Skip to main content

Overview

Checkmarx One is an enterprise application security platform covering SAST, SCA, and API security. The Pwnbook integration pulls findings from your Checkmarx One tenant into engagements, so your security team can review and prioritize issues in context.

Prerequisites

  • A Checkmarx One account with API access
  • Your Checkmarx One tenant’s base URL
  • An API key with project read permissions
  • Your tenant ID
  • Admin or Owner access in Pwnbook to configure the integration

Credentials required

FieldDescription
Base URLThe URL of your Checkmarx One instance. Example: https://eu.ast.checkmarx.net
API KeyA Checkmarx One API key. Generate one in IAM → API Keys. Needs read access to projects and scans.
Tenant IDYour Checkmarx One tenant identifier. Found in the instance URL or tenant settings.

Setup

1

Generate a Checkmarx One API key

  1. Log in to your Checkmarx One instance.
  2. Go to IAM → Service Accounts (or API Keys depending on your version).
  3. Create a new service account or API key.
  4. Assign the following roles or permissions:
    • ast-viewer (read-only access to scan results)
    • Project enumeration access
  5. Copy the client ID and client secret (or API key value).
Checkmarx One uses OAuth2 client credentials for API access. Store the client secret securely.
2

Find your base URL and tenant ID

Your base URL is the root URL of your Checkmarx One instance, for example:
https://eu.ast.checkmarx.net
https://us.ast.checkmarx.net
Your tenant ID is visible in the URL when logged in:
https://eu.ast.checkmarx.net/<tenant-id>/...
3

Configure the integration in Pwnbook

  1. Go to Organization Settings → Marketplace → Checkmarx One.
  2. Click Configure.
  3. Enter your Base URL, API Key, and Tenant ID.
  4. Click Save & Test to verify connectivity.
4

Configure per-project sync settings

After connecting, Pwnbook loads your Checkmarx One projects.For each project you want to sync:
  1. Toggle Visible to include findings in Pwnbook.
  2. Toggle Sync Enabled to pull new scan results automatically.
  3. (Optional) Add a Note to record context.
  4. Click Save.

What gets synced

DataDescription
SAST findingsVulnerabilities identified in source code, with file path, line numbers, and code snippet
SeverityCritical, high, medium, low
Vulnerability typeSQL injection, XSS, path traversal, etc.
Remediation guidanceBest practice fix recommendations
Scan metadataScan ID, date, branch/preset used

Viewing findings in Pwnbook

Synced findings appear in the engagement under Security Findings → Checkmarx. From there you can:
  • Filter by severity and vulnerability type
  • Add notes and link to tasks or threats
  • Track remediation status

Disconnecting

To remove the Checkmarx One integration:
  1. Go to Organization Settings → Marketplace → Checkmarx One.
  2. Click Disconnect.
  3. Confirm.
Previously synced findings remain until manually deleted.