Skip to main content

In Previous Versions

Viewing Results from All Scans (v9.4.0 to 9.4.5)

You can view the results for one selected scan. Depending on your choice, you can either view a list of all scans or individually per selected project.

To view a list of all scans:

  • Go to Projects & Scans > All Scans. A list with all scans of all projects is displayed.

To view a list of scans for a selected project:

  1. To view a list of all scans of one project, go to Projects & Scans > Projects. A list of all projects is displayed.

  2. Select the desired project and display its scan list

    6436172814.png

    .

To view the scan results of a scan:

  • Select the desired scan

    6436172739.png

    from the scan list and then open the results viewer

    6436172817.png

    to display the results.

Projects and Scan Options

Under Projects & Scans > Projects, various scan and project-related actions are available. For information and instructions on creating and configuring projects, refer to Creating and Configuring Projects.

6436172799.png

Table Columns

Column

Action

Description

Project selector

Check to select project 6436172772.png

Selects a project to perform one of the available actions outlined.

Project Name

Lists the name of the project.

Team

Lists the team to which this project is assigned.

Preset

The preset you selected when creating the project

Total Scans

Number of scans run for this project.

Last Scanned

Date and time of the last scan run for the project.

Scans List

6436172814.png View Project Scans

Displays the project in the individual project path, for example, Projects & Scans/View Project Scans/My Java Projects.

Actions

6436172820.png Full Scan

Scans the entire project. If the project is configured for a local location, you have to upload a zip file with the updated source code.

6436172826.png Incremental Scan

Scans only new and modified files since the last scan.

Notice

Incremental scan significantly shortens the scan time, but it is not recommended for projects with significant amounts of changes.

6436172823.pngBranch Project

The Branch Project operation is similar to copy project, but it copies a different set of properties: Preset, Team and the Last scan from the source project with all results and remarks.

6436172829.pngDuplicate Project

Duplicate Project creates a new project based on the setting of an existing one. From the existing project it will copy the following: Preset, Team, Exclusions, Scheduling, Pre-scan emails, Post-scan emails and Scan failure emails.

All Scans

Under Projects & Scans > All Scans, all scan results appear in a table with each row representing an individual scan result set. You can sort tables according to Scan Date, Scan Complete Date, Project Name or Risk Level Score. Additional options are available under Managing Tables.

6436172802.png

Table Columns

  • Scan selector: Check

    6436172754.png

    to select a scan to perform one of the available actions outlined at the bottom of this list.

  • Scan indicator:

    6436172730.jpg

    - indicates a full scan,

    6436172733.jpg

    - indicates an incremental scan

    6436172571.png

    - indicates a partial scan. Information on why only a partial scan was performed is provided in Scan Summary. For more information about partial scans, refer to the FAQ section

    6436172574.png

    - indicates scan in process

  • Scan Date: The date when the scan was started

  • Scan Complete: The date when the scan was completed.

  • Project Name: The project for which the scan was performed.

  • Initiator: The user who activated the scan

  • Origin: The system from which the scan was activated

  • Origin URL: The triggered URL of origin (e.g., Jenkins URL)

  • Risk Level Score. A risk indicator bar

    6436172751.png

    indicates the overall risk calculation of all vulnerabilities found in this scan (between 0% and 100%).

  • LOC (Lines Of Code): The number of lines that the code in the project consists of.

  • Team: The team that the scan is assigned to

  • Server Name: The CxEngine server that performed the scan

  • Cx Version: The CxSAST version at scan time.

  • Comments: Indicates any comments maintained for the project, for future scans and for instances that continue to be found.

  • Access: Defines whether the scan is a private scan (not visible to others, but can be viewed by immediate managers) or a public scan.

  • Locked: If a scan is locked

    6436172832.png

    , this column marks it as Locked to avoid automated purging of important scan data. Locked scans cannot be deleted. There is no entry in tis column for unlocked

    6436172856.png

    scans.

  • Action. The following can be performed for selected scans:

    6436172838.png

    - displays the scan results

    6436172841.png

    - generates a scan report

    6436172844.png

    - creates a summary of the scan

    6436172847.png

    - locks the scan to prevent it from being deleted

    6436172850.png

    - downloads the scan logs for the selected scan

Summary of All Scans

  • If a scan has been initiated for a non-local project or if an incremental scan has been initiated for a local project with no code changes since the previous scan, the Comments indicate that the scan was not actually performed.

  • Under Monitoring, scan details are displayed for a selected scan in the table as illustrated below:

6436172805.png

The Monitoring tab provides two graphical summaries of found vulnerabilities:

    • Top 5 Vulnerabilities. This chart displays the five most common high and medium vulnerabilities detected in this scan.

    • Risk Indicator. This chart represents the correlation between the severity and the quantity of the results.

      o Severity - Axis X (value between 0 and 100) is calculated according to the number of high, medium and low severity results

      o Quantity - Axis Y (value between 0 and 100) is calculated according to the number of high, medium and low severity results

The Comments tab allows you to write comments on the scan results.

6436172808.png

Scan Results

Notice

You can view the results of one scan at the time.

To view scan results for the desired scan, do the following:

  1. Display all scans or the scans of a certain project as explained above.

  2. Select

    6436172772.png

    the desired scan in the list and click

    6436172853.png

    . The scan results for the selected scan appear.

  3. For detailed information on the scan results, refer to Navigating Scan Results.

Comparing Scans

To compare two scans, do the following:

  1. Display all scans or the scans of a certain project as explained above.

  2. Select

    6436172772.png

    two scans and click Compare Scans

    6436172859.png

    . The Scans Compare screen is displayed.

  3. Click <Results> in order to see a 'file compare' showing the code differences in each file, grouped by vulnerability/scan result.

6436172811.png

Deleting Scans

Delete one or more scans as follows:

  1. Select

    6436172772.png

    the rows of the requested scans.

  2. Click

    6436172775.png

    . You are asked to confirm your request.

  3. Click <OK> to confirm the delete request.

Notice

  • If the user does not have the authorization required for deleting scans, no scan will be deleted.

  • Locked scans are not deleted. If, for example, one scan out of three is locked

    6436172865.png

    , a message appears indicating that only 2 of the 3 scans have been deleted successfully.

  • To display the details of a locked scan, click Export as CSV File

    6436172862.png

    to download the DeleteErrors.csv file, which displays the details of the locked scan.

  • Unlocking all scans indicated in the report enables full deletion of the project.