CxSAST Audit Database Connection

CxDB

This optional configuration element has only one attribute named ConnectionString. This is a standard SQL connection string. If not included in the configuration, audit records will not be included in the scan crawl.

Note that at the first run of the program, this element is encrypted on platforms that support configuration section encryption.

Required Database Security Permissions

The account used to connect to the CxSAST DB has the following requirements:

• The account should be mapped to the CxDB and CxActivity databases.
• The account shouid have the roles public and db_reader for both the CxDB and CxActivity databases.

The CxAnalytixService running on Windows can use SSPI to connect to the database if the CxAnalytixService is configured to execute using a service account that meets the above requirements.

Required Network Connectivity

To crawl the audit database, a direct database connection must be made to the CxSAST DB. It is not advised to enable SQL DB connections to a port available on the public Internet. This feature is strictly intended for use in installations where the CxAnalytix service can execute on a subnet that does not require a WAN hop to reach the SQL DB. This feature will not be supported for customers using a Checkmarx hosted instance or CxGO.

Environment Variable Substitution

Configuration values provided for this section can embed a reference to an environment variable by delimiting the name of the variable with %. While this is typically a construct used on Windows, this applies to all platforms. Example:

<CxDB ConnectionString="server=127.0.0.1\SQLEXPRESS,1433;User Id=%USER%;Password=%PASSWORD%" />