The goal of this project is to provide an API Wrapper for the Checkmarx SAST (REST, SOAP and OData API) for .NET Core to works in a transparent way between the different the Checkmarx versions (8.9 or Higher)
It currently already supports the Checkmarx SCA (Software Composition Analysis),
Future Support: (Access Control & IAST) support.
Before running the unit tests please make sure to configure the needed credentials using the Safe storage of app secrets in development in ASP.NET Core
A CxClient provider access to SAST and an SCAClient provides access to SCA:
// create a SAST client to interact with SAST/OSA and the Access Control (AC)
CxClient sastClient = new CxClient(new Uri("https://sast.server.com"),
"my_user",
"mypassword");
// create a SCA client to interact with SCA and the Access Control (AC)
SCAClient scaClient = new SCAClient(Tenant, Username, Password);Check the version of Checkmarx Product
Console.WriteLine(sastClient.Version);Check the version of Checkmarx Product without authentication
Console.WriteLine(CxClient.GetVersionWithoutConnecting("https://sastserver"));Get the Access Control from SAST
AccessControlClient accessControlClient = sastClient.AC;Get the Access Control from SCA
AccessControlClient accessControlClient = scaClient.AC;Check the Checkmarx.API.Tests.CxClientUnitTests.cs for a lot of code snippets on how to use the API.
foreach (var item in sastClient.GetProjects())
{
Trace.WriteLine(item.Value);
} sastClient.SASTClient.ProjectsManagement_PostByprojectAsync(new SaveProjectDto {
IsPublic = true,
Name = "ProjectName",
OwningTeam = "34"
}).Wait();sastClient.SASTClient.BranchProjects_BranchByidprojectAsync(123, new BranchProjectDto
{
Name = "New Branch Name"
}).Wait();client.RunSASTScan(projectId, null, true, sourceCodeZipFile);Check the Checkmarx.API.Tests.SCAClientUnitTests.cs for a lot of code snippets on how to use the API.
foreach (var project in scaClient.ClientSCA.GetProjectsAsync().Result)
{
Console.WriteLine(project.Id + " " + project.Name);
} var scaProject = scaClient.ClientSCA.CreateProjectAsync(new API.SCA.CreateProject
{
Name = scaProjectName,
AssignedTeams = new string[] { teamFullPath }
}).Result;scaClient.ScanWithSourceCode(scaProject.Id, zipPath);foreach (var user in accessControlClient.GetAllUsersDetailsAsync().Result)
{
Console.WriteLine(user.Email + string.Join(";", user.TeamIds.Select(x => teamsx].FullName)) +" " user.LastLoginDate);
foreach (var role in user.RoleIds.Select(x => roles[x].Name))
{
Console.WriteLine("+ " + role);
}
}ICollection<int> cxTamRoles = new int[] {
accessControlClient.RolesAllAsync().Result.First(x => x.Name == "SAST Admin").Id
};
ICollection<int> cxTeamIds = new int[] {
accessControlClient.TeamsAllAsync().Result.First(x => x.FullName == "/CxServer").Id
};
int localeID = accessControlClient.SystemLocalesAsync().Result.First(x => x.Code == "enUS").Id;
CreateUserModel user = new CreateUserModel
{
FirstName = "firstname",
LastName = "lastname",
UserName = "email@checkmarx.com",
Email = "email@checkmarx.com",
Password = "******",
ExpirationDate = DateTimeOffset.UtcNow + TimeSpan.FromDays(1000),
Active = true,
Country = "Portugal",
JobTitle = "The World Greatest",
AuthenticationProviderId = accessControlClient.AuthenticationProvidersAsyn().Result.First(X =>X.Name == "Application").Id, // Application User
LocaleId = localeID,
RoleIds = cxTamRoles,
TeamIds = cxTeamIds,
};
accessControlClient.CreatesNewUser(user).Wait();foreach (var item in accessControlClient.TeamsAllAsync().Result)
{
Console.WriteLine($"{item.Id} = {item.FullName}");
}scaClient.AC.GetOrCreateTeam(teamFullPath);