SAST to AST Export

SAST to AST Export is a standalone Checkmarx tool.
Explore the docs »

Report Bug · Request Feature

SAST to AST Export

Exports SAST triaged results for importing in AST.

Description

Fetches SAST triaged results and exports as an encrypted package, which can then be imported in AST.

Getting Started

Prerequisites

Microsoft Windows x64.

SAST v9.3 or higher.

Installation

• Download the latest version and extract the package contents
• Create export user in SAST
  • Assign the following permissions:
    1. Sast > API > Use Odata
    2. Sast > Reports > Generate Scan Report
    3. Sast > Scan Results > View Results
    4. Access Control > General > Manage Authentication Providers
    5. Access Control > General > Manage Roles
• Please refer to Wiki for more details

Execution

Run export with:

.\cxsast_exporter --user username --pass password --url http://localhost

• Replace username and password with user credentials.
• Replace http://localhost with the url to SAST, if necessary.

Additional Documentation

Refer to the project Wiki for additional information

Similarity Calculator

The exporter relies on a Windows binary for similarity calculation. This is internally built by Checkmarx and provided in the external folder for inclusion with the build.

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

• Checkmarx general contribution guidelines
• Checkmarx code of conduct guidelines

License

Distributed under the Apache 2.0. See LICENSE for more information.