SAST to AST Export

SAST to AST Export is a standalone Checkmarx tool.
Explore the documentation »

Report Bug · Request Feature

SAST to AST Export

Exports triaged SAST results for import into AST.

Description

Fetches SAST triaged results and exports as an encrypted package, which can then be imported in AST.

Repo

Owners:

Thanos (previously)

AceOfSpades (current)

Getting Started

Prerequisites

Microsoft Windows x64

SAST v9.3 or higher.

Installation

• Download the latest version and extract the package contents
• Create export user in SAST
  • Assign the following permissions:
    1. Sast > API > Use Odata
    2. Sast > Reports > Generate Scan Report
    3. Sast > Scan Results > View Results
    4. Access Control > General > Manage Authentication Providers
    5. Access Control > General > Manage Roles
• Please refer to Wiki for more details

Execution

Run export with:

.\cxsast_exporter --user username --pass password --url http://localhost

• Replace username and password with user credentials.
• Replace http://localhost with the url to SAST, if necessary.
• For detailed usage instructions, please refer to Wiki

Additional Documentation

• Technical Design Internal Wiki
• Importing SAST to Checkmarx One Wiki
• Importer Repo Wiki

Similarity Calculator

The exporter relies on a Windows binary for similarity calculation. This is internally built by Checkmarx and provided in the external folder for inclusion with the build. Internal repo

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

• Checkmarx general contribution guidelines
• Checkmarx code of conduct guidelines

License

Distributed under the Apache 2.0. See LICENSE for more information.