Skip to main content

Reviewing IaC Security results

In this section, we will look at how to consume IaC Security results. IaC Security results appear in two sections, a Vulnerabilities table, and a Code Viewer.

The Vulnerabilities table displays a list of vulnerabilities found during the last IaC Security scan. In this section, you can group and filter the vulnerabilities found.

The Code Viewer section allows you to view a specific source code vulnerability, including its detailed information.

Grouping and filtering KICS

The KICS results window displays all the vulnerabilities found for a specific scan. These vulnerabilities can be grouped and filtered according to your needs.

The goal is to make it easier for engineers responsible for reviewing and remediating code to organize results found by the KICS scanner.

In this video, we guide you through the process of grouping and filtering KICS results on the Checkmarx One platform.

For more details and instructions, please see the following articles.

IaC Security Results

Code viewer and KICS

After selecting vulnerabilities from the results list, you can open the code viewer to get more details. The code viewer allows you to view a specific source code vulnerability, including its detailed information. The code viewer will help engineers responsible for reviewing vulnerabilities see the risks they may bring to the project and application, and it will help them decide if they should be remediated or not. The developers responsible for remediating the findings can use the information shown in the code viewer and our recommendations to work on the fixes needed to improve the code from a security perspective.

This video will show you how to use the code viewer and its features.

For more details and instructions, please see the following articles.

Code Viewer