> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Checkmarx One

> Import SAST findings from Checkmarx One into Pwnbook engagements to triage, annotate, and track remediation alongside your pentest work.

## Overview

Checkmarx One is an enterprise application security platform covering SAST, SCA, and API security. The Pwnbook integration pulls findings from your Checkmarx One tenant into engagements, so your security team can review and prioritize issues in context.

## Prerequisites

* A Checkmarx One account with API access
* Your Checkmarx One tenant's base URL
* An API key with project read permissions
* Your tenant ID
* Admin or Owner access in Pwnbook to configure the integration

## Credentials required

| Field         | Description                                                                                           |
| ------------- | ----------------------------------------------------------------------------------------------------- |
| **Base URL**  | The URL of your Checkmarx One instance. Example: `https://eu.ast.checkmarx.net`                       |
| **API Key**   | A Checkmarx One API key. Generate one in **IAM → API Keys**. Needs read access to projects and scans. |
| **Tenant ID** | Your Checkmarx One tenant identifier. Found in the instance URL or tenant settings.                   |

## Setup

<Steps>
  <Step title="Generate a Checkmarx One API key">
    1. Log in to your Checkmarx One instance.
    2. Go to **IAM → Service Accounts** (or **API Keys** depending on your version).
    3. Create a new service account or API key.
    4. Assign the following roles or permissions:
       * `ast-viewer` (read-only access to scan results)
       * Project enumeration access
    5. Copy the client ID and client secret (or API key value).

    <Note>Checkmarx One uses OAuth2 client credentials for API access. Store the client secret securely.</Note>
  </Step>

  <Step title="Find your base URL and tenant ID">
    Your base URL is the root URL of your Checkmarx One instance, for example:

    ```
    https://eu.ast.checkmarx.net
    https://us.ast.checkmarx.net
    ```

    Your tenant ID is visible in the URL when logged in:

    ```
    https://eu.ast.checkmarx.net/<tenant-id>/...
    ```
  </Step>

  <Step title="Configure the integration in Pwnbook">
    1. Go to **Organization Settings → Marketplace → Checkmarx One**.
    2. Click **Configure**.
    3. Enter your **Base URL**, **API Key**, and **Tenant ID**.
    4. Click **Save & Test** to verify connectivity.
  </Step>

  <Step title="Configure per-project sync settings">
    After connecting, Pwnbook loads your Checkmarx One projects.

    For each project you want to sync:

    1. Toggle **Visible** to include findings in Pwnbook.
    2. Toggle **Sync Enabled** to pull new scan results automatically.
    3. (Optional) Add a **Note** to record context.
    4. Click **Save**.
  </Step>
</Steps>

## What gets synced

| Data                     | Description                                                                               |
| ------------------------ | ----------------------------------------------------------------------------------------- |
| **SAST findings**        | Vulnerabilities identified in source code, with file path, line numbers, and code snippet |
| **Severity**             | Critical, high, medium, low                                                               |
| **Vulnerability type**   | SQL injection, XSS, path traversal, etc.                                                  |
| **Remediation guidance** | Best practice fix recommendations                                                         |
| **Scan metadata**        | Scan ID, date, branch/preset used                                                         |

## Viewing findings in Pwnbook

Synced findings appear in the engagement under **Security Findings → Checkmarx**. From there you can:

* Filter by severity and vulnerability type
* Add notes and link to tasks or threats
* Track remediation status

## Disconnecting

To remove the Checkmarx One integration:

1. Go to **Organization Settings → Marketplace → Checkmarx One**.
2. Click **Disconnect**.
3. Confirm.

Previously synced findings remain until manually deleted.
