Skip to main content

Viewing Results

Checkmarx One shows data for all the environments in your tenant account as defined in Access Control. The Environments page (Applications and Projects Environment tab) shows a table listing all of your environments.

You can also drill down to view the Environments page for an individual environment, which shows information about the scans currently running or that have finished. You can drill down further to view the All risks view, which shows detailed information about each risk identified in the last scan.

Viewing DAST Results in the Risks Table

Access DAST Results

To access the results in the Environment table, hover over the intended line and select View.

6790251153.png

All Risks

The All Risk table displays the list of risks found during the last DAST scan of the environment.

The scan results data is from a single DAST scan.

6790251147.png

Filtering Risks

The risk list supports filtering options by any column.

Filtering supports applying several filters simultaneously (with an AND condition between the filtering options).

The following filtering columns are optional:

  • Severity

  • Status

  • Risk Name

  • URL

  • Path

  • Method

6790251144.png
6790251141.png
6790251138.png

Accessing Risk Details

To access the risk details, click on the row of the risk that you need details. A new window opens, presenting a brief description of the risk and its resolution.

6790251135.png

To access more information regarding the risks:

1. Click on the Severity button.

6790251132.png

The following additional fields are displayed:

  • State

  • Risk level

  • Confidence

  • Method

  • Param

  • URI

  • Evidence

  • Attack

6790251120.png

2. In the Description pane, click View More to display a full explanation of the risk.

6790251129.png
6790251111.png

3. In the Resolution pane, click View More to display a full explanation on how to resolve the risk.

6790251126.png
6790251108.png

4. Click View Findings to open a side panel with the following information:

  • Risk Level

  • Risk State

  • Request Headers

  • Response Body and Headers

6790251123.png
6790251105.png

Managing (Triaging) Results

Checkmarx One tracks specific risks instances throughout your software development life cycle (SDLC). Each risk instance has a ‘Predicate’ associated with it, which is comprised of the following attributes: ‘State’, ‘Severity’ and ‘Notes’. After reviewing the results of a scan, you have the ability to triage the results and modify these predicates accordingly.

You can adjust the predicate for a specific risk while viewing that risk on the All risks page.

Triaging a Single Vulnerability

To edit the result predicate:

1. Open the vulnerability that you would like to edit.

2. Click on the Severity button

6790251132.png

3. To change the state, click on the State field, and select from the dropdown list one of the following states:

  • To Verify

  • Not Exploitable

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

    6790251117.png

4. To change the risk level, click on View Findings, and from the drop-down list select one of the following risk levels:

  • Urgent

  • Medium

  • Low

  • Info

6790251123.png
6790251102.png

There is also the possibility to change the State in this window.

6790251099.png

5. To confirm the changes, click Save .

6790251096.png

Triaging Multiple Vulnerabilities (Bulk Action)

To edit the result predicates for multiple vulnerabilities:

  1. In the All Risks table, select the checkbox next to the risks you want to change.

    A menu bar is displayed at the top of the table.

    6790251093.png
  2. To adjust the severity, click Change Severity, and select one of the following severities from the drop-down list: High, Medium, Low, or Info.

  3. 6790251090.png

    To adjust the state, click Change State, and select from the drop-down list one of the following states:

    To Verify, Not Exploitable, Confirmed, Urgent, or Proposed Not Exploitable.

    6790251087.png