Onboard Checkmarx to DevOps Change Velocity - Classic

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Connect to your Checkmarx instance to retrieve scan results.

    Before you begin

    Role required: sn_devops.admin or sn_devops.tool_owner

    Procedure

    1. Navigate to All > DevOps > Tools > Create New (legacy).
    2. In the Create DevOps tool form, enter the tool details based on whether you are onboarding Checkmarx SAST or Checkmarx One.
      Table 1. Checkmarx SAST
      Field Description
      Tool name Name for your Checkmarx integration.
      Tool integration Checkmarx SAST.
      Server URL Base URL of your Checkmarx One intance.
      Tool username/ API ID API ID of your Checkmarx instance.
      Tool password/ Access token / API Key API key of your Checkmarx instance.
      MID server MID server associated with the Checkmarx One instance.
      Table 2. Checkmarx One
      Field Description
      Tool name Name for your Checkmarx integration.
      Tool integration Checkmarx One.
      CheckmarxOne Access Control Base URL Access Control Base URL of your Checkmarx One instance.
      CheckmarxOne API Base URL. API Base URL of your Checkmarx One instance.
      Tenant Name of your Checkmarx One tenant account.
      Client Id Name you used to store your Checkmarx Client ID in your repository.
      Client Secret Name you used to store your Checkmarx Secret in your repository.

      Ensure that your Checkmarx SAST user has a role that has permissions to read Project and Scan Results to get summary details. For more information, see Checkmarx documentation. Ensure that your Checkmarx One user has the create-scan and manage-project roles to access Scan summary details. For more information, see Checkmarx documentation.

    3. Click Submit to connect to your Checkmarx instance.
    On successful tool creation, you're taken to the tool record page.
    1. If you want to control access to the tool, add the groups that must be given access to the tool in the Maintained by field on the Access tab.
      The tasks the users in the groups can perform depends on the roles assigned to them.
      • DevOps Tool Owner role: Can view and edit the tool.
      • DevOps App Owner role: Can view the tool and can associate, discover, import historical data, and modify pipeline steps (if applicable) of the tool's objects (such as plans, repositories, and pipelines).
      • DevOps Administrator role: Can edit all tools.
      • Other DevOps roles: Can view the tool.
      Note:
      Only groups containing users with DevOps roles are available for selection in the Maintained by field.

      The All App Owners can view and associate tool objects to applications option becomes available for selection if you choose to restrict access to the tool. This option enables all users having the DevOps App Owner role to access the tool. If selected, they’ll be able to view, associate, discover, import historical data, and modify pipeline steps (if applicable) of the tool's objects.

    What to do next

    Configure Checkmarx scans on your pipeline