Skip to main content

Email Notification Service

Email Notification Service is designed to offer Checkmarx One users the option of receiving Scan Summary Report notifications for completed scans directly in their email inbox.

Notice

Reports are only sent for scans in which the specified trigger conditions are met.

In addition, users can receive alerts when a newly discovered SCA vulnerability is detected in a package that is used in their projects.

Scan Summary Report 

The scan summary report includes the following information:

  • Total scan results per scanner categorized by severity - Critical, HighMediumLowInfo.

  • Scan Metadata, including Project Name, Branch, Scan ID, and Tags.

  • View Results button for quick access to the Checkmarx One platform.

For example:

Scan_Summary_Report.png

Limitations

Limitation

Notes

Container vulnerabilities are not currently supported for Feedback Apps. This may cause a discrepancy between the summary counters shown in Checkmarx One and the ones sent via Feedback App.

Update planned as part of development of the new Container Security scanner

Creating a New Email App

To create a new Email Feedback App, click on Integrations Integrations.png > Email.

Email_Create_App.png

Settings & Trigger Conditions panel is opened in the right screen side.

Alternatively you can create a new Email Feedback App by performing the following steps

  1. Click on Integrations Integrations.png > Inventory > Create App.

    JIra_Create_App2.png
  2. In the right side panel, select Email and click Next.

Settings & Trigger Conditions

Email App Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions.

Configure the following:

  1. Event:

    Select the trigger for the alert:

    • Scan Events - Receive notifications when a scan completes.

    • SCA New Vulnerability - Receive notifications when a newly discovered SCA vulnerability is detected in a package used in your project. These alerts occur independent of whether or not a new scan was run.

    Email_Settings_and_Trigger_Conditions_1.png
  2. General Settings: 

    • Feedback App Name.

    • Description.

    • Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes.

    Email_Settings_and_Trigger_Conditions_2.png
  3. Trigger Conditions: 

    • Severity - The severity level of a vulnerability that triggers the Feedback App.

    • Status - To decrease the number of issues created in Teams, specify also the status of a vulnerability that triggers the Feedback App.

      Notice

      Status conditions are not relevant for SCA New Vulnerability alerts.

  4. Click Next.

    Email_Settings_and_Trigger_Conditions_3.png

Email

Email panel contains a configuration field for the email addresses.

Setting up email can be done in various ways:

  • Manually entering email addresses.

  • Copying and pasting a mailing list from a Word document, clipboard tool, or Excel sheet.

When using a mailing list, Checkmarx One automatically handles email separators such as commas, spaces, and line breaks. It counts and displays valid email addresses on the configuration screen, while ignoring incorrectly formatted addresses

The recipient list can include up to 500 email addresses per application.

To remove email addresses, you can either hover over an email address and click the 'x' icon on the right or click the Trash_icon.png icon to remove the entire list.

Configure the following:

  1. Emails - Configure up to 500 email addresses and press Enter.

  2. Click Save.

    Email_App_Configuration.png