Migrating from Checkmarx to middleBrick

Establish a fixed date for switching scanners and communicate it to development and security teams. Use a short freeze window for new scans so you can compare results under similar conditions. During this window, run middleBrick in parallel with Checkmarx on a representative set of APIs to validate coverage and confirm that findings align with your risk expectations.

Export findings from Checkmarx using its REST API or reports, capturing key fields such as query ID, severity, file, line, and status (open or false positive). Normalize this data into a consistent schema, for example mapping Checkmarx query names to middleBrick finding categories. Maintain traceability by preserving the original IDs so you can later cross-reference or reconcile differences in detection logic.

Import your normalized findings into middleBrick by mapping locations and severities, and then initiate scans to generate a new baseline. middleBrick works as a black-box scanner, so no agents or SDKs are required; you only need to supply API URLs. Use the CLI to automate repeated runs and store JSON output to reconstruct historical trends. Note that proprietary scan metadata from Checkmarx will not transfer; focus on findings, not internal rule identifiers.

Wire middleBrick into your CI/CD pipeline incrementally. Start with non-blocking advisory mode, where scans report results without failing builds. Gradually introduce thresholds for score or critical findings once teams are comfortable with the new tool. For GitHub Actions, configure the middleBrick action to fail only on predefined risk levels, and ensure the job fails early to avoid merging high-risk changes. Use the same header allowlist and authenticated scanning settings that match your API stack to reduce false discrepancies.

You will lose Checkmarx’s deep static code analysis and proprietary rule set focused on language-specific patterns. middleBrick does not perform static code inspection or detect implementation-level flaws such as insecure deserialization or cryptographic misuse. What you gain is a scanner that requires no agents, runs in under a minute, and covers the OWASP API Top 10 with transparent detection logic. You also gain simplified onboarding, since any API endpoint can be tested without SDKs, plus continuous monitoring options that provide diffs between scans and configurable alerts aligned to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023).

• Can I import Checkmarx XML or SARIF directly into middleBrick? Export the data, map the fields to middleBrick categories, and use the API or CLI to re-create findings as scans. Direct format import is not supported.
• Will my scan history remain searchable after migration? Use the dashboard to track score trends over time. Historical data is available as long as you retain the exported JSON records or screenshots for reference.
• How does authenticated scanning differ from Checkmarx? middleBrick supports Bearer, API key, Basic auth, and cookies after domain verification. It does not crawl code to discover authentication flows; you must configure valid tokens for endpoints that require them.
• Can I automate evidence collection for audits? Yes. Use the CLI with JSON output and the Pro tier’s compliance PDF downloads to gather scan artifacts. The dashboard also supports diff views to show resolved findings for audit evidence aligned to SOC 2 Type II and OWASP API Top 10 (2023).
• What happens to my data if I cancel? Customer scan data is deletable on demand and purged within 30 days of cancellation. It is never sold or used for model training.