results
The results
command enables the ability to manage results in Checkmarx One.
Usage
./cx results[command] [flags]
Available Commands
Flags
Name | Default | Description |
---|---|---|
--help, -h | help for the results command |
results show
The results show
command is used to retrieve scan results (i.e., generate reports) in Checkmarx One.
Usage
./cx results show [flags]
Flags
Name | Required | Default | Description |
---|---|---|---|
--scan-id <string> | yes | Scan ID | |
--filter <strings> | no | All results are included | Specify filters for the data that will be included in the report that is generated. TipFilters aren't be applied to PDF reports. You can specify which sections to include in a PDF report using
|
--help, -h | no | Help for the results command | |
--output-name <string> | no | cx_result | Specify a name for the output file |
--output-path <string> | no | "." | Specify the file path for the output file |
--report-format <string> | no | json | Specify the format for the report that is generated. Options are: summaryHTML, summaryJSON, summaryConsole, sarif, json, sonar, markdown or PDF Tipjson, sarif, and sonar formats generate a detailed list of risks identified in the project. summaryHTML, summaryJSON, summaryConsole and markdown formats generate summary reports with aggregated risk data. PDF format reports by default generate a complete report including both a summary of risks as wel as a detailed list of risks. You can specify which sections to include in the report using |
--report-pdf-email <string> | no | Specify email recipients who will receive the pdf report. Multiple emails are separated by a ",". TipThis flag can only be used when | |
--report-pdf-options <string> | no | ScanSummary, ExecutiveSummary, ScanResults (i.e., all sections) | Specify the sections that will be included in the pdf format report. TipThis flag can only be used when Available sections are: Sast, Sca, Iac-Security, Api-Security, ScanSummary, ExecutiveSummary, ScanResults Tip
|
Pagination
By default all results are included in the report (up to 10k). You can use limit
to adjust the maximum number of results to return and offset
to specify the number of results to skip before starting to return results.
Example: The following command generates a report for records 21-30.
./cx results show --filter "limit=10,offset=20"
Applying Filters and Sorting
You can filter the results included in the report by specifying various parameters such as severity, state and status. These filters apply both to the list of risks that is returned as well as to the summary data that is given. You can also specify how the list of risks is sorted in the report.
When multiple filter attributes are used, an AND operator is applied between attributes. When multiple values are given for an attribute, an OR operator is used between values.
Filters are applied using the following syntax:
./cx results show --filter "attributeA=value1,attributeB=value1;value2;value3,..."
Example: The following command returns a report that includes data for all risks with a severity level "high" or "medium" and the status "new". The results are sorted by "first found at" in descending order.
./cx results show --filter "severity=high;medium,status=new,sort=-firstfoundat+queryname"
Examples
Retrieving all the scan ID’s
./cx scan list
[email protected]:~/ast-cli$ ./cx scan list Scan ID Project ID Status Created at Tags Initiator Origin ------- ---------- ------ ---------- ---- --------- ------ 3c028677-5df7-4bd9-8a10-7214ced45670 683c51da-8644-4e27-990f-1128ab911a1b Completed 09-10-21 [] service-account Github c0507cb4-c68a-4db8-9565-5308d409a931 683c51da-8644-4e27-990f-1128ab911a1b Completed 09-10-21 [] service-account Github 5ee3482e-b068-4bc5-9671-1c98098b3062 683c51da-8644-4e27-990f-1128ab911a1b Completed 09-09-21 [] service-account Github ecfa07b2-4d81-42c0-92ce-53762041a8ca ea97e0e1-e8e6-4dfa-b928-db7240ec3304 Completed 09-09-21 [] admin Chrome 93.0.4577.63 91c37ebc-7c10-4e0a-b53f-d41b7e09ee76 27364fe1-9294-4b45-b0b5-f5d86baaf223 Completed 09-07-21 [main:] service-account Chrome 93.0.4577.63 50eb0c6f-d0bf-4cb4-88a2-01fd9aac1e51 9ae9cf0d-d732-48d1-b3e0-41b3042d272c Completed 09-07-21 [] admin Firefox 91.0 6d8bbda9-10b6-42c5-833f-cee4d1c1e064 9ae9cf0d-d732-48d1-b3e0-41b3042d272c Completed 09-07-21 [] admin Firefox 91.0 dfa2f175-cb04-46c9-97dd-e3965f3d3868 68040961-b067-4cd9-828c-1dd7f3631791 Completed 09-05-21 [] grpc-java-netty 1.35.0 4b1f27e7-3bb5-440e-8146-2855ba656bfa e7b1f56b-e8a1-476e-b839-b63a01205677 Completed 09-05-21 [] admin Chrome 93.0.4577.58 3e28145e-b091-4548-ad2b-7ff67fff86d6 09ea1eeb-542b-4b08-8b08-bc8a1700d0d9 Completed 09-05-21 [] grpc-java-netty 1.35.0 07ca50a6-7d97-4dde-9e4b-8c184101d2af 09ea1eeb-542b-4b08-8b08-bc8a1700d0d9 Completed 09-05-21 [] grpc-java-netty 1.35.0 feaeb729-d39f-41cb-ab33-eae9a206548f 9f03b287-d314-40f7-8062-514aeac1ae6d Completed 09-03-21 [] admin Chrome 92.0.4515.159 51600234-3934-4a16-b3f1-ca00f2b91862 6f709d6a-b092-4f07-8fda-f33cc64c11f9 Completed 09-03-21 [] service-account Chrome 92.0.4515.159 1b5390f6-35ab-4c7f-947a-0d08e36bc45b 8be305d4-479a-4d46-a028-a326abdc0d37 Completed 09-03-21 [] service-account Chrome 92.0.4515.159 e6f5845b-fba5-4c3c-86f4-a58926ab8d17 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-03-21 [] service-account ASTCLI 2.0.0 df3ade70-c377-4240-8991-93f8bf350797 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-03-21 [] service-account ASTCLI 2.0.0 34d6d48b-5038-45d1-83fc-a4a7f5a4b066 7d900204-4e90-4bf6-b9bc-1c395eaf1d1f Completed 09-03-21 [] service-account Jenkins 2.0.0 a9d29697-d153-4868-91fa-7333a1a14683 6ff18862-cc00-4246-b6e7-63f3938ba041 Completed 09-02-21 [] admin Chrome 92.0.4515.159 16755930-39d1-431f-9055-14640f72c0ff 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-01-21 [] service-account ASTCLI 2.0.0 35c2f7c9-651a-4b0b-97a9-7789e3663fa1 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-01-21 [] service-account ASTCLI 2.0.0
Retrieving scan results for a specific scan ID
./cx results show --scan-id <scan ID>
[email protected]:~/ast-cli$ ./cx results show --scan-id 3c028677-5df7-4bd9-8a10-7214ced45670 Creating JSON Report: cx_result.json [email protected]:~/ast-cli$ ll drwxr-xr-x 8 user user 4096 Sep 13 16:51 ./ drwxr-xr-x 8 user user 4096 Jun 9 12:27 ../ drwxr-xr-x 2 user user 4096 Apr 26 16:15 cmd/ -rw-r--r-- 1 user user 2012 May 6 18:43 credentials.json -rwxr-xr-x 1 user user 11382784 Sep 9 14:43 cx* -rw-r--r-- 1 user user 2608422 Sep 13 16:51 cx_result.json
Retrieving scan results for a specific scan ID using several flags
./cx results show --scan-id <scan ID> --report-format sarif --output-name <file name> --output-path <output file location>
[email protected]:~/ast-cli$ ./cx results show --scan-id 3c028677-5df7-4bd9-8a10-7214ced45670 --report-format sarif --output-name New_Report --output-path "." Creating SARIF Report: New_Report.sarif [email protected]:~/ast-cli$ ll total 20240 drwxr-xr-x 8 user user 4096 Sep 13 17:37 ./ drwxr-xr-x 8 user user 4096 Jun 9 12:27 ../ -rw-r--r-- 1 user user 1088910 Sep 13 17:37 New_Report.sarif drwxr-xr-x 2 user user 4096 Apr 26 16:15 cmd/ -rw-r--r-- 1 user user 2012 May 6 18:43 credentials.json -rwxr-xr-x 1 user user 11382784 Sep 9 14:43 cx* -rw-r--r-- 1 user user 2608422 Sep 13 16:51 cx_result.json -rw-r--r-- 1 user user 1088910 Sep 13 17:04 cx_result.sarif
Generating a PDF report of SAST vulnerabilities and sending to email recipient
./cx results show --scan-id <scan ID> --report format pdf --report-pdf-email <recipient_email> --report-pdf-options <specify_sections>
[email protected]:~/ast-cli$ ./cx results show --scan-id 15620629-57da-4f13-9f0b-b6a88b94d297 --report-format pdf --report-pdf-email [email protected] --report-pdf-options Sast 2023/02/28 11:13:45 Sending PDF report to: [[email protected]]
results codebashing
The results codebashing
command enables the ability to retrieve Codebashing link from Checkmarx One.
Usage
./cx results codebashing [flags]
Flags
Name | Default | Description |
---|---|---|
--help, -h | help for the results command | |
--cwe-id <string> | CWE ID for the vulnerability | |
--format <string> | json | The output format for the response. Possible values are |
--language <string> | Language of the vulnerability | |
--vulnerabity-type <string> | Vulnerability type |
Examples
Retrieving codebashing link
./cx results codebashing --language <language> --vulnerabity-type <vulnerability type> --cwe-id <cwe ID>
./cx results codebashing --language <language> --vulnerabity-type <vulnerability type> --cwe-id <cwe ID> --format <output format>