Skip to main content

Viewing Results

Checkmarx One shows data for all the environments in your tenant account as defined in Access Control. The Environments page (Applications and Projects Environment tab) shows a table listing all of your environments.

You can also drill down to view the Environments page for an individual environment, which shows information about the scans currently running or that have finished. You can drill down further to view the All risks view, which shows detailed information about each risk identified in the last scan.

Viewing DAST Results in the Risks Table

Access DAST Results

To access the results in the Environment table, hover over the intended line and select View.

6790251153.png

All Risks

The All Risk table displays the list of risks found during the last DAST scan of the environment.

The scan results data is from a single DAST scan.

6790251147.png

Filtering Risks

The risk list supports filtering options by any column.

Filtering supports applying several filters simultaneously (with an AND condition between the filtering options).

The following filtering columns are optional:

  • Severity

  • Status

  • Risk Name

  • URL

  • Path

  • Method

6790251144.png
6790251141.png
6790251138.png

Accessing Risk Details

To access the risk details, click on the row of the risk that you need details. A new window opens, presenting a brief description of the risk and its resolution.

6790251135.png

To access more information regarding the risks:

1. Click on the Severity button.

6790251132.png

The following additional fields are displayed:

  • State

  • Risk level

  • Confidence

  • Method

  • Param

  • URI

  • Evidence

  • Attack

6790251120.png

2. In the Description pane, click View More to display a full explanation of the risk.

6790251129.png
6790251111.png

3. In the Resolution pane, click View More to display a full explanation of how to resolve the risk.

6790251126.png

4. Click View Findings to open a side panel with the following information:

  • Risk Level

  • Risk State

  • Request Headers

  • Response Body and Headers

6790251123.png
6790251105.png

Managing (Triaging) Results

Checkmarx One tracks specific risk instances throughout your software development life cycle (SDLC). Each risk instance has a Predicate associated with it, comprising the following attributes: State, Severity, and Notes. After reviewing the scan results, you can triage them and modify these predicates accordingly.

You can adjust the predicate for a specific risk while viewing that risk on the All Risks page.

When changing the Result State to Not Exploitable or Proposed Not Exploitable, a note is required to confirm the change. A change log at the bottom tracks all past changes for a single result. When multiple results are updated, the Edit title includes the number of selected results, and hovering over the State dropdown displays them.

Notice

You need dast-update-result-not-exploitable, dast-update-result-state-propose-not-exploitable, and add-notes permissions to use this feature.

mandatory_comment.png
edit_multiresults.png

Triaging a Single Vulnerability

To edit the result predicate:

1. Open the vulnerability that you would like to edit.

2. Click on the Severity button

6790251132.png

3. To change the state, click on the State field, and select from the dropdown list one of the following states:

  • To Verify

  • Not Exploitable

  • Confirmed

  • Urgent

  • Proposed Not Exploitable

    6790251117.png

4. To change the risk level, click on View Findings, and from the drop-down list select one of the following risk levels:

  • Urgent

  • Medium

  • Low

  • Info

6790251123.png
6790251102.png

There is also the possibility to change the State in this window.

6790251099.png

5. To confirm the changes, click Save .

6790251096.png

Triaging Multiple Vulnerabilities (Bulk Action)

To edit the result predicates for multiple vulnerabilities:

  1. In the All Risks table, select the checkbox next to the risks you want to change.

    A menu bar is displayed at the top of the table.

    6790251093.png

  2. To adjust the severity, click Change Severity, and select one of the following severities from the drop-down list: Critical, High, Medium, Low, or Info.

  3. 6790251090.png

    To adjust the state, click Change State, and select from the drop-down list one of the following states:

    To Verify, Not Exploitable, Confirmed, Urgent, or Proposed Not Exploitable.

    6790251087.png

Scan History

The Scan History tab provides access to the results of all successful scans. Similar to adjusting results on the Results Table, you can adjust the severity or status of results in Scan History, and any changes will automatically affect other related scans.

image-20250122-110944.png

After completing a scan, the latest results are displayed in the Results Table, while previous results are moved to and can be viewed in the Scan History tab. No specific role is required to access scan history, and you can access it through the Environment by selecting View on a scan with results. This opens the environment's scan results page, where you can access Scan History via the top-right menu.

image-20250121-130901.png
In this section: