{"id":53369,"date":"2013-08-12T14:32:15","date_gmt":"2013-08-12T14:32:15","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=3499"},"modified":"2026-04-21T17:46:24","modified_gmt":"2026-04-21T15:46:24","slug":"svn-static-code-analysis","status":"publish","type":"glossary","link":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/","title":{"rendered":"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN"},"content":{"rendered":"<h2 class=\"wp-block-heading has-text-align-left article-anchor\" id=\"article-anchor-1\"><strong>Definition:<\/strong><\/h2>\n\n\n\n<p class=\"has-text-align-left\"><br><strong>SVN static code analysis<\/strong> is the practice of running <strong><a href=\"https:\/\/checkmarx.com\/cxsast-source-code-scanning\/\">Static Application Security Testing<\/a> (SAST)<\/strong> against code stored in <strong>Apache Subversion (SVN)<\/strong> to find vulnerabilities early in the SDLC &#8211; before code runs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left article-anchor\" id=\"article-anchor-2\">Why it matters to dev &amp; AppSec teams<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Developer\u2011first workflows<\/strong>: Checkmarx highlights \u201c<a href=\"https:\/\/checkmarx.com\/blog\/best-fix-location-minimize-fix-time-and-maximize-security\/\">best fix locations<\/a>\u201d and provides guided remediation right in the IDE.<span style=\"color: #333333;\"><\/span><wp-block data-block=\"core\/more\"><\/wp-block>\n<\/li>\n\n\n\n<li>\n<strong><a href=\"https:\/\/checkmarx.com\/learn\/sast\/shift-left-security-integrate-sast-into-devsecops-pipeline\/\">Shift\u2011left security<\/a><\/strong>: surface security defects in source before build or deploy.<\/li>\n\n\n\n<li>\n<strong>Fewer fire drills<\/strong>: earlier findings cost less to fix and reduce late\u2011stage churn.<\/li>\n\n\n\n<li>\n<strong>Auditability &amp; coverage<\/strong>: scanning directly from your central SVN repo ensures nothing slips between branches.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">How SVN static code analysis typically works<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<strong>Connect your SAST tool to SVN<\/strong> so scans can pull source from your centralized repository. <a href=\"https:\/\/checkmarx.com\/product\/application-security-platform\/\">Checkmarx One <\/a> SAST supports <strong>Source Control<\/strong> connections including <strong>SVN<\/strong>.<\/li>\n\n\n\n<li>\n<strong>Kick off scans via CLI or CI<\/strong>. With <strong>Checkmarx One CLI<\/strong>, you can scan a local working copy, a zipped directory, or a repository URL; results are available in the platform and via CLI\/report files.<\/li>\n\n\n\n<li>\n<strong>Automate with SVN hooks or your CI server<\/strong>. Use <strong>post\u2011commit<\/strong> hooks to trigger asynchronous scans after each commit, or have CI (e.g., Jenkins\/Bamboo) run SAST on commit to trunk\/branches. <br>SVN supports <strong>pre\u2011commit<\/strong> and <strong>post\u2011commit<\/strong> hook scripts; Checkmarx provides plugins\/flows for popular CI tools.<\/li>\n\n\n\n<li>\n<strong>Speed it up<\/strong>: Use <strong>Fast Scan<\/strong> \/ recommended exclusions when you need quick feedback in active repos.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">Eclipse static code analysis (IDE\u2011first)<\/h2>\n\n\n\n<p>Many teams also run static analysis <strong>inside Eclipse<\/strong> to give developers instant feedback as they code. Eclipse supports analysis via <strong>plugins<\/strong>: quality tools (e.g., coverage) and <strong>security SAST<\/strong> plugins. For AppSec, use the <strong><a href=\"https:\/\/checkmarx.com\/product\/application-security-platform\/\">Checkmarx One Eclipse Plugin<\/a><\/strong> to run SAST\/SCA in the IDE.<\/p>\n\n\n\n<p><br><strong>Install &amp; run (developer\u2011speed path):<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Install from<a href=\"https:\/\/checkmarx.com\/plugins\/\"> Checkmarx One Plugins<\/a>:<\/strong> <em>Help \u2192 Eclipse Marketplace\u2026<\/em> \u2192 search <strong>\u201cCheckmarx One\u201d<\/strong> \u2192 Install. <\/li>\n\n\n\n<li>\n<strong>Scan from Eclipse:<\/strong> initiate scans from the IDE; note that <strong>Eclipse plugin scans your local workspace code<\/strong> (helpful for pre\u2011commit checks). <a href=\"https:\/\/docs.checkmarx.com\/en\/34965-8112-scans-triggered-from-eclipse.