Checkmarx · cx-shubham-yadav · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025 · Oct 15, 2025
@@ -0,0 +1,59 @@
+The Checkmarx One CLI is a fully functional Command Line Interface (CLI) that interacts with the Checkmarx One server
+
+USAGE
+  cx <command> <subcommand> [flags]
+
+COMMANDS
+  auth:       Validate authentication and create OAuth2 credentials
+  completion: Generate the autocompletion script for the specified shell
+  configure:  Configure authentication and global properties
+  help:       Help about any command
+  hooks:      Manage Git hooks
+  project:    Manage projects
+  results:    Retrieve results
+  scan:       Manage scans
+  telemetry:  Telemetry user events
+  triage:     Manage results
+  utils:      Utility functions
+  version:    Prints the version number
+
+FLAGS
+      --agent string                      Scan origin name (default "ASTCLI")
+      --apikey string                     The API Key to login to Checkmarx One
+      --base-auth-uri string              The base system IAM URI
+      --base-uri string                   The base system URI
+      --client-id string                  The OAuth2 client ID
+      --client-secret string              The OAuth2 client secret
+      --config-file-path string           Path to the configuration file
+      --debug                             Debug mode with detailed logs
+  -h, --help                              help for cx
+      --ignore-proxy                      Ignore proxy configuration
+      --insecure                          Ignore TLS certificate validations
+      --log-file string                   Saves logs to the specified file path only
+      --log-file-console string           Saves logs to the specified file path as well as to the console
+      --proxy string                      Proxy server to send communication through
+      --proxy-auth-type string            Proxy authentication type (supported types: basic, ntlm, kerberos or kerberos-native)
+      --proxy-kerberos-ccache string      Path to Kerberos credential cache (optional, default uses KRB5CCNAME env or OS default)
+      --proxy-kerberos-krb5-conf string   Path to Kerberos configuration file(default: /etc/krb5.conf on linux and C:\Windows\krb5.ini on windows)
+      --proxy-kerberos-spn string         Service Principal Name (SPN) for Kerberos proxy authentication
+      --proxy-ntlm-domain string          Window domain when using NTLM proxy
+      --retry uint                        Retry requests to Checkmarx One on connection failure (default 3)
+      --retry-delay uint                  Time between retries in seconds, use with --retry (default 20)
+      --tenant string                     Checkmarx tenant
+      --timeout string                    Timeout for network activity, (default 5 seconds)
+
+EXAMPLES
+  $ cx configure
+  $ cx scan create -s . --project-name my_project_name
+  $ cx scan list
+
+DOCUMENTATION
+  https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html
+
+QUICK START GUIDE
+  https://checkmarx.com/resource/documents/en/34965-68621-checkmarx-one-cli-quick-start-guide.html
+
+LEARN MORE
+  Use 'cx <command> <subcommand> --help' for more information about a command.
+  Read the manual at https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html
+
@@ -0,0 +1,53 @@
+The project create command enables the ability to create a new project in Checkmarx One
+
+USAGE
+  cx project create [flags]
+
+FLAGS
+      --application-name string   Name of the application to assign with the project
+      --branch string             Main branch
+      --format string             Format for the output. One of [json list table] (default "table")
+      --groups string             List of groups, ex: (PowerUsers,etc)
+  -h, --help                      help for create
+      --project-name string       Name of project
+      --repo-url string           Repository URL
+      --ssh-key string            Path to ssh private key
+      --tags string               List of tags, ex: (tagA,tagB:val,etc)
+
+GLOBAL FLAGS
+  --agent string                      Scan origin name (default "ASTCLI")
+  --apikey string                     The API Key to login to Checkmarx One
+  --base-auth-uri string              The base system IAM URI
+  --base-uri string                   The base system URI
+  --client-id string                  The OAuth2 client ID
+  --client-secret string              The OAuth2 client secret
+  --config-file-path string           Path to the configuration file
+  --debug                             Debug mode with detailed logs
+  --ignore-proxy                      Ignore proxy configuration
+  --insecure                          Ignore TLS certificate validations
+  --log-file string                   Saves logs to the specified file path only
+  --log-file-console string           Saves logs to the specified file path as well as to the console
+  --proxy string                      Proxy server to send communication through
+  --proxy-auth-type string            Proxy authentication type (supported types: basic, ntlm, kerberos or kerberos-native)
+  --proxy-kerberos-ccache string      Path to Kerberos credential cache (optional, default uses KRB5CCNAME env or OS default)
