Integrate Sysdig with Checkmarx

Integrating Sysdig Secure into Checkmarx helps Checkmarx users prioritize vulnerabilities by indicating which images are active at runtime, which packages are in use, or what workloads are publicly exposed.

There are two different integrations with Checkmarx:

  • Runtime Insights (In-use packages)
  • Cloud Insights (Exposure and attack-path)

Runtime Insights Integration

In this use case, Sysdig enriches Checkmarx image scan results so that Checkmarx users can prioritize vulnerabilities related to packages that are in-use when they are running in a cluster.

Prerequisites

  • Have administrator rights to your Sysdig Secure SaaS account and have the Sysdig Agent installed in the clusters you want to integrate.
  • Have a Checkmarx account with the necessary permissions to enable the integration.
  • Risk Spotlight in the backend for your Sysdig account. Contact Sysdig Support to explicitly enable it.

Integration

Ensure that your Sysdig Agents are properly configured in the clusters where the workloads are running, that is the same container images you are analyzing with Checkmarx.

Generate a Token for the Integration

  1. Select Integrations > 3rd Party|Risk Spotlight Integration.

    The Spotlight Integration page appears with a list of existing tokens and their expiry dates.

  2. Click +Add Token.

  3. Specify the attributes and click Create Token.

    • Name: Choose a name that indicates the integration with which the token is associated.
    • Expiration: Select an expiration date: 1/3/6 months or 1 year.

  4. Copy the new token as it is displayed in the list.

    Store the token in a safe place; it will not be visible or recoverable again.

  5. Continue with the Checkmarx Runtime Usage integration guide.

To Renew a token at any time, click the Renew button, reset the expiry, and confirm.

To delete a token, click the X beside the token name and confirm. This action will sever the integration between Sysdig and the 3rd-party tool.

Check Integration in Checkmarx

Sysdig runtime insights information enriches Checkmarx images and findings, streamlining the prioritization process for Checkmarx users. Note that you have to scan the same images using Checkmarx SCA resolver.

Cloud Insights Integration

In this use case, Sysdig enriches Checkmarx Cloud Insights images with posture details like the public exposure, helping to draw the attack path analysis.

Prerequisites

  • Have administrator rights to your Sysdig Secure SaaS account and have the Sysdig Agent installed in the clusters you want to integrate.
  • Have a Checkmarx account with the proper permissions to enable the integration.
  • A sample script from the Sysdig Support.
  • Deploy and maintain an integration script. The script is delivered as a Lambda function that you can customize.

Integration

Ensure that your Sysdig Agents are properly configured in the clusters where the workloads are running. It is the same container images you are analyzing with Checkmarx.

Generate a Token for the Integration

  1. Select Settings > Sysdig Secure API Token or create a service account and copy its token.

    Make sure that the user or the service account have the right scope and permissions.

  2. Deploy and configure the script that will request Sysdig data to feed Checkmarx Cloud Insights.

    The deployment instructions and required env-vars are documented together with the script files.

  3. Continue with the Checkmarx Cloud Insights integration guide.

Check Integration in Checkmarx

Sysdig exposure and deployment topology information enriches Checkmarx attack path and cloud insights.