Skip to main content

Reviewing Scan Results

Scan results activated by Jenkins are displayed in the Jenkins web interface as well as in the CxSAST interface as explained in Navigating Scan Results in CxSAST. The results are saved in Jenkins and, if defined, can also be sent by email as a Jenkins post scan action as explained in Setting up Scans in Jenkins.


The synchronous mode, as defined in Setting up Scans in Jenkins, enables viewing of scan results in Jenkins. If cleared (asynchronous mode), the build's scan results are not displayed. A link to the scan results in the CxSAST web application is provided with the build results. In this case, any results displayed in Jenkins are from the previous successful scan.


The Checkmarx SAST Security Vulnerabilities Trend graph is displayed in the Jenkins Job/Project dashboard and provides the number of found vulnerabilities for each severity level and by the last recent builds. A graphical side by side summary of the CxSAST results can also be viewed in the Jenkins Job/Project dashboard under Checkmarx Report. Summaries and full reports can be viewed per application and consist of the elements listed and explained below.


The results displayed in the Checkmarx report depend on which scan options were enabled during the scan configuration.