- Checkmarx Documentation
- Checkmarx One
- Checkmarx One User Guide
- DAST (Dynamic Application Software Testing)
- Viewing Results
Viewing Results
Checkmarx One shows data for all the environments in your tenant account as defined in Access Control. The Environments page (Applications and Projects → Environment tab) shows a table listing all of your environments.
You can also drill down to view the Environments page for an individual environment, which shows information about the scans currently running or that have finished. You can drill down further to view the All risks view, which shows detailed information about each risk identified in the last scan.
Viewing DAST Results in the Risks Table
Access DAST Results
To access the results in the Environment table, hover over the intended line and select View.
All Risks
The All Risk table displays the list of risks found during the last DAST scan of the environment.
The scan results data is from a single DAST scan.
Filtering Risks
The risk list supports filtering options by any column.
Filtering supports applying several filters simultaneously (with an AND condition between the filtering options).
The following filtering columns are optional:
Severity
Status
Risk Name
URL
Path
Method
Accessing Risk Details
To access the risk details, click on the row of the risk that you need details. A new window opens, presenting a brief description of the risk and its resolution.
To access more information regarding the risks:
1. Click on the Severity button.
The following additional fields are displayed:
State
Risk level
Confidence
Method
Param
URI
Evidence
Attack
2. In the Description pane, click View More to display a full explanation of the risk.
3. In the Resolution pane, click View More to display a full explanation on how to resolve the risk.
4. Click View Findings to open a side panel with the following information:
Risk Level
Risk State
Request Headers
Response Body and Headers
Managing (Triaging) Results
Checkmarx One tracks specific risks instances throughout your software development life cycle (SDLC). Each risk instance has a ‘Predicate’ associated with it, which is comprised of the following attributes: ‘State’, ‘Severity’ and ‘Notes’. After reviewing the results of a scan, you have the ability to triage the results and modify these predicates accordingly.
You can adjust the predicate for a specific risk while viewing that risk on the All risks page.
Triaging a Single Vulnerability
To edit the result predicate:
1. Open the vulnerability that you would like to edit.
2. Click on the Severity button
3. To change the state, click on the State field, and select from the dropdown list one of the following states:
To Verify
Not Exploitable
Confirmed
Urgent
Proposed Not Exploitable
4. To change the risk level, click on View Findings, and from the drop-down list select one of the following risk levels:
Urgent
Medium
Low
Info
There is also the possibility to change the State in this window.
5. To confirm the changes, click Save .
Triaging Multiple Vulnerabilities (Bulk Action)
To edit the result predicates for multiple vulnerabilities:
In the All Risks table, select the checkbox next to the risks you want to change.
A menu bar is displayed at the top of the table.
To adjust the severity, click Change Severity, and select one of the following severities from the drop-down list: High, Medium, Low, or Info.
To adjust the state, click Change State, and select from the drop-down list one of the following states:
To Verify, Not Exploitable, Confirmed, Urgent, or Proposed Not Exploitable.