Skip to main content

Viewing Results

Checkmarx One shows data for all the environments in your tenant account as defined in Access Control. The Environments page (Applications and Projects Environment tab) shows a table listing all of your environments.

You can also drill down to view the Environments page for an individual environment, which shows information about the scans currently running or that have finished. You can drill down further to view the All risks view, which shows detailed information about each risk identified in the last scan.

Viewing DAST Results in the Risks Table

Access DAST Results

To access the results in the Environment table, hover over the intended line and select View.


All Risks

The All Risk table displays the list of risks found during the last DAST scan of the environment.

The scan results data is from a single DAST scan.


Filtering Risks

The risk list supports filtering options by any column.

Filtering supports applying several filters simultaneously (with an AND condition between the filtering options).

The following filtering columns are optional:

  • Severity

  • Status

  • Risk Name

  • URL

  • Path

  • Method


Accessing Risk Details

To access the risk details, click on the row of the risk that you need details. A new window opens, presenting a brief description of the risk and its resolution.


To access more information regarding the risks:

1. Click on the Severity button.


The following additional fields are displayed:

  • State

  • Risk level

  • Confidence

  • Method

  • Param

  • URI

  • Evidence

  • Attack


2. In the Description pane, click View More to display a full explanation of the risk.


3. In the Resolution pane, click View More to display a full explanation on how to resolve the risk.


4. Click View Findings to open a side panel with the following information:

  • Risk Level

  • Risk State

  • Request Headers

  • Response Body and Headers


Managing (Triaging) Results

Checkmarx One tracks specific risks instances throughout your software development life cycle (SDLC). Each risk instance has a ‘Predicate’ associated with it, which is comprised of the following attributes: ‘State’, ‘Severity’ and ‘Notes’. After reviewing the results of a scan, you have the ability to triage the results and modify these predicates accordingly.

You can adjust the predicate for a specific risk while viewing that risk on the All risks page.

Triaging a Single Vulnerability

To edit the result predicate:

1. Open the vulnerability that you would like to edit.

2. Click on the Severity button


3. To change the state, click on the State field, and select from the dropdown list one of the following states:

  • To Verify

  • Not Exploitable

  • Confirmed

  • Urgent

  • Proposed Not Exploitable


4. To change the risk level, click on View Findings, and from the drop-down list select one of the following risk levels:

  • Urgent

  • Medium

  • Low

  • Info


There is also the possibility to change the State in this window.


5. To confirm the changes, click Save .


Triaging Multiple Vulnerabilities (Bulk Action)

To edit the result predicates for multiple vulnerabilities:

  1. In the All Risks table, select the checkbox next to the risks you want to change.

    A menu bar is displayed at the top of the table.

  2. To adjust the severity, click Change Severity, and select one of the following severities from the drop-down list: High, Medium, Low, or Info.

  3. 6790251090.png

    To adjust the state, click Change State, and select from the drop-down list one of the following states:

    To Verify, Not Exploitable, Confirmed, Urgent, or Proposed Not Exploitable.