.svg){kind=small}
.svg)
Categories
Software Composition Analysis (SCA) / SBOM
Static Application Security Testing (SAST)
Infrastructure Scanning
Integrates With
Checkmarx One
Checkmarx SAST
Checkmarx OSA
Checkmarx IaC
File Types
CSV
JSON
Checkmarx One
Checkmarx One is a unified cloud-native application security platform that integrates multiple application security testing capabilities including static application security testing (SAST), software composition analysis (SCA), secrets detection, infrastructure as code (IaC) scanning, API security, container security, and application security posture management (ASPM) to identify and remediate vulnerabilities across the entire software development lifecycle from code to cloud. The platform leverages AI-powered analysis and automated correlation to consolidate security findings, reduce false positives, prioritize critical risks, and deliver actionable remediation guidance directly within developer workflows and CI/CD pipelines for comprehensive code-to-cloud protection.
What is Checkmarx One?
Checkmarx One is a comprehensive, cloud-based Application Security Testing (AST) platform that delivers enterprise-grade application security solutions from the first line of code to deployment. The platform integrates multiple security testing capabilities, including SAST, DAST, and SCA, in a unified dashboard, enabling organizations to secure both modern DevOps pipelines and legacy applications.
The Value of Checkmarx One
As a security engineer, managing application security testing across multiple platforms can be
challenging. Checkmarx One offers a unified security platform that consolidates multiple testing types into a single solution, providing several key advantages:
Comprehensive Testing Coverage
Checkmarx One combines SAST (Static Application Security Testing), KICS (Infrastructure as Code Security), and SCA (Software Composition Analysis) in one platform, providing multi-layer security coverage across your entire application stack.
Contextual Security Analysis
By correlating findings across multiple scanning engines, Checkmarx One provides more accurate risk assessments with fewer false positives, helping teams focus on genuine security concerns.
Unified View of Security Posture
Rather than managing multiple security tools, Checkmarx One's unified platform gives teams visibility across the entire software security landscape from a single interface.
Benefits of the DefectDojo Integration
While Checkmarx One provides excellent security testing capabilities, integrating it with DefectDojo offers substantial additional benefits for security teams and organizations:
Centralized Vulnerability Management
By importing Checkmarx One findings into DefectDojo, you can consolidate all your security findings from multiple tools (not just Checkmarx) into a single platform. This enables more efficient vulnerability management, tracking, and remediation workflows.
Enhanced Reporting Capabilities
DefectDojo's powerful reporting engine allows you to generate custom reports across all your security tools, providing executives and stakeholders with clear visibility into your security posture and remediation progress.
Granular Tracking of Finding Lifecycle
DefectDojo enables detailed tracking of each finding's status over time, including verification, false positive handling, and risk acceptance processes that complement Checkmarx One's capabilities.
Integration with Development Workflows
DefectDojo's integrations with issue trackers like Jira, Azure DevOps, and GitHub Issues make it easier to assign vulnerabilities to the right teams and track remediation as part of your existing development processes.
"The ability to import Checkmarx One findings into DefectDojo has streamlined our vulnerability management process. We now have a single source of truth for all security findings, regardless of which tool discovered them."
How the Integration Works
The integration between Checkmarx One and DefectDojo is implemented through a specialized parser that accurately imports findings from Checkmarx One JSON exports into DefectDojo:
Data Flow Process
- Export findings from Checkmarx One - Generate a JSON export of your findings from the Checkmarx One platform.
- Import into DefectDojo - Use the Checkmarx One parser in DefectDojo to import the findings.
- Parsing and mapping - The parser processes the JSON file, extracts relevant data, and maps it to DefectDojo's finding model.
- Deduplication - Findings are deduplicated based on unique IDs to prevent duplicates when reimporting.
- Finding enhancement - Additional metadata like tags identifying the finding type (SAST, KICS, SCA) are added for better categorization.
Technical Implementation
The parser is designed to handle different variations of Checkmarx One output formats, ensuring compatibility with various export options from the platform. It implements specialized handling for different finding types (SAST, KICS, SCA) to ensure that all relevant data is captured properly.
Data Granularity and Mapping
The integration captures detailed information from Checkmarx One findings, preserving the rich context needed for effective remediation:
Key Data Points Captured
|
Category |
Data Elements |
Benefits |
|
Basic Information |
Title, Description, Severity, Finding Type |
Core details needed for understanding the vulnerability |
|
Technical Context |
CWE IDs, File Paths, Line Numbers, Code Snippets |
Precise location information for developers to identify the issue |
|
Metadata |
IDs, Finding Types, Tags |
Categorization and traceability back to Checkmarx One |
|
Remediation Data |
Expected Values, Actual Values, Mitigation Instructions |
Clear guidance on how to fix the vulnerability |
|
Temporal Data |
First Found Date, Status |
Tracking the finding over time |
Getting Started
Implementing this integration is straightforward with these steps:
- Ensure you have a recent version of DefectDojo (the Checkmarx One parser was added in version 2.x)
- Export findings from Checkmarx One in JSON format
- In DefectDojo, create a new test and select "Checkmarx One Scan" as the scan type
- Upload your JSON file and complete the import
- Review your imported findings and set up any desired workflows
For more technical details, refer to the sample data files and documentation in the DefectDojo repository.