Homepage
Not present in the local metadata.
brew package intelligence
checkmarx/ast-cli/ast-cli
Automic Vault tracks checkmarx/ast-cli/ast-cli because plain text checkmarx credentials matters when AI agents run command-line tools on macOS.
overview
What Automic Vault knows about checkmarx/ast-cli/ast-cli
This package is present in local Automic Vault package data. The page is generated so package-specific security metadata has a stable URL.
Commands and aliases
No executable aliases were found in the local package database.
radioisotope
Plain Text Checkmarx Credentials
Checkmarx AST CLI can store API keys and OAuth client secrets in ~/.checkmarx/checkmarxcli.yaml. Our isotope stores the config in the macOS keychain and injects it through a temporary CX_CONFIG_FILE_PATH while `cx` runs.
Local README excerpt
Checkmarx AST CLI Radioisotope
cx configure can store Checkmarx One API keys or OAuth client secrets in ~/.checkmarx/checkmarxcli.yaml. The radioisotope moves the config file into the macOS keychain and provides it to cx through a temporary CX_CONFIG_FILE_PATH while the command runs.
Caveats
- Only the default config path and explicit
CX_CONFIG_FILE_PATHare migrated. - The migration detects
cx_apikeyandcx_client_secretentries. - Configuration changes written by
cx configurehappen in the temporary
runtime config and are not persisted back to the keychain.
- Direct execution of the original binary will not receive credentials.
Source: data/radioisotopes/ast-cli/README.md
Coverage source
https://github.com/checkmarx/homebrew-ast-cli/blob/HEAD/Formula/ast-cli.rb
Caveats
- Only the default config path and explicit CX_CONFIG_FILE_PATH are migrated.
- Configuration changes made by cx configure are not persisted to keychain.
- Direct execution of the original binary will not receive credentials.
install metadata
Resolver facts
| Package key | brew:checkmarx/ast-cli/ast-cli |
|---|
source trail
Generated from repository data
This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.
Used sources
- local isotope README
- radioisotope security manifest