Skip to main content

Making Comments Mandatory on Result Severity State Change

Checkmarx SAST offers the option to require adding comments when changing the state of a scan result in one of the following two modes:

  • Changing the state of a scan result to Not Exploitable or Proposed Not Exploitable

  • Changing the state of a scan result to any state.

This functionality is configured via a flag in your SQL database and disabled by default. If you wish to enable this feature, you have to do so in the respective SQL database table as explained below: