-
Notifications
You must be signed in to change notification settings - Fork 86
Frequently Asked Questions
CxFlow is a solution that enables creating projects automatically, scans orchestration and facilitates feedback channels in a closed loop mode.
Enables customs to incorporate Checkmarx into their DevOps/Release pipelines as early as possible.
Refer to CxFlow Workflows for further information.
CxFlow is supported by the product team. Tickets can be opened via the regular workflow. SEG will decide to whom the ticket is routed, based on the production matrix and progress. Actors & Responsibilities can be found here: Actors & Responsibilities Support page: Support
No. CxFlow is a tool developed interdependently from the Checkmarx product line and does not require any additions to existing customer licenses.
The table below lists all the supported integrations, features and states the recommended versions.
| Software/Services | Features | CxFlow Version |
|---|---|---|
| Jira | Issue Tracking | >= 1.0.0 |
| Custom Bug Types | ||
| Custom Transitions in Workflows | ||
| Custom Fields | ||
| GitHub | WebHooks | >= 1.2.0 |
| Pull Requests Scanning and Decorating | ||
| Push Events | ||
| Native Issues Tracker | ||
| GitLab | WebHooks | >= 1.2.0 |
| Merge Requests Scanning and Decorating | ||
| Push Events | ||
| Native Issues Tracker | ||
| Azure DevOps | WebHooks | >= 1.3.0 |
| Merge Requests | ||
| Push Events | ||
| Pipelines | ||
| Work Items | ||
| BitBucket | WebHooks | >= 1.4.3 |
| Merge Requests Scanning | ||
| Pull Events | ||
| Issue Tracker | ||
| Rally | Issue Tracking | >= 1.5.3 |
Refer to [Pre-Requisites and Requirements(https://github.com/checkmarx-ltd/cx-flow/wiki/Prerequisites-and-Requirements)
Issues are only created when a Push event into a protected branch occurs. When a Pull/Merge Request is created (and CxFlow scans the new code), the vulnerability information is displayed in the Pull/Merge Request comments and does NOT create issues in the defect tracking system.
Professional Services has created an easy-to-use CxFlow Demo Instance (sub-project of CxPsPowerHasks) script to assist with easy deployment and demonstration of CxFlow.
CxFlow is installed on the TS AWS Demo Instances, which allows Sales Engineers to demo example use cases to customers.
NA SEs should go through the listed labs to create their own demo environments. Please reach out to your direct manager for assistance.
To be defined.
Yes. The code can be found here. Connect to preview
Note: You may not want to send this to a customer as they might want to implement CxFlow themselves, hich has issues in 9 out of 10 cases. We recommend contacting Professional Services.
Yes. CxFlow has undergone multiple test runs at several stages with various testing tools. For additional information, contact the Product Manager.
CxFlow feature requests and issues should be reported like any other product feature request. CxFlow is available just like any other Checkmarx component.
You can find the current release on the GitHub releases page.
To be defined.
Overrides can be used at the WebHook level and config as code can be added to the individual repos.
Yes - with the limitation of one Jira instance. Examples will be made available.
Overrides can be used to assign the same name to multiple projects. Alternatively, a groovy script can be used to help decide on project names and if it should be scanned. Refer also to [CxFlow Configuration](CxFlow Configuration
Yes, this can be performed with overrides & config as code linked above.