+  --proxy-kerberos-krb5-conf string   Path to Kerberos configuration file(default: /etc/krb5.conf on linux and C:\Windows\krb5.ini on windows)
+  --proxy-kerberos-spn string         Service Principal Name (SPN) for Kerberos proxy authentication
+  --proxy-ntlm-domain string          Window domain when using NTLM proxy
+  --retry uint                        Retry requests to Checkmarx One on connection failure (default 3)
+  --retry-delay uint                  Time between retries in seconds, use with --retry (default 20)
+  --tenant string                     Checkmarx tenant
+  --timeout string                    Timeout for network activity, (default 5 seconds)
+
+EXAMPLES
+  $ cx project create --project-name <Project Name>
+
+DOCUMENTATION
+  https://checkmarx.com/resource/documents/en/34965-68634-project.html#UUID-44ecd672-8f1f-32de-6c2e-838b680a0bf4
+
+QUICK START GUIDE
+  https://checkmarx.com/resource/documents/en/34965-68621-checkmarx-one-cli-quick-start-guide.html
+
+LEARN MORE
+  Use 'cx <command> <subcommand> --help' for more information about a command.
+  Read the manual at https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html
+
@@ -0,0 +1,55 @@
+The show command enables the ability to show results about a requested scan in Checkmarx One
+
+USAGE
+  cx results show [flags]
+
+FLAGS
+      --filter strings                   Filter the list of results. Use ';' as the delimiter for arrays. Available filters are: scan-id,limit,offset,sort,include-nodes,node-ids,query,group,status,severity,state
+  -h, --help                             help for show
+      --ignore-policy                    Skip policy evaluation. Requires override-policy-management permission.
+      --output-name string               Output file (default "cx_result")
+      --output-path string               Output Path (default ".")
+      --policy-timeout int               Cancel the policy evaluation and fail after the timeout in minutes (default 1)
+      --report-format string             Format for the output. One of [json-v2 summaryHTML summaryConsole sarif summaryJSON sbom pdf markdown gl-sast gl-sca sonar json] (default "json")
+      --report-pdf-email string          Send the PDF report to the specified email address. Use "," as the delimiter for multiple emails
+      --report-pdf-options string        Sections to generate PDF report. Available options: Iac-Security,Sast,Sca,ScanSummary,ExecutiveSummary,ScanResults (default "ScanSummary,ExecutiveSummary,ScanResults")
+      --report-sbom-format string        Sections to generate SBOM report. Available options: CycloneDxJson,CycloneDxXml,SpdxJson (default "CycloneDxJson")
+      --sast-redundancy                  Populate SAST results 'data.redundancy' with values 'fix' (to fix) or 'redundant' (no need to fix)
+      --sca-hide-dev-test-dependencies   Filter SCA results to exclude dev and test dependencies
+      --scan-id string                   ID to report on
+      --wait-delay int                   Polling wait time in seconds (default 5)
+
+GLOBAL FLAGS
+  --agent string                      Scan origin name (default "ASTCLI")
+  --apikey string                     The API Key to login to Checkmarx One
+  --base-auth-uri string              The base system IAM URI
+  --base-uri string                   The base system URI
+  --client-id string                  The OAuth2 client ID
+  --client-secret string              The OAuth2 client secret
+  --config-file-path string           Path to the configuration file
+  --debug                             Debug mode with detailed logs
+  --ignore-proxy                      Ignore proxy configuration
+  --insecure                          Ignore TLS certificate validations
+  --log-file string                   Saves logs to the specified file path only
+  --log-file-console string           Saves logs to the specified file path as well as to the console
+  --proxy string                      Proxy server to send communication through
+  --proxy-auth-type string            Proxy authentication type (supported types: basic, ntlm, kerberos or kerberos-native)
+  --proxy-kerberos-ccache string      Path to Kerberos credential cache (optional, default uses KRB5CCNAME env or OS default)
+  --proxy-kerberos-krb5-conf string   Path to Kerberos configuration file(default: /etc/krb5.conf on linux and C:\Windows\krb5.ini on windows)
+  --proxy-kerberos-spn string         Service Principal Name (SPN) for Kerberos proxy authentication
+  --proxy-ntlm-domain string          Window domain when using NTLM proxy
+  --retry uint                        Retry requests to Checkmarx One on connection failure (default 3)
+  --retry-delay uint                  Time between retries in seconds, use with --retry (default 20)
+  --tenant string                     Checkmarx tenant
+  --timeout string                    Timeout for network activity, (default 5 seconds)
+
+EXAMPLES
+  $ cx results show --scan-id <scan Id>
+
+QUICK START GUIDE
+  https://checkmarx.com/resource/documents/en/34965-68621-checkmarx-one-cli-quick-start-guide.html
+
+LEARN MORE
+  Use 'cx <command> <subcommand> --help' for more information about a command.
