cx_apikey --prop-value <YOUR_CHECKMARX_API_KEY>

• Replace <YOUR_CHECKMARX_API_KEY> with your Checkmarx One API key generated

4. Run the report command to generate a json report

.\cx.exe results show --scan-id <YOUR_SCAN_ID> --report-format=json --output-name report

Replace <YOUR_SCAN_ID> with your the Scan ID you captured during the step above.

There should now be a file called report.json located at the same directory as your terminal. You can now proceed to submit this report file with Mobb following the steps here.