Skip to main content

Managing Projects

A Checkmarx One project defines the source to be scanned, used scanners, scan tags, and groups assignment. Normally, a Checkmarx One project should correspond to a software development project, or to part of one. Any time a scan is run, the scan results remain associated with the project.

For Continuous Integration development methodology, if a new branch is created for each iteration, update the code location within the existing project (rather than creating a new project) so that all the results will reside within a single project.

For every Project that exists in Checkmarx One, the following actions are available:

Viewing the Projects Tab

The Workspace Workspace.png > Projects screen, enables you to manage and monitor all of your Checkmarx One Projects.

Projects_Tab.png

The top section shows the Overview widgets which give aggregated results for all of your projects. The Severity counter widgets are clickable, enabling you to easily filter the project display to show only projects with High, Medium or Low risk levels.

Below that, the Projects pane shows a list of the projects in your account. You can click on a project row to show a summary of the most recent scan results, or you can click on the View.png icon to open the project page.

The following table describes the information shown for each project and the actions that can be taken.

Item

Description

Possible Values

Selection Box

Select multiple checkboxes to perform bulk action on all selected Projects. Buttons appear at the top of the table enabling you to do the following bulk actions on the selected Projects: Delete, Assign to Applications and Project Configuration

ID

Click on the Dulpicate.png icon in a Project’s row to copy the ID of that Project to your clipboard.

Project Name

The name of the Project.

 

Last Scan Origin

Shows how the most recent scan of the Project was triggered.

webapp, Push Webhook, etc.

Last Source Type

Shows how the source code was accessed for the most recent scan.

Zip, GitHub, etc.

Last Scan

Shows how much time has passed since the Project was last scanned.

Tags

Shows tags in key or key:value pairs that were applied to this Project.

Groups

Shows the groups that are assigned to the project.

Risk Level

The risk level of the Project, based on the vulnerabilities that were identified.

High, Medium, Low, No Risk

Vulnerability Counters

The number of vulnerabilities identified for each severity level is shown.

Note

Checkmarx uses the newest available CVSS scoring system. If a vulnerability has a CVSS v3.1 score, that score is used; if it only has a CVSS 2.0 score in NVD, that score is used.

The vast majority of vulnerabilities have CVSS 3.1 scores, and all unique Cx Vulnerabilities are ranked using the CVSS 3.1 system.

Actions Buttons

Eye.png Results

Open the Project page showing detailed information about the Project.

Context Menu

Delete

Delete the Project and its associated scans. See Deleting Projects

Assign to Applications

Assign the Project to one or more Applications. See Managing Applications

Project Settings

Edit the Project settings. See Configuring Projects

Edit Queries

Edit SAST queries. See SAST Query Editor

Optimization Service Order

Order Optimization service from the Checkmarx AppSec experts for this Project.

Generate Report

Generate a Project report. See Project Reports