Checkmarx:Use REST API login method and monitor connect status   2019-11-01


How to use

Official Document:https://checkmarx.atlassian.net/wiki/spaces/KC/pages/1187774721/Using+the+CxSAST+REST+API+v8.6.0+and+up

Checkmarx version suggest v8.6.0 and up,use postman to try RESTapi.
Postman’s Headers need to configure,follow document steps,and we can get token from first step.

1
2
3
4
5
6
7
8
9
10
11
12
13
#Configure Headers
Content-Type:application/x-www-form-urlencoded;v=1.0
CxOrigin:cx-jenkins

#Configure Body
#POST Method
x-www-form-urlencoded
username:YOUR_USERNAME
password:YOUR_PASSWORD
grant_type:password
client_id:resource_owner_client
scope:sast_rest_api
client_secret:014DF517-39D1-4453-B7B3-9930C563627C

And we can take this token to try some function,like get all projects.

1
2
3
4
#Configure Headers
#GET Method
CxOrigin:cx-jenkins
Authorization:Bearer 'TOKEN(No quote)'

Notice:POST or GET method and headers must be right.

Heartbeat monitor

Official Document:
https://www.elastic.co/guide/en/beats/heartbeat/current/configuration-heartbeat-options.html

1
2
3
4
5
6
7
8
9
10
11
12
- type: http
  schedule: '@every 10s'
  urls: ["https://localhost/cxrestapi/auth/login"]
  check.request:
    method: POST
    headers:
      'Content-Type': 'application/x-www-form-urlencoded;v=1.0'
      'CxOrigin' : 'cx-jenkins'
    body: 
      '{"username":"CxUsername","password":"CxPassword"}'
  check.response:
    status: [200,500,503]

Notice:In body,because our request data is JSON,so we need to set body data to json format

We can set more options in check.response.statusnot 200 but 500,503 etc.

目錄

  1. How to use
  2. Heartbeat monitor