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Checkmarx.com<\/a>\n<\/li>\n\n\n\n<li>\n<strong>Compatibility note:<\/strong> Check the plugin\u2019s<a href=\"https:\/\/checkmarx.com\/plugins\/\"> <strong>Change Log<\/strong> <\/a>for requirements (e.g., current releases require <strong>Java 11<\/strong> to run the plugin).<\/li>\n\n\n\n<li>\n<strong>SVN + Eclipse workflow:<\/strong> scan locally before committing; enforce team\u2011level gates via <strong>SVN post\u2011commit<\/strong> or <strong>CI<\/strong> as described above. (See <a href=\"https:\/\/svnbook.red-bean.com\/en\/1.8\/svn.ref.reposhooks.html\">hooks reference<\/a>.)<\/li>\n<\/ul>\n\n\n\n<p>Explore the<a href=\"https:\/\/docs.checkmarx.com\/en\/34965-68728-checkmarx-one-eclipse-plugin.html\"> <strong>Checkmarx One Eclipse Plugin<\/strong> <\/a>overview and setup guides for step\u2011by\u2011step instructions and capabilities (run new scans, import existing results, view fix guidance in\u2011editor).<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\">Quick start with Checkmarx (SVN \u2192 SAST)<\/h2>\n\n\n\n<p><strong>Prereqs:<\/strong> a Checkmarx project, repository access, and the Checkmarx CLI.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<strong>Connect to SVN<\/strong><br>In <strong>Checkmarx SAST<\/strong>, set your project\u2019s <strong>Source Control<\/strong> type to <strong>SVN<\/strong> to pull code from your repository.<\/li>\n\n\n\n<li>\n<strong>Create\/configure the project<\/strong><br>Follow the standard SAST project creation, then select the repository and branch\/trunk to scan. <\/li>\n\n\n\n<li>\n<strong>Run your first scan from CLI (example)<\/strong><br>From a checked\u2011out working copy(Python):<br>\n<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>       # inside your working copy root\n         cx scan create \\\n          --project-name \"my-svn-app\" \\\n          --branch \"trunk\" \\\n           --async\n<\/code><\/pre>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"822\" height=\"596\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/carbon-2.png\" alt=\"SVN scan code example\" class=\"wp-image-104816\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/carbon-2.png 822w, https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/carbon-2-300x218.png 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/carbon-2-768x557.png 768w\" sizes=\"(max-width: 822px) 100vw, 822px\" \/><\/figure>\n<\/div>\n\n\n<p>The Checkmarx One CLI supports scanning local directories\/zips\/repo URLs and can output reports (e.g., SARIF) for toolchain integrations.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><strong>4. Automate with an SVN post\u2011commit hook (pattern)<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#!\/bin\/sh\nREPOS=\"$1\"\nREV=\"$2\"\nWORKDIR=\"\/var\/tmp\/svn-scan\/$REV\"\n\nrm -rf \"$WORKDIR\" &amp;&amp; mkdir -p \"$WORKDIR\"\nsvn export -q \"file:\/\/$REPOS\" \"$WORKDIR\"\n\ncd \"$WORKDIR\" || exit 1\n# Trigger an async scan so the commit isn't blocked\ncx scan create --project-name \"my-svn-app\" --branch \"r$REV\" --async\n<\/code><\/pre>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"587\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/SVN-post\u2011commit-hook-1024x587.png\" alt=\"SVN post\u2011commit hook\" class=\"wp-image-104818\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/SVN-post\u2011commit-hook-1024x587.png 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/SVN-post\u2011commit-hook-300x172.png 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/SVN-post\u2011commit-hook-768x440.png 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2013\/08\/SVN-post\u2011commit-hook.png 1430w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>SVN\u2019s server\u2011side hooks (like <code>post-commit<\/code>) are designed for exactly this kind of automation. Prefer <strong>post\u2011commit<\/strong> (as shown) for performance; <strong>pre\u2011commit<\/strong> scans can be too slow for large repos.