Recalculating SCA Scan Results
Checkmarx enables scan Recalculation for the SCA scanner. This feature utilizes the dependencies identified in a previous scan and re-assesses the risks affecting your project based on the current data. There is no need to resubmit the source code in order to run scan recalculation since it uses the dependency resolution output from the previous scan. This method is useful for “static” projects, where no significant changes have been made to the source code since the previous scan.
Results from scan recalculation are shown in Checkmarx One as a separate scan.
The following factors will affect the recalculated scan results:
If you changed the state of risks since the last scan of the project, those changes will be applied to the recalculated scan.
Notice
If you have made state changes since the last scan, a warning icon is shown next to the project name in the list of projects, indicating the need for a scan recalculation.
Checkmarx has identified new vulnerabilities associated with the dependencies in your project since the previous scan.
If you have changed the Policies that apply to your project since the last scan, the policy violations for the project will be updated.
Running Scan Recalculation
To run scan recalculation for the SCA scanner:
Navigate to the SCA Results for the desired project.
On the SCA Results screen, click on the Recalculate button in the header bar.
When the recalculation is completed the results are shown as a new scan of the project.