Viewing the Project Page
The Project page shows detailed results for a specific Project. This info includes widgets representing the packages and vulnerabilities discovered in the Project.
The Project page is opened for a specific Project by clicking on the row of the desired Project in the Project pane on the Dashboard (Home page).
![]() |
Header Bar
The Header bar shows general info about the Project and scan that is currently displayed on the page.
![]() |
The following tables describe the info shown in the Header bar and the action buttons that are available.
This screen includes a Header bar with general info about the Project and scan. It also shows detailed results, divided into the following tabs.
Overview – shows the overall status of the project, including the number of packages, vulnerabilities, outdated packages, packages with legal risk, policy violations, and the top vulnerable packages.
Scan History – for each scan of the project it shows the risk level, status, scan method, vulnerabilities, when it was scanned, and by whom.
The following action buttons are shown in the Header bar.
- hover over this icon and select the type of data you would like to export.
- hover over this icon and select the type of scan you would like to perform.
- click to show the options to open the Project Settings or Delete Project.
Header Bar Info
Item | Description | Possible Values |
---|---|---|
Breadcrumbs Navigation | Click on the breadcrumbs to navigate back to the HOME page. | e.g., ![]() |
Project Name | The name of the Project. | e.g., Demo01 |
Team | The teams that are assigned to the Project. | e.g., All users, Team01 |
Scan Method | The method that was used to scan the Project. |
|
Last Scanned | The complete date that the last scan was performed on your project. | e.g., Jan 28, 2021 11:22 AM |
Scan ID | When you hover over Scan ID, the unique identifier of the scan generated by Checkmarx SCA is shown. There is a button to copy the ID to your clipboard. | e.g., 95fc1f60-a4aa-4835-acfd-95aa315d4890 |
Header Bar Actions
Icon | Action | Description | Options |
---|---|---|---|
![]() | Scan Report | Click on this button to download a file containing an overview of the security of your project as well as specific vulnerabilities, legal risks, and outdated versions identified by the scan. | Report sections:
File formats:
|
Software Bill of Materials | Click on this button to download a file containing detailed info about each of the open source packages used by your program and the associated risks, using CycloneDX v1.3 standard. | File formats:
| |
Remediation Manifest | Click on this button to start the process of remediating the Project’s manifest files. For more information see Remediation using a Manifest File. | - | |
![]() | Scan Project | Click on this button to run a new scan on the Project. For more information, see Scanning a Project. | - |
Recalculate Last Scan | Click on this button to send the list of project dependencies from the last scan to the risk generator. This can be used to re-evaluate a "static" Project where no significant changes have been made. For more information, see Recalculating Risk. | - | |
![]() | Project Settings | Edit the settings for the Project. | - |
Delete Project | Delete a Project and its associated scans. | - |
Overview Tab
![]() |
The Overview tab shows the overall status of the Project. The page contains the following sections.
Widgets - show overall measures of the risks associated with the Project. Clicking on the widgets will open their related page.
Graphs - the cards below give more info about the Project in a graphical format.
Top Vulnerable Packages - shows a list of the packages with the highest risk levels.
Overview Widgets and Graphs
The following table describes the info shown in the Overview widgets and graphs.
Item | Description | Possible Values | |
---|---|---|---|
Scanned Packages | The number of packages identified by this scan of your Project. Click on the widget to open the Packages tab of the Scan Results page for the Project. | e.g., 15 | |
Outdated Packages | The number of outdated packages in the Project. Click on the widget to open the Packages tab of the Scan Results page for the project filtered by Outdated. TipThis includes all packages for which a newer version is available, regardless of whether or not it contains vulnerabilities. | e.g., 12 | |
Packages with Legal Risk | The number of packages in the Project with high or medium legal risk. Click on the widget to open the Packages tab of the Scan Results page for the project filtered by Legal Risk: High, Medium. | e.g., 8 | |
Vulnerabilities & SCS Risks | The combined total number of vulnerabilities and supply chain risks in the project followed by a color coded bar graph indicating the number of vulnerabilities and SCS risks of each severity level. Click on the widget to open the Risks tab of the Scan Results page for the Project. | e.g.,
| |
Policy Violations | The number of policy violations in the Project. Click on the widget to open the Policy Violations tab of the Scan Results page for the Project. | e.g., 2 | |
Vulnerabilities & SCS Risks | A line graph showing the number of vulnerabilities and scs risks over time according to severity. Each point on the graph represents a different scan of the project. Hover over a point to see the exact number of vulnerabilities. |
- | |
Outdated | A line graph showing the number of outdated packages in the Project over time. Each point on the graph represents a different scan of the Project. Hover over a point to see the exact number of outdated packages. |
- | |
Legal Risks | A color coded graph indicating the number of distinct legal risks of each severity level. Hover over the graph or the key to show a breakdown of license names within each Legal Risk level. Click on the graph or the key to open the Packages tab of the Scan Results page, filtered by the Legal Risk level you clicked on (high, medium, low, or unknown). | -
|
Top Vulnerable Packages
This section shows a list of the packages with the highest risk levels.
You can click on a specific vulnerable package to open the Packages tab of the Scan Results page showing the Package Details tab for the specified package.
The following table describes the info shown for each package and the action that can be taken in this pane.
Item | Description | Possible Values | |
---|---|---|---|
Risk Level | The severity level of the highest risk existing in the package. For Vulnerabilities, this is based on its CVSS score in the NVD. |
For more info see SCA Risk Severity Levels. | |
Package Name | The name of the package in which the vulnerability was identified. | e.g., javax.annotation:javax.annotation-api | |
Package Version | The version of the package where the vulnerability was identified. Hover over the display to show the date of your version, and if available, the version number and date of the latest version as well as the number of new versions since your most recent update. | e.g., 2.0.0 | |
License Name | Shows all licenses that you have that are associated with this package. For packages with multiple licenses, hover over the display to show all licenses and the associated legal risks. | e.g., GPL 2.0 | |
Vulnerabilities & SCS Risks | A color coded bar graph indicating the number of vulnerabilities and supply chain risks of each severity level. | e.g.,
| |
Dependency Type | The type of package manager used by the project. | Maven, Pip, Nuget, Packegist, or Npm | |
Action Button | |||
Scan Results button | Click on this button to open the Scan Results page showing the All Packages sub-tab, which lists all of the packages that were identified by the most recent scan of the Project. | - |
Scan History Tab
The Scan History tab shows a list of all scans that were run on the Project. Each record shows general info about the scan as well as overall results for the scan. You can filter the results by entering a specific value for Scan Method or Scanned By in the search box. You can also sort by column headers and set filters for each column.
You can click on a specific scan to open the Scan Results page for that scan of the Project.
Notice
If you clicked on any scan other than the most recent scan, a message in the header bar indicates that a Newer Report is Available. Click on this message to open the most recent Risk Report for the Project.
Warning
This screen only shows data for 30-50 of the most recent scans (depending on number and timing of failed scans). Data for earlier scans is still stored in the system and can be retrieved via API.
![]() |
Item | Description | Possible Values | |
---|---|---|---|
Risk Level | The severity level of the highest vulnerability existing in the package, based on its CVSS score in the NVD. |
For more info see Severity Levels. | |
Scan Status | The current status of the scan. | Scanning, Successful, Failed | |
Method (Origin) | The method that was used to scan the project. |
| |
Tags | The tags assigned to the scan. | e.g., Dev | |
Risks (Aggregated) | A color coded bar graph indicating the number of risks of each severity level. | e.g.,
| |
Scanned/Date | The relative time or complete date that the last scan was performed on your project. Toggle between relative time and date by clicking Scanned or Date in the column header. | e.g., 19 days ago e.g., Jan 28, 2021 11:22 AM | |
Scanned By | The user who initiated the scan. | e.g., admin | |
Action Buttons | |||
Hide failed scans toggle | In the Header Bar there is a Hide failed scans switch that enables you to hide the scans that failed when scanning. Toggle this switch (to the right) in order to hide the failed scans. | - |