Notes on TeamMentor integration with CheckMarx (and pdf with info)

On the topic of integrating TeamMentor with Checkmarx, embeded below is nice document (created by Roman and Michael) that explains how it works and where the TM (TeamMentor) guidance shows up.

This is a major milestone for TM and it shows that the best place to consume TM is in the developer's IDE.

Couple notes on this implementation:

• The TM content shown is editable (with the idea that it should be customised to the target application, so that the developers can 'Copy and Page from TeamMentor')
• That said, without any customisation, the guidance shown is already 'language' sensitive, which means that for an ASP.NET scan we will show an ASP.NET TM article, for a Java scan we will show an Java TM article, etc... (the default Checkmarx Guidance uses CWE IDs which are generic and not language specific)
• The way this works is that we created a special TM Checkmarx Proxy which rewrites some of the data returned from the main Checkmarx server:
• we use the Checkmarx's QueryID to map to TM guidance, instead of CWE ID
• this actually means that we could easily add a LOT more changes to the data shown to the user (I see the current version of this TM Checkmarx Proxy as a warm up on what we can do with the powerful CheckMarx engine) 
• For more info see:
• multiple posts on this topic on my blog
• these recent posts on Michael's blog: 
• Consuming TeamMentor Checkmarx proxy from the Checkmarx Visual Studio Add-in 
• Configuring and consuming TeamMentor proxy from Checkmarx Web and Windows client and
• Consuming TeamMentor Checkmarx proxy from the Checkmarx Visual Studio Add-in )

So, if you are an existing Checkmarx customer, ping me (or SI) to give this a test drive (you can also just clone the TeamMentor_Checkmarx repo and have a go :)  )


Here is the TeamMentor Checkmarx Integration pdf: