Skip to main content

Checkmarx One API - SAST Results Predicates

Recurrent Vulnerabilities

Checkmarx One tracks vulnerabilities throughout your SDLC by assigning a similarity_id to each vulnerability instance in your scan. This enables Checkmarx One to track that particular instance in future scans. This means that after the initial scan of a Project, if the identical vulnerability is detected in subsequent scans it is automatically marked as a Recurrent vulnerability.

Notice

A Recurrent vulnerability is defined as a vulnerability with the identical Source Node and Sink Node as well as the identical Attack Vector elements. If even minor changes were introduced to any of these elements (even though the nature of the threat is the same), the similarity_id will be different, causing the vulnerability to be identified as a New vulnerability.

Each vulnerability has a “Predicate” associated with it, which is comprised of the following attributes: state, severity and comments. After reviewing the results of a scan, you have the ability to triage the results by changing these predicates. If a subsequent scan discovers a vulnerability with the identical similarity_id, its status will be marked as a “recurrent” vulnerability, and the state, severity and comments from the previous scan will be applied to the new scan. Each time that you modify the state, severity or comments associated with a vulnerability’s similarity_id, a new predicate is created, with an associated unique predicate id. For more information about triaging results, see Managing (Triaging) Vulnerabilities .

Results Predicates Endpoints

The URL for Results Predicates endpoints is <base_url>/api/sast-results-predicates

Endpoint Summary

The following is a list of Checkmarx One APIs that relate to Results Predicates:

API

Method

Endpoint

Description

GET Predicates

GET

/api/similarities/{id}/predicates

Get all predicates by similarity id.

POST Predicate

POST

/api/similarities/predicates

Edit the predicate for a vulnerability based on its similarity ID and Project ID. You can specify the State, Severity and Comments.

Swagger

To view these APIs in the Swagger UI and run sample API calls, go to <base_url>/spec/v1/ and select Sast Results Predicates in the definition field.