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\">Best practices for SVN static code analysis<\/h2>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<ul class=\"wp-block-list\">\n<li>\n<strong>Choose the right trigger<\/strong>: Use <strong>post\u2011commit<\/strong> or CI pipelines for full scans; keep <strong>pre\u2011commit<\/strong> hooks lightweight (policy checks\/allowlists) to avoid blocking developers. <a href=\"https:\/\/subversion.apache.org\/docs\/api\/1.10\/group__svn__repos__hook__wrappers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Subversion<\/a>\n<\/li>\n\n\n\n<li>\n<strong>Tune for speed<\/strong>: Enable <strong>Fast Scan<\/strong> for rapid feedback during active iterations; use full scans nightly or on release branches. Checkmarx One Documentation<\/li>\n\n\n\n<li>\n<strong>Correlate SAST + SCA<\/strong>: Pair static analysis with <strong><a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">Software Composition Analysis <\/a>(SCA)<\/strong> to cover open\u2011source risks alongside custom code. <\/li>\n\n\n\n<li>\n<strong><a href=\"https:\/\/checkmarx.com\/product\/checkmarx-one-assist\/\">Meet devs where they work<\/a><\/strong>: integrate results into IDE &amp; CI; Checkmarx provides plugins for <strong>Eclipse<\/strong>, <strong>IntelliJ<\/strong>, <strong>Visual Studio<\/strong>, <strong>Jenkins<\/strong>, <strong>Bamboo<\/strong>, and more.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Use IDE for fast feedback:<\/strong> run <strong>Eclipse<\/strong> scans pre\u2011commit; promote critical findings to team workflows.<\/li>\n<\/ul>\n<\/div><\/div>\n<\/div><\/div>\n\n\n<script src=\"https:\/\/player.vimeo.com\/api\/player.js\"><\/script>\n<script src=\"https:\/\/www.youtube.com\/iframe_api\"><\/script>\n<div class=\"aticle-video-wrapper\">\n    <p class=\"section-description-top\">Correlate &#038; Prioritize<\/p>    <h3>ASPM | In the IDE | Checkmarx<\/h3>\n    <div class=\"aticle-video-box\">\n                    <iframe width=\"913\" height=\"514\" src=\"https:\/\/www.youtube.com\/embed\/feqKwUftMbM?enablejsapi=1\" class=\"youtube-player\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n                <\/div>\n    <p>Checkmarx ASPM is included with Checkmarx One and has everything you need to effectively manage your application security posture across your entire application footprint. That includes in the IDE itself making everything dev-friendly.<\/p>\n            <a href=\"https:\/\/checkmarx.com\/product\/aspm\/\" class=\"btn btn-2 btn-bg accent demo\">Discover more<\/a>\n        <\/div>\n<script>\n    \/\/ For youtube video only\n    var playerReady = false;\n    var player;\n\n    function onYouTubeIframeAPIReady() {\n        const iframe = document.querySelector('iframe.youtube-player');\n        if (!iframe) {\n            console.warn('Youtube player not found');\n            return;\n        }\n\n        player = new YT.Player(iframe, {\n            events: {\n                onReady: () => {\n                    playerReady = true;\n                }\n            }\n        });\n    }\n\n\n    document.addEventListener('DOMContentLoaded', () => {\n        let videoBtn = document.querySelector('.youtube-overlay-image-link');\n\n        if (!videoBtn) return;\n\n\n        videoBtn.addEventListener('click', (e) => {\n            e.preventDefault();\n            videoBtn.style.display = 'none';\n\n            if (!player || !playerReady) {\n                console.warn('The player isn\\'t ready yet');\n                return;\n            }\n\n            player.playVideo();\n\n        })\n    })\n<\/script>\n\n\n<h3 class=\"wp-block-heading\">How Checkmarx helps<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong><a href=\"https:\/\/checkmarx.com\/sast-ebook-10-key-considerations\/\">Checkmarx SAST<\/a><\/strong> provides accurate findings, best\u2011fix guidance, and rich remediation context. <\/li>\n\n\n\n<li>\n<strong><a href=\"https:\/\/checkmarx.com\/product\/application-security-platform\/\">Checkmarx One<\/a><\/strong> unifies SAST, SCA, DAST and more on a single, developer\u2011first platform &#8211; ideal when you\u2019re modernizing pipelines but still maintain SVN estates.<\/li>\n\n\n\n<li>\n<strong>CLI &amp; <a href=\"https:\/\/checkmarx.com\/blog\/top-three-benefits-of-cxflow\/\">CxFlow<\/a><\/strong> make it easy to trigger scans and orchestrate results from hooks, CI jobs, or webhooks.<\/li>\n<\/ul>\n\n\n\n<section class=\"section-accordion\">\n    <div class=\"main-wrapper section-accordion__wrapper\">\n        <h2 class=\"section-title article-anchor\" id=\"article-anchor-7\">FAQ (developer\u2011focused)<\/h2>\n        <div class=\"fag-accordion__wrapper\">\n            <div class=\"js-accordion fag-accordion\">\n                <div>\n\n                                            <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Does SVN support hooks suitable for kicking off scans?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Yes. SVN provides server\u2011side <strong data-start=\"6814\" data-end=\"6828\">pre\u2011commit<\/strong> and <strong data-start=\"6833\" data-end=\"6848\">post\u2011commit<\/strong> hooks (among others). For SAST, <strong data-start=\"6881\" data-end=\"6896\">post\u2011commit<\/strong> hooks are commonly used to trigger scans asynchronously.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Can I run Checkmarx scans from the command line?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Yes. The <a href=\"https:\/\/docs.checkmarx.com\/en\/34965-350124-running-scans-via-the-cli.html\"><strong data-start=\"7059\" data-end=\"7080\">Checkmarx One CLI<\/strong><\/a> can scan a local directory, a .zip, or a repository URL and generate outputs for toolchains (e.g., SARIF).<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Does Checkmarx integrate directly with SVN as a source control type?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Yes. In <a href=\"https:\/\/checkmarx.com\/cxsast-source-code-scanning\/\"><strong data-start=\"7312\" data-end=\"7330\">Checkmarx SAST<\/strong><\/a>, you can set the project\u2019s source to <strong data-start=\"7368\" data-end=\"7375\">SVN<\/strong> (as well as TFS, Git, and Perforce).<\/p>\n                            <\/div>\n                        <\/div>\n                        <\/div>\n<div>                        <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Does the Eclipse plugin scan local or server code?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>IDE\u2011initiated scans operate on <a href=\"https:\/\/docs.checkmarx.com\/en\/34965-8112-scans-triggered-from-eclipse.html\"><strong data-start=\"6484\" data-end=\"6508\">local workspace code<\/strong><\/a> in Eclipse (ideal for pre\u2011commit checks).<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Where do I get the Eclipse plugin?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Install via <strong data-start=\"6645\" data-end=\"6668\">Eclipse Marketplace<\/strong> or follow the Checkmarx<a href=\"https:\/\/docs.checkmarx.com\/en\/34965-68729-installing-and-setting-up-the-checkmarx-one-eclipse-plugin.html\"> <strong data-start=\"6693\" data-end=\"6715\">installation guide<\/strong><\/a>.<\/p>\n                            <\/div>\n                        <\/div>\n                                        <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<script type=\"application\/ld+json\">{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"url\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"Does SVN support hooks suitable for kicking off scans?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. SVN provides server\u2011side pre\u2011commit and post\u2011commit hooks (among others). For SAST, post\u2011commit hooks are commonly used to trigger scans asynchronously.\"}},{\"@type\":\"Question\",\"name\":\"Can I run Checkmarx scans from the command line?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. The Checkmarx One CLI can scan a local directory, a .zip, or a repository URL and generate outputs for toolchains (e.g., SARIF).\"}},{\"@type\":\"Question\",\"name\":\"Does Checkmarx integrate directly with SVN as a source control type?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. In Checkmarx SAST, you can set the project\u2019s source to SVN (as well as TFS, Git, and Perforce).\"}},{\"@type\":\"Question\",\"name\":\"Does the Eclipse plugin scan local or server code?