-
Notifications
You must be signed in to change notification settings - Fork 10
Configure CxDB
This optional configuration element has only one attribute named ConnectionString. This is a standard SQL connection string. If not included in the configuration, audit records will not be included in the scan crawl.
Note that at the first run of the program, this element is encrypted on platforms that support configuration section encryption.
The account used to connect to the CxSAST DB has the following requirements:
- The account should be mapped to the
CxDBandCxActivitydatabases. - The account shouid have the roles
publicanddb_readerfor both theCxDBandCxActivitydatabases.
The CxAnalytixService running on Windows can use SSPI to connect to the database if the CxAnalytixService is configured to execute using a service account that meets the above requirements.
To crawl the audit database, a direct database connection must be made to the CxSAST DB. It is not advised to enable SQL DB connections to a port available on the public Internet. This feature is strictly intended for use in installations where the CxAnalytix service can execute on a subnet that does not require a WAN hop to reach the SQL DB. This feature will not be supported for customers using a Checkmarx hosted instance or CxGO.
Configuration values provided for this section can embed a reference to an environment variable by delimiting the name of the variable with %. While this is typically a construct used on Windows, this applies to all platforms. Example:
<CxDB ConnectionString="server=127.0.0.1\SQLEXPRESS,1433;User Id=%USER%;Password=%PASSWORD%" />