Checkmarx · Rate Limits

Checkmarx Rate Limits

Checkmarx One does not publish numeric per-second API rate limits in its public documentation. Limits are tenant-scoped and governed by tenant tier and underlying scan-engine concurrency. Self-managed CxSAST deployments inherit limits from the customer's own infrastructure.

3 Limits Throttle: 429

Rate LimitingApplication SecuritySASTSCA

Limits

Checkmarx One REST API (per tenant) tenant

varies

see tenant tier / contract

Concurrent scans tenant

concurrent_scans

see tenant tier / contract

Self-managed CxSAST deployment

varies

bounded by customer-managed infrastructure

Policies

OAuth 2.0

Checkmarx One REST APIs use OAuth 2.0 access tokens issued via the tenant identity provider; tokens are scoped to tenant resources.

Backoff Strategy

Use exponential backoff with jitter on 429/503 responses; honor Retry-After when present.

Scan queueing

Scans beyond the concurrent-scan ceiling are queued; consumers should poll for status rather than retry submission.

Sources

https://checkmarx.com/resource/documents/en/34965-8158-rest-api.html
https://docs.checkmarx.com/