+  Read the manual at https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html
+
@@ -0,0 +1,102 @@
+The create command enables the ability to create and run a new scan in Checkmarx One
+
+USAGE
+  cx scan create [flags]
+
+FLAGS
+      --apisec-swagger-filter string           Swagger folder/file filter for API-Security scan. Example: ./swagger.json
+      --application-name string                Name of the application to assign with the project
+      --async                                  Do not wait for scan completion
+  -b, --branch string                          Branch to scan
+      --branch-primary                         This flag sets the branch specified in --branch as the PRIMARY branch for the project
+      --container-images string                List of container images to scan, ex: manuelbcd/vulnapp:latest,debian:10
+      --containers-exclude-non-final-stages    Scan only the final deployable image
+      --containers-file-folder-filter string   Specify files and folders to be included or excluded from scans, ex: "!*.log"
+      --containers-image-tag-filter string     Exclude images by image name and/or tag, ex: "*dev"
+      --containers-local-resolution            Execute container resolver locally.
+      --containers-package-filter string       Exclude packages by package name or file path using regex, ex: "^internal-.*"
+  -f, --file-filter string                     Source file filtering pattern
+  -i, --file-include string                    Only files scannable by AST are included by default. Add a comma separated list of extra inclusions, ex: *zip,file.txt
+  -s, --file-source string                     Sources like: directory, zip file or git URL
+      --filter strings                         Filter the list of results. Use ';' as the delimiter for arrays. Available filters are: scan-id,limit,offset,sort,include-nodes,node-ids,query,group,status,severity,state
+  -h, --help                                   help for create
+      --iac-security-filter string             IaC Security filter
+      --iac-security-platforms strings         IaC Security Platform Flag
+      --iac-security-preset-id string          The ID of the IaC Security Preset to use (must be a valid UUID)
+      --ignore-policy                          Skip policy evaluation. Requires override-policy-management permission.
+      --output-name string                     Output file (default "cx_result")
+      --output-path string                     Output Path (default ".")
+      --policy-timeout int                     Cancel the policy evaluation and fail after the timeout in minutes (default 4)
+      --project-groups string                  List of groups to associate to project
+      --project-name string                    Name of the project
+      --project-private-package string         Enable or disable project private package. Available options: true,false
+      --project-tags string                    List of tags to associate to project
+      --report-format string                   Format for the output. One of [json json-v2 summaryHTML sarif sbom pdf markdown gl-sast gl-sca summaryConsole] (default "summaryConsole")
+      --report-pdf-email string                Send the PDF report to the specified email address. Use "," as the delimiter for multiple emails
+      --report-pdf-options string              Sections to generate PDF report. Available options: Iac-Security,Sast,Sca,ScanSummary,ExecutiveSummary,ScanResults (default "ScanSummary,ExecutiveSummary,ScanResults")
+      --report-sbom-format string              Sections to generate SBOM report. Available options: CycloneDxJson,CycloneDxXml,SpdxJson (default "CycloneDxJson")
+      --resubmit                               Create a scan with the configurations used in the most recent scan in the project
+      --sast-fast-scan                         Enable SAST Fast Scan configuration
+      --sast-filter string                     SAST filter
+      --sast-incremental                       Incremental SAST scan should be performed.
