Skip to main content

Improved Scan Report

The Checkmarx One Improved Scan Report is a new type of report that includes an expanded set of data points and a user-friendly interface. It can be generated through the User Interface page and published in PDF or JSON format. To generate this report, toggle on the Generate improved scan report option at the Select Engines stage of the Generate Report settings.

The following template is currently available:

  • Vulnerability Type - the displayed results are grouped by vulnerability type.

Generic KPIs

Filtered By

Shows the filters applied when generating the report.

6879281187.png

Included: Data included in the report. All data available in the report is filtered according to the specified filters.

Excluded: Data filtered out from the report.

Currently, it is not possible to exclude data from the report, all data is included by default.

Scan Information

Scan Information shows details related to the SAST, IaC, and SCA scans, such as Scan Duration and Lines of Code Scanned, etc.

6853722291.png

Scan Results Overview

Total Results by Scanner/Engine

This section provides a breakdown of the total scan results categorized by scanner: SAST, SCA, or IaC.

By Density / Grade

This KPI is applicable to SAST and IaC only.

Shows the percentage of the scanned code with vulnerabilities: the ratio between the total number of vulnerabilities and the total number of lines of code *1000.

The percentage inside the pie chart refers to the lines of code with vulnerabilities and the percentage outside refers to the lines of code without vulnerabilities.

6854017171.png

By Status

This KPI is applicable to SAST, IaC, and SCA.

The pie chart shows the number of vulnerabilities grouped by status (New vs Recurrent). Each status displays the percentage and the total number of results found.

6854148282.png

By Severity

This KPI is applicable to SAST, IaC, and SCA.

The pie chart shows the scan results grouped by severity. Each severity displays the total number of findings, their percentage, and their density.

6853722338.png

By State

This KPI is applicable to SAST, IaC, and SCA.

This pie chart shows the scan results grouped by State. Each state displays the total number of findings, their percentage, and their density.

6854213853.png

By Language

The stacked chart shows the number of vulnerabilities and densities detected for each scanned language and their severities.

6853722344.png

By Technology

This KPI is applicable to the IaC scanner only. It shows the issues and vulnerabilities split by technology and helps users understand where problems occur across different parts of their infrastructure.

By Package

This KPI is applicable to the SCA scanner only. It shows the issues and vulnerabilities split by package.

By Vulnerability

This KPI is applicable to SAST only.

The table shows the total results by vulnerability type and their breakdown by severity and the total number of files where a vulnerability was detected.

The first column lists the name and the severity of the vulnerability type found. When the severity of a result is changed from its default it will be reflected in the report.

6853493048.png

Top 10 Vulnerabilities

This KPI is applicable to SAST only.

This card displays the 10 vulnerabilities with the highest totals of scanned findings.

It also shows the total findings for these 10 vulnerabilities and the total number of files with vulnerabilities. The total number of files affected is based on all distinct files with vulnerabilities and not the distinct files of the ‘10 vulnerabilities’ list.

Example: SQL_Injection: There are 15 High results, 0 Medium, 0 Low, and 0 Info.

6854213859.png

Top 10 Vulnerable Files

This KPI is applicable to SAST only.

This card displays the 10 files with the highest totals of scanned findings.

Example:\bookstore\Login.cs: There are 4 High results, 0 Medium, 0 Low, and 11 Info.

6854050029.png

5 Oldest Vulnerabilities

This KPI is applicable to SAST only.

The aging is calculated and not restricted to the project you are analyzing. The first date is calculated based on the result, regardless of the project.

6853558458.png

Scan Results

Each Vulnerability Type scan displays the total results with a description and its related categories.

The results are displayed together for each vulnerability type. This includes: Severity, Status, First and Last Detection dates, Source, and Destination. You can click on the hyperlink to be redirected to the result details in the Application.

6851890075.png

Categories

In each category available in the SAST engine, the total results are organized by severity.

Only categories with results are available in the report. Categories without results are excluded by default.

6878887992.png
In this section: