Skip to main content

results

The results command enables the ability to manage results in Checkmarx One.

Usage

./cx results[command] [flags]

Available Commands

Flags

Name

Default

Description

--help, -h

help for the results command

results show

The results show command is used to retrieve scan results (i.e., generate reports) in Checkmarx One.

Usage

./cx results show [flags]

Flags

Name

Required

Default

Description

--scan-id <string>

yes

Scan ID

--filter <strings>

no

All results are included

Specify filters for the data that will be included in the report that is generated.

Tip

Filters aren't be applied to PDF reports. You can specify which sections to include in a PDF report using --report-pdf-options.

  • Use the “;” sign as the delimiter for arrays.

  • Available filters are:

    limit, offset, sort, include-nodes, node-ids, query, group, severity, state, status

  • Enums values:

    • severity - High, Medium, Low, Info (Info is only for SAST scanner)

    • state - TO_VERIFY, NOT_EXPLOITABLE, PROPOSED_NOT_EXPLOITABLE, CONFIRMED, URGENT, IGNORED, NOT_IGNORED

    • status - NEW, RECURRENT, FIXED

    • sort - -severity, +severity, -status, +status, -state, +state, -type, +type, -firstfoundat, +firstfoundat, -foundat, +foundat, -firstscanid, +firstscanid

      Default sorting: +status,+severity

      Tip

      "+" = ascending order

      "-" = descending order

--help, -h

no

Help for the results command

--output-name <string>

no

cx_result

Specify a name for the output file

--output-path <string>

no

"."

Specify the file path for the output file

--report-format <string>

no

json

Specify the format for the report that is generated.

Options are: summaryHTML, summaryJSON, summaryConsole, sarif, json, sonar, markdown or PDF

Tip

json, sarif, and sonar formats generate a detailed list of risks identified in the project.

summaryHTML, summaryJSON, summaryConsole and markdown formats generate summary reports with aggregated risk data.

PDF format reports by default generate a complete report including both a summary of risks as wel as a detailed list of risks. You can specify which sections to include in the report using --report-pdf-options.

--report-pdf-email <string>

no

Specify email recipients who will receive the pdf report. Multiple emails are separated by a ",".

Tip

This flag can only be used when --report-format is set as pdf.

--report-pdf-options <string>

no

ScanSummary, ExecutiveSummary, ScanResults (i.e., all sections)

Specify the sections that will be included in the pdf format report.

Tip

This flag can only be used when --report-format is set as pdf.

Available sections are:

Sast, Sca, Iac-Security, Api-Security, ScanSummary, ExecutiveSummary, ScanResults

Tip

ScanResults includes results for all scanners (IaC-Security, Sast and Sca).

Pagination

By default all results are included in the report (up to 10k). You can use limit to adjust the maximum number of results to return and offset to specify the number of results to skip before starting to return results.

Example: The following command generates a report for records 21-30.

./cx results show --filter "limit=10,offset=20"

Applying Filters and Sorting

You can filter the results included in the report by specifying various parameters such as severity, state and status. These filters apply both to the list of risks that is returned as well as to the summary data that is given. You can also specify how the list of risks is sorted in the report.

When multiple filter attributes are used, an AND operator is applied between attributes. When multiple values are given for an attribute, an OR operator is used between values.

Filters are applied using the following syntax:

./cx results show --filter "attributeA=value1,attributeB=value1;value2;value3,..."

Example: The following command returns a report that includes data for all risks with a severity level "high" or "medium" and the status "new". The results are sorted by "first found at" in descending order.

./cx results show --filter "severity=high;medium,status=new,sort=-firstfoundat+queryname"

Examples

Retrieving all the scan ID’s

./cx scan list
[email protected]:~/ast-cli$ ./cx scan list

Scan ID                              Project ID                           Status    Created at Tags    Initiator                      Origin                 
-------                              ----------                           ------    ---------- ----    ---------                      ------                 
3c028677-5df7-4bd9-8a10-7214ced45670 683c51da-8644-4e27-990f-1128ab911a1b Completed 09-10-21   []      service-account Github                 
c0507cb4-c68a-4db8-9565-5308d409a931 683c51da-8644-4e27-990f-1128ab911a1b Completed 09-10-21   []      service-account Github                 
5ee3482e-b068-4bc5-9671-1c98098b3062 683c51da-8644-4e27-990f-1128ab911a1b Completed 09-09-21   []      service-account Github                 
ecfa07b2-4d81-42c0-92ce-53762041a8ca ea97e0e1-e8e6-4dfa-b928-db7240ec3304 Completed 09-09-21   []      admin                      Chrome 93.0.4577.63    
91c37ebc-7c10-4e0a-b53f-d41b7e09ee76 27364fe1-9294-4b45-b0b5-f5d86baaf223 Completed 09-07-21   [main:] service-account                        Chrome 93.0.4577.63    
50eb0c6f-d0bf-4cb4-88a2-01fd9aac1e51 9ae9cf0d-d732-48d1-b3e0-41b3042d272c Completed 09-07-21   []      admin                      Firefox 91.0           
6d8bbda9-10b6-42c5-833f-cee4d1c1e064 9ae9cf0d-d732-48d1-b3e0-41b3042d272c Completed 09-07-21   []      admin                      Firefox 91.0           
dfa2f175-cb04-46c9-97dd-e3965f3d3868 68040961-b067-4cd9-828c-1dd7f3631791 Completed 09-05-21   []                                     grpc-java-netty 1.35.0 
4b1f27e7-3bb5-440e-8146-2855ba656bfa e7b1f56b-e8a1-476e-b839-b63a01205677 Completed 09-05-21   []      admin                      Chrome 93.0.4577.58    
3e28145e-b091-4548-ad2b-7ff67fff86d6 09ea1eeb-542b-4b08-8b08-bc8a1700d0d9 Completed 09-05-21   []                                     grpc-java-netty 1.35.0 
07ca50a6-7d97-4dde-9e4b-8c184101d2af 09ea1eeb-542b-4b08-8b08-bc8a1700d0d9 Completed 09-05-21   []                                     grpc-java-netty 1.35.0 
feaeb729-d39f-41cb-ab33-eae9a206548f 9f03b287-d314-40f7-8062-514aeac1ae6d Completed 09-03-21   []      admin                         Chrome 92.0.4515.159   
51600234-3934-4a16-b3f1-ca00f2b91862 6f709d6a-b092-4f07-8fda-f33cc64c11f9 Completed 09-03-21   []      service-account                         Chrome 92.0.4515.159   
1b5390f6-35ab-4c7f-947a-0d08e36bc45b 8be305d4-479a-4d46-a028-a326abdc0d37 Completed 09-03-21   []      service-account                         Chrome 92.0.4515.159   
e6f5845b-fba5-4c3c-86f4-a58926ab8d17 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-03-21   []      service-account ASTCLI 2.0.0     
df3ade70-c377-4240-8991-93f8bf350797 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-03-21   []      service-account ASTCLI 2.0.0     
34d6d48b-5038-45d1-83fc-a4a7f5a4b066 7d900204-4e90-4bf6-b9bc-1c395eaf1d1f Completed 09-03-21   []      service-account Jenkins 2.0.0    
a9d29697-d153-4868-91fa-7333a1a14683 6ff18862-cc00-4246-b6e7-63f3938ba041 Completed 09-02-21   []      admin                      Chrome 92.0.4515.159   
16755930-39d1-431f-9055-14640f72c0ff 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-01-21   []      service-account ASTCLI 2.0.0     
35c2f7c9-651a-4b0b-97a9-7789e3663fa1 7ff92bc1-5039-4815-a39e-1420d6720866 Completed 09-01-21   []      service-account ASTCLI 2.0.0

Retrieving scan results for a specific scan ID

./cx results show --scan-id <scan ID>
[email protected]:~/ast-cli$ ./cx results show --scan-id 3c028677-5df7-4bd9-8a10-7214ced45670
Creating JSON Report:  cx_result.json

[email protected]:~/ast-cli$ ll
drwxr-xr-x 8 user user     4096 Sep 13 16:51 ./
drwxr-xr-x 8 user user     4096 Jun  9 12:27 ../
drwxr-xr-x 2 user user     4096 Apr 26 16:15 cmd/
-rw-r--r-- 1 user user     2012 May  6 18:43 credentials.json
-rwxr-xr-x 1 user user 11382784 Sep  9 14:43 cx*
-rw-r--r-- 1 user user  2608422 Sep 13 16:51 cx_result.json

Retrieving scan results for a specific scan ID using several flags

./cx results show --scan-id <scan ID> --report-format sarif --output-name <file name> --output-path <output file location>
[email protected]:~/ast-cli$ ./cx results show --scan-id 3c028677-5df7-4bd9-8a10-7214ced45670 --report-format sarif --output-name New_Report --output-path "."
Creating SARIF Report:  New_Report.sarif

[email protected]:~/ast-cli$ ll
total 20240
drwxr-xr-x 8 user user     4096 Sep 13 17:37 ./
drwxr-xr-x 8 user user     4096 Jun  9 12:27 ../
-rw-r--r-- 1 user user  1088910 Sep 13 17:37 New_Report.sarif
drwxr-xr-x 2 user user     4096 Apr 26 16:15 cmd/
-rw-r--r-- 1 user user     2012 May  6 18:43 credentials.json
-rwxr-xr-x 1 user user 11382784 Sep  9 14:43 cx*
-rw-r--r-- 1 user user  2608422 Sep 13 16:51 cx_result.json
-rw-r--r-- 1 user user  1088910 Sep 13 17:04 cx_result.sarif

Generating a PDF report of SAST vulnerabilities and sending to email recipient

./cx results show --scan-id <scan ID> --report format pdf --report-pdf-email <recipient_email> --report-pdf-options <specify_sections>
[email protected]:~/ast-cli$ ./cx results show --scan-id 15620629-57da-4f13-9f0b-b6a88b94d297 --report-format pdf --report-pdf-email [email protected] --report-pdf-options Sast
2023/02/28 11:13:45 Sending PDF report to:  [[email protected]]

results codebashing

The results codebashing command enables the ability to retrieve Codebashing link from Checkmarx One.

Usage

./cx results codebashing [flags]

Flags

Name

Default

Description

--help, -h

help for the results command

--cwe-id <string>

CWE ID for the vulnerability

--format <string>

json

The output format for the response. Possible values are json, list or table.

--language <string>

Language of the vulnerability

--vulnerabity-type <string>

Vulnerability type

Examples

In this section: