Skip to main content

Reviewing Scan Results in Eclipse

To update the IDE with the latest scan results for a bound project, in Eclipse, right-click the project and select CxViewer > Retrieve Results From Server.

To view the latest downloaded results (for a bound project) or the results of the last manual scan from Eclipse (for an unbound project), in Eclipse, right-click the project and select CxViewer > Show stored Scan Result.

Eclipse prompts you to confirm the CxViewer perspective and then displays the scan results.

Eclipse_16.png

After a scan, the results are displayed in the following windows: CxViewer Path, CxViewer Tree, Graph Navigation, Full Graph, CxViewer Results, CxViewer Description.

  • CxViewer TreeThis window displays the vulnerabilities found in this scan, grouped by severity level (High, Medium, Low, and Information). The number of times the vulnerability was found in the scan is indicated next to each vulnerability.

    To open the CxViewer Description page for a vulnerability, right-click the vulnerability name and choose Show Description.

    Eclipse_17.png

  • CxViewer Description Page The CxViewer Description page describes the vulnerability risk and usage. It also contains a link, indicated by the Codebashing icon at the top of the page, to the Codebashing section of the Checkmarx Academy, where you can find tutorials on how to fix the vulnerability.

    Eclipse_18.png

    Note

    • You may be asked to log in to view the CxViewer Description tab and the vulnerability descriptions. After logging in, the login screen will not be displayed when selecting subsequent items in the CxViewer tree.

    • The vulnerability description is not displayed on Linux variants.

    • While using SAST server 9.6 on a MAC OS, the CxViewer Description page may not be displayed.

  • Graph Navigation This window displays the flow with parameter names to reach a specific vulnerability.

    For example:

    Eclipse_19.png

  • CxViewer Results

    This window displays the status, severity, and assigned users of the vulnerabilities found in the scan.

    You edit the information for a specific vulnerability by selecting the vulnerability in the table and using the Change State, Change Severity, and Assign User drop-downs.

    You can use the Comments option if comments are needed, as illustrated in the example below.

    Eclipse_20.png
In this section: