Skip to content

feat(plugin): add CheckmarxOne data source plugin (#8869)#8927

Open
bujjibabukatta wants to merge 1 commit into
apache:mainfrom
bujjibabukatta:fix/#8869
Open

feat(plugin): add CheckmarxOne data source plugin (#8869)#8927
bujjibabukatta wants to merge 1 commit into
apache:mainfrom
bujjibabukatta:fix/#8869

Conversation

@bujjibabukatta

@bujjibabukatta bujjibabukatta commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR implements a complete CheckmarxOne data source plugin for Apache DevLake (resolves #8869).

The plugin enables security teams to integrate CheckmarxOne SAST scanning results into DevLake pipelines, allowing them to:

  • Track and follow security issues discovered by CheckmarxOne
  • Provide KPIs around findings, triage, and remediation
  • Monitor vulnerability severity and remediation progress
  • Support DevSecOps practices with security-focused metrics

Motivation

With the rising importance of DevSecOps, organizations need to track security vulnerabilities alongside development metrics. This plugin provides seamless integration with CheckmarxOne, a leading code security scanning platform, enabling teams to establish meaningful performance indicators around security vulnerability remediation.

Changes

Plugin Structure

  • Entry Point: checkmarxone.go - Main plugin entry point with CLI support
  • Implementation: impl/impl.go - Core plugin logic implementing all required interfaces
  • Models: Connection, Project, and Finding data models
  • API Client: OAuth-based authentication and API communication
  • Tasks: Collector and extractor for findings data
  • API Endpoints: REST endpoints for connection management
  • Migrations: Database schema setup

Data Models

CheckmarxoneConnection

  • Server URL, Client ID/Secret for OAuth
  • Secure credential storage (passwords hidden in JSON)

CheckmarxoneProject

  • Project ID and metadata
  • Connection association

CheckmarxoneFinding

  • Vulnerability data: ID, name, severity, status
  • First/Last found timestamps
  • Finding type and count

Features

✅ OAuth authentication with automatic token refresh
✅ Multi-project support with separate data collection
✅ Vulnerability severity tracking (Critical, High, Medium, Low)
✅ Remediation status monitoring
✅ REST API for connection CRUD operations
✅ Automatic database migrations
✅ Comprehensive error handling and logging
✅ Resource cleanup and connection management

Data Flow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature][Plugin] CheckmarxOne

1 participant

@bujjibabukatta