+      --sast-light-queries                     Enable SAST scan using light query configuration
+      --sast-preset-name string                The name of the Checkmarx preset to use.
+      --sast-recommended-exclusions            Enable recommended exclusions configuration for SAST scan
+      --sast-redundancy                        Populate SAST results 'data.redundancy' with values 'fix' (to fix) or 'redundant' (no need to fix)
+      --sbom-only                              Scan only the specified SBOM file (supported formats xml or json)
+      --sca-exploitable-path string            Enable or disable exploitable path in scan. Available options: true,false
+      --sca-filter string                      SCA filter
+      --sca-hide-dev-test-dependencies         Filter SCA results to exclude dev and test dependencies
+      --sca-last-sast-scan-time string         SCA last scan time. Available options: integer above 1
+      --sca-private-package-version string     SCA project private package version. Example: 0.1.1
+      --sca-resolver string                    Resolve SCA project dependencies (path to SCA Resolver executable)
+      --sca-resolver-params string             Parameters to use in SCA resolver (requires --sca-resolver)
+      --scan-info-format string                Format for the output. One of [table json list] (default "list")
+      --scan-timeout int                       Cancel the scan and fail after the timeout in minutes
+      --scan-types string                      Scan types, ex: (sast,iac-security,sca,api-security)
+      --scs-engines string                     Specify which scs engines will run (default: all licensed engines)
+      --scs-repo-token string                  Provide a token with read permission for the repo that you are scanning (for scorecard scans)
+      --scs-repo-url string                    The URL of the repo that you are scanning with scs (for scorecard scans)
+      --ssh-key string                         Path to ssh private key
+      --tags string                            List of tags, ex: (tagA,tagB:val,etc)
+      --threshold string                       Local build threshold. Format <engine>-<severity>=<limit>. Example: scan --threshold "sast-high=10;sca-high=5;iac-security-low=10"
+      --use-gitignore                          Exclude files and directories from the scan based on the patterns defined in the directory's .gitignore file
+      --wait-delay int                         Polling wait time in seconds (default 5)
+
+GLOBAL FLAGS
+  --agent string                      Scan origin name (default "ASTCLI")
+  --apikey string                     The API Key to login to Checkmarx One
+  --base-auth-uri string              The base system IAM URI
+  --base-uri string                   The base system URI
+  --client-id string                  The OAuth2 client ID
+  --client-secret string              The OAuth2 client secret
+  --config-file-path string           Path to the configuration file
+  --debug                             Debug mode with detailed logs
+  --ignore-proxy                      Ignore proxy configuration
+  --insecure                          Ignore TLS certificate validations
+  --log-file string                   Saves logs to the specified file path only
+  --log-file-console string           Saves logs to the specified file path as well as to the console
+  --proxy string                      Proxy server to send communication through
+  --proxy-auth-type string            Proxy authentication type (supported types: basic, ntlm, kerberos or kerberos-native)
+  --proxy-kerberos-ccache string      Path to Kerberos credential cache (optional, default uses KRB5CCNAME env or OS default)
+  --proxy-kerberos-krb5-conf string   Path to Kerberos configuration file(default: /etc/krb5.conf on linux and C:\Windows\krb5.ini on windows)
+  --proxy-kerberos-spn string         Service Principal Name (SPN) for Kerberos proxy authentication
+  --proxy-ntlm-domain string          Window domain when using NTLM proxy
+  --retry uint                        Retry requests to Checkmarx One on connection failure (default 3)
+  --retry-delay uint                  Time between retries in seconds, use with --retry (default 20)
+  --tenant string                     Checkmarx tenant
+  --timeout string                    Timeout for network activity, (default 5 seconds)
+
+EXAMPLES
+  $ cx scan create --project-name <Project Name> -s <path or repository url>
+
+DOCUMENTATION
+  https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-a0bb20d5-5182-3fb4-3da0-0e263344ffe7
+
+QUICK START GUIDE
+  https://checkmarx.com/resource/documents/en/34965-68621-checkmarx-one-cli-quick-start-guide.html
+
+LEARN MORE
+  Use 'cx <command> <subcommand> --help' for more information about a command.
+  Read the manual at https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.html
+