Cyberithub

How to Install Checkmarx One CLI on Linux

Advertisements

In this article, we will see how to install Checkmarx One CLI on Linux. Checkmarx One CLI is an excellent command line interface tool which can be directly and seamlessly integrated with CI/CD pipelines to perform security testing and code analysis of source code before deploying it to production. This is done to identify and mitigate the security risks and any other vulnerabilities associated early during the development phase itself. It provides the flexibility to update the configuration according to specific project needs. It supports various programming languages and frameworks which makes it usable across multiple different projects.

Checkmarx One CLI provides a range of security testing tools including Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Infrastructure as Code (IaC) scanning. It generates detailed vulnerability report which gives a fairly good idea about security flaws and their potential impact. It helps developers follow highest security standards required for the development of a project. More on official website.

Advertisements

 

How to Install Checkmarx One CLI on Linux

How to Install Checkmarx One CLI on Linux

Also Read: How to Install sbt on Ubuntu 22.04

Step 1: Prerequisites

a) You should definitely have a fully functional Linux based system.

Advertisements

b) You would require root or root like access to run privileged commands.

c) You should also required file transfer utility such as wget to download the package.

Advertisements

 

Step 2: Update Your Server

If you are using ubuntu/debian based server then run below command to update all your packages to the latest version.

sudo apt update && sudo apt upgrade

If you are using rhel/centos/fedora based system then run any of the below command to update all your packages to the latest version

Advertisements
sudo yum update && sudo yum upgrade
sudo dnf update && sudo dnf upgrade

 

Step 3: Download Checkmarx One CLI

You have to first download the Checkmarx One CLI package from official website by using wget utility as shown below.

cyberithub@ubuntu:~$ wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.74/ast-cli_2.0.74_linux_x64.tar.gz
--2024-04-17 19:40:10-- https://github.com/Checkmarx/ast-cli/releases/download/2.0.74/ast-cli_2.0.74_linux_x64.tar.gz
Resolving github.com (github.com)... 20.207.73.82
Connecting to github.com (github.com)|20.207.73.82|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/246802221/b064859e-72c9-454d-9610-ceb4de6fad1e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240417%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240417T141011Z&X-Amz-Expires=300&X-Amz-Signature=3eefa4ae77f09c4f6110068f2c964da3bfb801b498cd194e48aa6ed77a145963&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=246802221&response-content-disposition=attachment%3B%20filename%3Dast-cli_2.0.74_linux_x64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2024-04-17 19:40:11-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/246802221/b064859e-72c9-454d-9610-ceb4de6fad1e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240417%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240417T141011Z&X-Amz-Expires=300&X-Amz-Signature=3eefa4ae77f09c4f6110068f2c964da3bfb801b498cd194e48aa6ed77a145963&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=246802221&response-content-disposition=attachment%3B%20filename%3Dast-cli_2.0.74_linux_x64.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4432232 (4.2M) [application/octet-stream]
Saving to: ‘ast-cli_2.0.74_linux_x64.tar.gz’

ast-cli_2.0.74_linux_x64.tar.gz 100%[============================================================================>] 4.23M 3.73MB/s in 1.1s

2024-04-17 19:40:13 (3.73 MB/s) - ‘ast-cli_2.0.74_linux_x64.tar.gz’ saved [4432232/4432232]

 

Step 4: Untar the file

To extract all the files in current location, run tar -xzvf ast-cli_2.0.74_linux_x64.tar.gz command as shown below.

cyberithub@ubuntu:~$ tar -xzvf ast-cli_2.0.74_linux_x64.tar.gz
LICENSE
cx

 

Step 5: Copy binary

To make the binary tool available across the system, copy cx utility to path /usr/local/sbin by using sudo cp cx /usr/local/sbin command as shown below.

cyberithub@ubuntu:~$ sudo cp cx /usr/local/sbin
[sudo] password for cyberithub:

 

Step 6: Check Version

To check the currently installed Checkmarx cli version, run cx version command as shown below.

cyberithub@ubuntu:~$ cx version
2.0.74

 

Step 7: Configure Checkmarx

After successful installation, the first thing you need to do is to configure settings for Checkmarx cli tool.  These configuration settings include setup of credentials to authenticate with Checkmarx Server, provide or update the URL of Checkmarx server that cli will communicate to, configuration settings specific to projects, settings related to scan and proxy settings that allow cli to communicate through network proxy. The same command can also be used to modify configuration that are used for interaction with your project and Checkmarx server.

cyberithub@ubuntu:~$ cx configure

 

Step 8: Create a Project

To demonstrate the scanning of a project, let's first create a project called example-project using cx project create --project-name example-project command as shown below.

cyberithub@ubuntu:~$ cx project create --project-name example-project

 

Step 9: Running a Scan

To initiate a scan of the codebase by fetching it from master branch of git source repo specified by the url https://github.com/cyberithub/example-project.git under project name example-project, run cx scan create --project-name "example-project" --branch "master" -s "https://github.com/cyberithub/example-project.git" command as shown below.

cyberithub@ubuntu:~$ cx scan create --project-name "example-project" --branch "master" -s "https://github.com/cyberithub/example-project.git"

 

Step 10: Check Results

Once the scan is done, you can get the scan id and see the results of that scan by using cx results show --scan-id 3c028677-5df7-4bd9-8a10-7214ced45670 command as shown below.

cyberithub@ubuntu:~$ cx results show --scan-id 3c028677-5df7-4bd9-8a10-7214ced45670

Leave a Comment