Checkmarx · Rate Limits
Checkmarx Rate Limits
Checkmarx One does not publish numeric per-second API rate limits in its public documentation. Limits are tenant-scoped and governed by tenant tier and underlying scan-engine concurrency. Self-managed CxSAST deployments inherit limits from the customer's own infrastructure.
Checkmarx Rate Limits is the machine-readable rate-limit profile for Checkmarx on the APIs.io network, conforming to the API Commons Rate Limits specification.
It captures 3 rate-limit definitions, measuring varies and concurrent_scans.
The profile also includes 3 backoff/retry policies defined and response codes documented for throttled, unauthorized, and serviceUnavailable.
Tagged areas include Rate Limiting, Application Security, SAST, and SCA.
3 Limits
Throttle: 429
Rate LimitingApplication SecuritySASTSCA
Limits
Checkmarx One REST API (per tenant) tenant
see tenant tier / contract
Concurrent scans tenant
see tenant tier / contract
Self-managed CxSAST deployment
bounded by customer-managed infrastructure
Policies
OAuth 2.0
Checkmarx One REST APIs use OAuth 2.0 access tokens issued via the tenant identity provider; tokens are scoped to tenant resources.
Backoff Strategy
Use exponential backoff with jitter on 429/503 responses; honor Retry-After when present.
Scan queueing
Scans beyond the concurrent-scan ceiling are queued; consumers should poll for status rather than retry submission.