Skip to main content

Viewing Results from All Scans

You can view the results for one selected scan. Depending on your choice, you can either view a list of all scans or individually per selected project.

To view a list of all scans:

  • Go to Projects & Scans > All Scans. A list with all scans of all projects is displayed.

To view a list of scans for a selected project:

  1. To view a list of all scans of one project, go to Projects & Scans > Projects. A list of all projects is displayed.

  2. Select the desired project and display its scan list 6478496207.png .

To view the scan results of a scan:

  • Select the desired scan 6478496165.png from the scan list and then open the results viewer 6478496210.png to display the results.

Projects and Scan Options

Under Projects & Scans > Projects, various scan and project-related actions are available. For information and instructions on creating and configuring projects, refer to Creating and Configuring Projects.

6478496192.png

Table Columns

Column

Action

Description

Project selector

Check to select project 6478496165.png

Selects a project to perform one of the available actions outlined.

Project Name

Lists the name of the project.

Team

Lists the team to which this project is assigned.

Preset

The preset you selected when creating the project

Total Scans

Number of scans run for this project.

Last Scanned

Date and time of the last scan run for the project.

Scans List

6478496207.png View Project Scans

Displays the project in the individual project path, for example, Projects & Scans/View Project Scans/My Java Projects.

Actions

6478496213.png Full Scan

Scans the entire project. If the project is configured for a local location, you have to upload a zip file with the updated source code.

6478496219.png Incremental Scan

Scans only new and modified files since the last scan.

Notice

Incremental scan significantly shortens the scan time, but it is not recommended for projects with significant amounts of changes.

6478496216.pngBranch Project

The Branch Project operation is similar to copy project, but it copies a different set of properties: Preset, Team and the Last scan from the source project with all results and remarks.

6478496222.pngDuplicate Project

Duplicate Project creates a new project based on the setting of an existing one. From the existing project it will copy the following: Preset, Team, Exclusions, Scheduling, Pre-scan emails, Post-scan emails and Scan failure emails.

All Scans

Under Projects & Scans > All Scans, all scan results appear in a table with each row representing an individual scan result set. You can sort tables according to Scan Date, Scan Complete Date, Project Name or Risk Level Score. Additional options are available under Managing Tables.

6478496261.png

Table Columns

  • Scan selector: Check 6478496147.png to select a scan to perform one of the available actions outlined at the bottom of this list.

  • Scan indicator:

    6478496123.jpg - indicates a full scan

    6478496126.jpg - indicates an incremental scan

    6478495964.png - indicates a partial scan. Information on why only a partial scan was performed is provided in Scan Summary. For more information about partial scans, refer to the FAQ section

    6478495967.png - indicates scan in process

  • Scan ID: The identifier of the scan. The column can searched and sorted.Scan Date: The date when the scan was started

  • Scan Complete: The date when the scan was completed.

  • Project Name: The project for which the scan was performed.

  • Initiator: The user who activated the scan

  • Origin: The system from which the scan was activated

  • Origin URL: The triggered URL of origin (e.g., Jenkins URL)

  • Risk Level Score. A risk indicator bar 6478496144.png

    indicates the overall risk calculation of all vulnerabilities found in this scan (between 0% and 100%).

  • LOC (Lines Of Code): The number of lines that the code in the project consists of.

  • Team: The team that the scan is assigned to

  • Server Name: The CxEngine server that performed the scan

  • Cx Version: The CxSAST version at scan time.

  • Comments: Indicates any comments maintained for the project, for future scans and for instances that continue to be found.

  • Access: Defines whether the scan is a private scan (not visible to others, but can be viewed by immediate managers) or a public scan.

  • Locked: If a scan is locked 6478496225.png, this column marks it as Locked to avoid automated purging of important scan data. Locked scans cannot be deleted. There is no entry in tis column for unlocked 6478496249.png scans.

  • Preset: Name of the preset that ran when scanning the code. This column is hidden by default. The column can be searched and sorted.

  • Action. The following can be performed for selected scans:

    6478496231.png - displays the scan results

    6478496234.png - generates a scan report

    6478496237.png - creates a summary of the scan

    6478496240.png - locks the scan to prevent it from being deleted

    6478496243.png - downloads the scan logs for the selected scan

Summary of All Scans

  • If a scan has been initiated for a non-local project or if an incremental scan has been initiated for a local project with no code changes since the previous scan, the Comments indicate that the scan was not actually performed.

  • Under Monitoring, scan details are displayed for a selected scan in the table as illustrated below:

6478496198.png

The Monitoring tab provides two graphical summaries of found vulnerabilities:

  • Top 5 Vulnerabilities. This chart displays the five most common high and medium vulnerabilities detected in this scan.

  • Risk Indicator. This chart represents the correlation between the severity and the quantity of the results.

    • Severity - Axis X (value between 0 and 100) is calculated according to the number of high, medium and low severity results

    • Quantity - Axis Y (value between 0 and 100) is calculated according to the number of high, medium and low severity results

The Comments tab allows you to write comments on the scan results.

6478496201.png

Scan Results

Notice

You can view the results of one scan at the time.

To view scan results for the desired scan, do the following:

  1. Display all scans or the scans of a certain project as explained above.

  2. Select 6478496165.png he desired scan in the list and click 6478496246.png. The scan results for the selected scan appear.

  3. For detailed information on the scan results, refer to Navigating Scan Results.

Comparing Scans

To compare two scans, do the following:

  1. Display all scans or the scans of a certain project as explained above.

  2. Select 6478496165.png two scans and click Compare Scans 6478496252.png. The Scans Compare screen is displayed.

  3. Click <Results> in order to see a 'file compare' showing the code differences in each file, grouped by vulnerability/scan result.

6478496204.png

Deleting Scans

Delete one or more scans as follows:

  1. Select 6478496165.png the rows of the requested scans.

  2. Click 6478496168.png. You are asked to confirm your request.

  3. Click <OK> to confirm the delete request.

Notice

  • If the user does not have the authorization required for deleting scans, no scan will be deleted.

  • Locked scans are not deleted. If, for example, one scan out of three is locked 6478496258.png, a message appears indicating that only 2 of the 3 scans have been deleted successfully.

  • To display the details of a locked scan, click Export as CSV File 6478496255.png to download the DeleteErrors.csv file, which displays the details of the locked scan.

  • Unlocking all scans indicated in the report enables full deletion of the project.

Usability Enhancements

The Results Viewer is enhanced with the following features:

  • The Similarity ID is displayed in a new column in the Results Viewer. The column, which is searchable, sortable, and groupable, is hidden by default.

    To make the column available, you must add it as an additional column, by right-clicking any column header in the Results Viewer, clicking Columns on the drop-down menu and then checking Similarity ID in the list of available columns, as shown below:

    6478791077.png

    Once checked, the new column is available in the results list, as shown below:

    6479642680.png
  • When clicking on a specific result in the Results list, the Similarity ID is included in the displayed details.

    6478758252.png
  • When the source code is deleted, an informative message is displayed. This message is displayed only if the source files in the CxSrc folder are deleted or their names are changed.

    SimIDnoSourceCodeBCRed.png