Skip to main content

SCA (Package) Reports

You can export reports of the data identified by Checkmarx SCA scanner. This includes detailed info about the open source packages in your project and the risks associated with them. There are two types of reports:

  • SCA Scan Report - shows an overview of the security of your project as well as specific vulnerabilities, legal risks, and outdated versions identified by the scan.

  • Software Bill of Materials (SBOM) - shows detailed info about each of the open source packages used by your program and the associated risks. You can specify how the SBOM will be formatted, CycloneDX v1.5 or SPDX v2.2. Learn more about Checkmarx's SBOMs here.

In this section: