Skip to main content

Reviewing Scan Results in Eclipse

For a bound project, to update the IDE with latest scan results, in Eclipse, right-click the project and select CxViewer > Retrieve Results From Server.

To view the latest downloaded results (for a bound project) or the results of the last manual scan from Eclipse (for an unbound project), in Eclipse, right-click the project, and select CxViewer > Show stored Scan Result.

Eclipse prompts you to confirm the CxViewer perspective and then displays the scan results.

6345588973.png

After a scan is completed, the scan results are displayed in the following windows: CxViewer Path, CxViewer Tree, Graph Navigation, Full Graph, CxViewer Results, CxViewer Description.

  • CxViewer TreeThis window displays the vulnerabilities found in this scan, grouped by level of severity (High, Medium, Low, and Information). The number of times the vulnerability was found in the scan is indicated next to each vulnerability.

    To open the CxViewer Description page for a vulnerability, right-click on the vulnerability name and choose Show Description.

    6345588970.png
  • CxViewer Description pageCxViewer Description page describes the vulnerability risk and usage. It also contains a link, indicated by the

    Codebashing icon at the top of the page, to the Codebashing section of the Checkmarx Academy, where you can find tutorials on how to fix the vulnerability.

    6345588964.png
  • Graph NavigationThis window displays the flow with parameter names to reach a specific vulnerability.

    For example:

    6345588961.png
  • CxViewer Results

    This window displays the status, severity, and assigned users of the vulnerabilities found in the scan.

    You edit the information for a specific vulnerability by selecting the vulnerability in the table, and using the Change State, Change Severity, and Assign User drop-downs.

    If comments are needed you can use the Comments option.

    For example:

    6345588958.png