- Checkmarx Documentation
- Checkmarx SCA
- Checkmarx SCA - User Guide
- Viewing Results
- Viewing the Project Page
Viewing the Project Page
The Project page shows detailed results for a specific Project.
By default all tabs show data for the most recent scan of the Project. You can click on a previous scan in the Scans section to show historical data for that particular scan.
The Project page is opened for a specific Project by clicking on the row of the desired Project in the Project pane on the Dashboard (Home page).
![]() |
Checkmarx SCA is able to distinguish between development dependencies and production dependencies for several package managers. On the Scan Results page, the number in parenthesis next to the Hide Dev & Test Dependencies toggle indicates the number of dev & test dependencies in the Project. Toggle the Hide Dev & Test Dependencies switch ON if you would like to hide vulnerable packages that were identified as dev and test dependencies.
Identifying Dev Dependencies
The following table shows how dev dependencies are identified for specific package managers.
Package Manager | Dev Dependency Specification |
---|---|
NPM | In the manifest file (package.json or bower.json), using the devDependencies attribute. For example, "devDependencies" : { "my_test_framework": "^3.1.0". "another_dev_dep": "1.0.0 - 1.2.0" } |
Yarn | |
Bower | |
Composer | Packages under the require-dev section in the composer.json file. |
Identifying Test Dependencies
Any package with the word "test" in the file path is identified as a test dependency.
Header Bar
The Header bar shows general info about the Project and scan that is currently displayed on the page.
![]() |
The following tables describe the info shown in the Header bar and the action buttons that are available.
Header Bar Info
Item | Description | Possible Values |
---|---|---|
Breadcrumbs Navigation | Click on the breadcrumbs to navigate back to the HOME page. | e.g., ![]() |
Project Name | The name of the Project. | e.g., Demo01 |
Team | The teams that are assigned to the Project. | e.g., All users, Team01 |
Scan Method | The method that was used to scan the Project. |
|
Last Scanned | The complete date that the last scan was performed on your project. | e.g., Jan 28, 2021 11:22 AM |
Scan ID | When you hover over Scan ID, the unique identifier of the scan generated by Checkmarx SCA is shown. There is a button to copy the ID to your clipboard. | e.g., 95fc1f60-a4aa-4835-acfd-95aa315d4890 |
Header Bar Actions
Icon | Action | Description | Options |
---|---|---|---|
![]() | Scan Report | Click on this button to download a file containing an overview of the security of your project as well as specific vulnerabilities, legal risks, and outdated versions identified by the scan. | Report sections:
File formats:
|
Software Bill of Materials | Click on this button to download a file containing detailed info about each of the open source packages used by your program and the associated risks, using CycloneDX v1.3 standard. | File formats:
| |
Remediation Manifest | Click on this button to start the process of remediating the Project’s manifest files. For more information see Remediation using a Manifest File. | - | |
![]() | Scan Project | Click on this button to run a new scan on the Project. For more information, see Scanning a Project. | - |
Recalculate Last Scan | Click on this button to send the list of project dependencies from the last scan to the risk generator. This can be used to re-evaluate a "static" Project where no significant changes have been made. For more information, see Recalculating Risk. | - | |
![]() | Resolving Info | Display info about the package resolution process.
| - |
Add Package | Manually add packages that are part of the project but weren't identified by the Checkmarx scan. | - | |
Scan Details | Display details of the scan process. For each step in the scan run, the start time and duration are shown. | - | |
Project Settings | Edit the settings for the Project. | - | |
Delete Project | Delete a Project and its associated scans. | - |
Project Page Elements
This screen includes a Header bar with general info about the Project and scan and action buttons. It also shows detailed results for the Project, divided into the following tabs.
Notice
Detailed info about the content of each tab is shown in Project Page Tabs.
Project Overview – shows the overall status of the project. This page has two sections.
Overview Widgets - shows a graphical dislplay of key Project data.
Scans - shows a list of scans run on the Project.
Packages – shows info about the open-source packages used by your project and the risks associated with those packages, including security vulnerabilities, license violations, and outdated versions. This tab includes two types of pages:
All Packages – shows a list of all packages containing vulnerabilities identified by this scan.
Package Details – shows detailed info about the risks associated with a specific package.
Risks – shows info about all of the security vulnerabilities identified in the open-source packages used by your project, including severity level, CVE references, remediation recommendations, etc. This tab includes two types of pages:
All Risks– lists all vulnerabilities identified in your open-source dependencies.
Risk Details – shows detailed info about a specific vulnerability.
Container (for projects with container images) – shows info about packages identified in your container images and the vulnerabilities associated with those packages.
Container Packages – lists all packages identified in the container images.
Container Vulnerabilities – lists all the vulnerabilities associated with the container packages.
Licenses - shows info about all of the licenses that are associated with the open source packages used by your project.
All Licenses – shows a list of all licenses associated with the open source packages identified in this scan.
License Details – shows detailed info about a specific license. Click on a row in the All Licenses tab to access this page.
Remediation Tasks - shows detailed information about specific remediation tasks that Checkmarx recommends implementing for your Project.
All Remediation Tasks – shows a list of remediation tasks for this Project, with general info about each task.
Task Details – shows detailed info about a specific task. The task details tab is opened by clicking the How to Fix button in a task row in the All Remediation Tasks sub-tab.
Policy Violations – shows info about any security Policies applied to this Project for which vulnerabilities were identified that violated the Policy.