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"IDE\u2011initiated scans operate on local workspace code in Eclipse (ideal for pre\u2011commit checks).\"}},{\"@type\":\"Question\",\"name\":\"Where do I get the Eclipse plugin?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Install via Eclipse Marketplace or follow the Checkmarx installation guide.\"}}]}<\/script>\n\n\n<p class=\"has-text-align-left\"><\/p>","protected":false},"excerpt":{"rendered":"<p>Definition: SVN static code analysis is the practice of running Static Application Security Testing (SAST) against code stored in Apache Subversion (SVN) to find vulnerabilities early in the SDLC &#8211; before code runs. Why it matters to dev &amp; AppSec teams How SVN static code analysis typically works Eclipse static code analysis (IDE\u2011first) Many teams [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":101820,"template":"","glossary-tags":[],"class_list":["post-53369","glossary","type-glossary","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN - Checkmarx<\/title>\n<meta name=\"description\" content=\"Learn how to integrate static code analysis with Apache Subversion (SVN) and Eclipse -hooks, CLI, CI, and IDE scans - using Checkmarx SAST and Checkmarx One.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Learn how to integrate static code analysis with Apache Subversion (SVN) and Eclipse -hooks, CLI, CI, and IDE scans - using Checkmarx SAST and Checkmarx One.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-21T15:46:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1279\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/\",\"url\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/\",\"name\":\"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp\",\"datePublished\":\"2013-08-12T14:32:15+00:00\",\"dateModified\":\"2026-04-21T15:46:24+00:00\",\"description\":\"Learn how to integrate static code analysis with Apache Subversion (SVN) and Eclipse -hooks, CLI, CI, and IDE scans - using Checkmarx SAST and Checkmarx One.\",\"breadcrumb\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp\",\"width\":2560,\"height\":1279,\"caption\":\"SAST testing image\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Glossary\",\"item\":\"https:\/\/checkmarx.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN - Checkmarx","description":"Learn how to integrate static code analysis with Apache Subversion (SVN) and Eclipse -hooks, CLI, CI, and IDE scans - using Checkmarx SAST and Checkmarx One.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/","og_locale":"en_US","og_type":"article","og_title":"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN - Checkmarx","og_description":"Learn how to integrate static code analysis with Apache Subversion (SVN) and Eclipse -hooks, CLI, CI, and IDE scans - using Checkmarx SAST and Checkmarx One.","og_url":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-04-21T15:46:24+00:00","og_image":[{"width":2560,"height":1279,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/","url":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/","name":"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp","datePublished":"2013-08-12T14:32:15+00:00","dateModified":"2026-04-21T15:46:24+00:00","description":"Learn how to integrate static code analysis with Apache Subversion (SVN) and Eclipse -hooks, CLI, CI, and IDE scans - using Checkmarx SAST and Checkmarx One.","breadcrumb":{"@id":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/The-Role-of-SAST-in-Achieving-Compliance-scaled.webp","width":2560,"height":1279,"caption":"SAST testing image"},{"@type":"BreadcrumbList","@id":"https:\/\/checkmarx.com\/glossary\/svn-static-code-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Glossary","item":"https:\/\/checkmarx.com\/glossary\/"},{"@type":"ListItem","position":2,"name":"SVN Static Code Analysis (Subversion SAST): How Developers Integrate Scans with SVN"}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53369\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/101820"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=53369"}],"wp:term":[{"taxonomy":"glossary-tags","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary-tags?post=53369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}