Skip to main content

How to integrate Checkmarx account?

Overview

To authenticate with Checkmarx, you will need the following information:

  • Checkmarx Server URL
  • Client ID
  • Client Secret

Step 1: Login to Checkmarx Console

  1. Sign in to your Checkmarx instance:
    • Checkmarx One/Cloud: https://<region>.checkmarx.net
  2. Ensure you have Administrator or API User role

Step 2: Create OAuth Client

  1. Navigate to SettingsIdentity and Access Management

  2. Select OAuth Clients tab

  3. Click Create OAuth Client

  4. Fill in the following details:

    Client Configuration:

    • Client Name: Enter a descriptive name (e.g., "Unizo Integration")
    • Description: Add integration purpose
    • Grant Type: Select Client Credentials

  5. Set Permissions/Roles:

    Available Roles:

    • ast-scanner: Submit scans and view results
    • ast-viewer: Read-only access to scan results
    • ast-admin: Full administrative access
    • sca-scanner: SCA scan operations
    • api-access: General API access

    Recommended for Vulnerability Management:

    • Minimum: ast-viewer for read-only access
    • Full integration: ast-scanner + sca-scanner

  6. Click Create

Step 3: Copy Client ID and Client Secret

After creation, Checkmarx will display:

  1. Client ID: Unique identifier for your client
  2. Client Secret: Secret key for authentication

Important:

  • Copy both values immediately - Client Secret is shown only once
  • Store them securely in a secrets manager
  • If lost, you must regenerate credentials