Must-share information (formatted with Markdown):
- Using SonarQube Enterprise LTS 7.9 (7.9.2) with H2 DB in Staging environment
- Using sonar-scanner-4.2.0.1873-linux and CxConsolePlugin-8.90.2 with Jenkins 2.204.1
- Having the Sonar-2019.4.1 plugin, com.checkmarx.sonar.cxplugin-2019.4.1.jar, in $sonar_home/extensions/plugins/
The SonarQube instance has been restarted, and the Checkmarx plugin 2019.4.1 is listed as installed within the SonarQube Administartion/Marketpace view.
-
SonarQube does not keep the Checkmarx configurations (URL, credentials and target project) after saving them at the SonarQube project’s view. There is no option available globally to set those configurations.
-
I have a Jenkins job which scan the Checkmarx project properly. It scan the project correctly for SnarQube as well but cannot transfer the Checkmarx scan metrics into the SonarQube project dashboard.
Excerpt of the Checkmarx scan:
[2020-02-10 11:45:22,289 INFO ] Scan completed
[2020-02-10 11:45:22,289 INFO ] SAST scan finished. Retrieving scan results
[2020-02-10 11:45:22,310 INFO ] ----------------------------Checkmarx Scan Results(CxSAST):-------------------------------
[2020-02-10 11:45:22,311 INFO ]
[2020-02-10 11:45:22,311 INFO ] ------------------------
[2020-02-10 11:45:22,311 INFO ] SAST vulnerabilities Summary:
[2020-02-10 11:45:22,311 INFO ] ------------------------
[2020-02-10 11:45:22,311 INFO ] SAST high severity results: 0
[2020-02-10 11:45:22,311 INFO ] SAST medium severity results: 31
[2020-02-10 11:45:22,311 INFO ] SAST low severity results: 101
[2020-02-10 11:45:22,311 INFO ]
[2020-02-10 11:45:22,311 INFO ] -----------------------------------------------------------------------------------------
[2020-02-10 11:45:22,311 INFO ] CxConsole session finished
[2020-02-10 11:45:22,311 INFO ] Job completed successfully - exit code 0
Excerpt of the Checkmarx scan info transfer to SonarQube:
INFO: Sensor Import Checkmarx scan results to SonarQube [checkmarx]
INFO: Retrieving Checkmarx scan results for current module [Checkmarx plugin version: 2019.4.1]
INFO: Getting Checkmarx configuration data from sonar Database.
INFO: Getting property: http://x.x.x.x:9000/api/properties?id=checkmarx.server.credentials.secured&resource=cx-flow
INFO: Getting property: http://x.x.x.x:9000/api/properties?id=checkmarx.server.credentials&resource=cx-flow
ERROR: NOTE: Checkmarx scan is canceled;
Error while retrieving Checkmarx settings from Sonar database.
Please make sure Checkmarx credentials are configured. Can be configured by admin at: Project Page > Administration > Checkmarx
[Checkmarx plugin version: 2019.4.1]
ERROR: ---------------------------------------------------------------------------------------
ERROR: Sast results retrieval failed due to exception: null
ERROR: [Checkmarx plugin version: 2019.4.1]
ERROR: ---------------------------------------------------------------------------------------
Excerpt of SoanrQube analysis:
INFO: Analysis total time: 24.725 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 26.473s
INFO: Final Memory: 33M/117M
INFO: ------------------------------------------------------------------------
Finished: SUCCESS