Skip to main content

Viewing Scan Reports

The scan report drills down into the data collected and provides details on the vulnerabilities found.

The different sections in a scan report can be exported independently from each other. For example only the Executive Summary or Scan Summary or Scan Results can be generated.

Executive Summary

This section contains the totals for all of the scanners i.e. SAST, IaC Security and SCA. The scan information provides:

  • Total Vulnerabilities - The total vulnerabilities by level .

  • Project name - The name of the project.

  • Scanner - The scanners used for the scan, whether it is SAST, IaC Security, SCA or a combination of them.

  • Risk Level - The risk level for the project: High, Medium, Low or Info.

  • Result Triage - Triage which shows separate information for each scanner in terms of how many of the vulnerabilities were verified, confirmed, not exploitable or urgent.

Executive_Summary.png

Scan Summary

This section of the report displays a summary of the scan properties which includes the:

  • Scan ID - Each scan has a unique ID.

  • Language - The code scanned, for example JavaScript.

  • Number of scanners - The amount of scanners used for the scan.

  • Completed date - The date and time down to the second, when the scan was completed.

  • Scanner types - The types of scanners used for the scan, for example SAST, IaC Security and SCA.

Category

The category lists every type of category vulnerability defined by Checkmarx if it is relevant to the scan. The results are presented independently from the engines per category by high, medium and low.

Category.png

Scan Results

The total results for each scan type are presented graphically and are drilled down into the details. The details also contain a CWE link which opens the Common Weakness Enumeration website. This website provides in-depth information, explanations and examples of the vulnerability.

Scan Results details include:

  • A graphic representation of the total scans run for the scanner.

  • The language scanned, for example, Python.

  • The vulnerability found.

  • A full description of the vulnerability.

  • The query path is the path to the folder of where the file is.

  • Total flows is the number of the same kind of vulnerability in one scan. In the example below, 3.

ScanResult.png