I have integrated SonarQube and Checkmarx SAST and SCA into the Azure DevOps build pipeline. I am able to see both the SonarQube and Checkmarx reports without any issues. I have the following...

after running Checkmarx scan on my Node.js application, I got a warning of Medium severity -> Missing_HSTS_Header. On this piece of code that just returns the content of metadata.json file (high...

I keep getting this annoying error from Checkmarx code scanner, Method getTotalValue at line 220 of src\java\com\example\PeopleController.java gets user input for the personName element. This ele...

CheckMarx is flagging an error which looks like a false positive to me. Our application is written in C# and uses ASP.NET Core. The error is: The web application's Startup method creates a cookie ...

Checkmarx - v 9.3.0 HF11 I am passing env value as data directory path in docker file which used in dev/uat server ENV DATA /app/data/ In local, using following Environment variable DATA=C:\projec...

I am using Spring MVC and I have an End Point having HTTP Method Post. @ResponseBody public ResponseEntity<Object> request(@RequestBody @Valid RequestPayload requestBody){ //Code } public ...

I have run my java app against the checkmarx tool for security vulnerability and it is constantly giving an issue - Heap Inspection, for my password field for which I use a character array. It does...

Can anyone suggest the proper sanitization/validation process required for the courseType variable in the following getCourses method. I am using that variable to write in a log file. I've tried H...

I have an endpoint that receives a String from the client as seen below: @GET @Path("/{x}") public Response doSomething(@PathParam("x") String x) { String y = myService.process(x); return Respo...

Codebase I am working on has been analyzed by Checkmarx, and it came back with a report containing a "Stored XSS" issue. The issue states: Method GetHomepageFilterByLocale HomepageRepo.cs gets da...

On scanning code using checkmarx for security vulnerabilities, a privacy violation issue was reported pointing to a variable name. public const string Authentication = "authentication"; I am usi...