> For the complete documentation index, see llms.txt.
Skip to main content

Check out Port for yourself ➜ 

Ingest Checkmarx KICS scan into your catalog

Available Github Integrations

This guide includes steps that require integration with GitHub:

  • GitHub (Ocean) - uses the Ocean framework. We strongly recommend this integration for new and migrated setups.
  • GitHub (Sunset) - uses a GitHub app that is in sunset and will be fully deprecated on September 15, 2026.

The following example shows you how to create a checkmarxScan blueprint that ingests all scan results in your Checkmarx KICS file using Port's GitHub file ingesting feature.

To ingest the packages to Port, a port-app-config.yml file in the needed repository or organisation is used.

Prerequisites

This guide assumes you have a Port account.

GitHub configuration

To ingest GitHub objects, use one of the following methods:

To manage your GitHub integration configuration using Port:

  1. Go to the data sources page of your portal.
  2. Under Exporters, click on your desired GitHub organization.
  3. A window will open containing the default YAML configuration of your GitHub integration.
  4. Here you can modify the configuration to suit your needs, by adding/removing entries.
  5. When finished, click resync to apply any changes.

Using this method applies the configuration to all repositories that the GitHub app has permissions to.

When configuring the integration using Port, the YAML configuration is global, allowing you to specify mappings for multiple Port blueprints.

Important

When using Port's UI, the specified configuration will override any port-app-config.yml file in your GitHub repository/ies.

Setting up the blueprint and mapping configuration

Create the following blueprint and mapping configuration:

Checkmarx KICS blueprint (Click to expand)
{
"identifier": "checkmarxScan",
"description": "This blueprint represents a Checkmarx KICS scan in our software catalog",
"title": "Checkmarx Scans",
"icon": "checkmarx",
"schema": {
"properties": {
"severity": {
"title": "Severity",
"type": "string",
"enum": ["LOW", "MEDIUM", "HIGH", "INFO"],
"enumColors": {
"LOW": "green",
"MEDIUM": "yellow",
"HIGH": "red",
"INFO": "yellow"
}
},
"url": {
"type": "string",
"title": "Scan URL",
"format": "url"
},
"platform": {
"title": "Platform",
"type": "string"
},
"files": {
"items": {
"type": "object"
},
"title": "Files",
"type": "array"
},
"cloud_provider": {
"title": "Cloud Provider",
"type": "string"
},
"description": {
"title": "Description",
"type": "string"
},
"category": {
"title": "Category",
"type": "string"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Checkmarx KICS mapping configuration (Click to expand)
resources:
- kind: file
selector:
query: 'true'
files:
- path: '**/results.json'
organization: my-org # Optional if githubOrganization is set (required if not set)
repos:
- name: MyRepo
branch: main
port:
itemsToParse: >-
[.url as $url | .content.queries[] | {$url, query_id,
query_name, severity, platform, files, cloud_provider, description,
category}]
entity:
mappings:
identifier: .item.query_id
title: .item.query_name
blueprint: '"checkmarxScan"'
properties:
category: .item.category
cloud_provider: .item.cloud_provider
description: .item.description
files: .item.files
severity: .item.severity
platform: .item.platform
url: .item.url
relations:
repository: .__repository
Ocean differences

GitHub (Ocean) uses .content instead of .file.content for file content and .url instead of .file.url. The files selector supports organization and repos (with name and branch) for scoping. Use .__repository for the repository relation.

Then click on Resync and wait for the entities to be ingested in your Port environment