Does Pulse support Checkmarx CxSAST source code analysis tool such as WhiteSource bundled plugin?



  • Suggested Answer

    Currently PulseUno does not have a specific plugin for Checkmarx SAST.

    It is possible to run command-line tools using the built-in Script plugin (I'm assuming that the scanner for Checkmarx SAST is a command-line tool you can run), so you will be able to incorporate Checkmarx SAST into your CI builds, and see any results in PulseUno's output console and probably in the Checkmarx web interface.

    However, closer integration (such as seeing the SAST findings annotated in PulseUno's pull requests or code reviews) wouldn't happen this way. If there were sufficient customer demand, we'd consider writing the plugin ourselves as part of the PulseUno product.

    Without this demand, it is possible for advanced customers to write their own plugins using a Java API, but this would need a Java programmer. We are also looking at ways of allowing users to do closer integration themselves using shell-scripting rather than Java code in future (e.g. for tools we can't support).

  • Thanks for your reply.
    We are trying to use the built-in Script plugin to execute Windows PowerShell and call Checkmarx SAST REST.
    The challenge we are currently facing is how to put the result report file or link back into the chain.

    Is there a way to put the result report file back into the chain so that users can download it?