Configuration

To configure the Burp Suite plugin, navigate to the Code Dx tab.

The Server URL and API Key are required fields for sending data to Software Risk Manager. Ask your Software Risk Manager administrator to generate the server API key with the create role for the project(s) which the plugin must interact with.

Once the Server URL and API Key fields are populated, click the Refresh button to list the projects available to the API key in the Project dropdown. It is highly recommended that you specify an HTTPS URL, since using HTTP is insecure.

If you receive a warning regarding an invalid certificate, you will be prompted to Reject, Accept Temporarily, or Accept Permanently. Accepting temporarily will remember the exception until the session ends. Accepting permanently will create a .usertrust directory containing the truststore information. On Windows this will be in your appdata directory, on Mac it will be in the Application Support folder, and on Linux it will be in the .codedx folder in the home directory.