Skip to main content


The Analytics module is a tool for executives and AppSec administrators, providing them valuable insights into their data in Checkmarx One. With the ability to switch between Totals and Over Time modes, users can obtain a clear understanding of their application security landscape. Whether analyzing Scans or Vulnerabilities, this module offers various informative charts for better decision-making.

To help you with data analysis, the module also features a flexible tag filtering system.

The Analytics module is a user-friendly tool for making informed decisions, enhancing security practices, and optimizing your organization's application security posture.


To execute various actions in the Analytics feature, a user needs to be assigned one of the following permissions:

  • analytics-reports-admin - View all analytics dashboards and reports.

  • analytics-scan-dashboard-view - View scan dashboard.

  • analytics-vulnerability-dashboard-view - View vulnerability dashboard.

  • analytics-executive-overview-view - View executive overview dashboard.

  • Manage-reports - Export, share the dashboard, and generate a report.


The Analytics module offers advanced data filtering options, allowing users to precisely customizer their analysis to specific criteria. The available filters can be accessed from the dropdown menu located at the top-right corner.


The following logic is applied to filtering:

  • If no values are selected or entered for a particular attribute, the filter will not be applied.

  • Within a single filter, selected values are combined using an OR operator. For instance, if you choose the values SAST and SCA for the Scanners filter, Checkmarx One will display issues associated with either SAST or SCA scanners.

  • Different filters are combined using an AND operator. For example, if you select SAST for the Scanners filter and a specific project for the Projects/Apps filter, Checkmarx One will only display issues that match both criteria: SAST severity and the selected project.

Specific filters are described below.


Users can define custom date ranges to analyze data within specific timeframes, such as hourly, daily, weekly, monthly, or annually. It's particularly useful for identifying trends and evaluating the impact of changes in your security practices over time.


This filter enables you to narrow down your analysis to data generated by specific scanners. By selecting particular scanners, you can assess their individual performance and effectiveness in identifying vulnerabilities and securing your applications.


This filter type allows you to focus your analysis on subsets of your data by choosing the existing project and application tags for filtering and categorization. Each tag in the list is labeled as project or application to indicate its level.

All Proj./Apps

This filter allows to toggle between viewing either Projects or Applications, along with the option to search for specific application or project names in the selected category.


Data presentation modes

In the Analytics module, users can choose between two modes of data presentation: Totals and Over Time. These modes serve different analytical purposes and allow for a more comprehensive understanding of your data.


The Analytics charts show data starting from December 19 onward. No data from before this date is available.

Totals mode

In the Totals mode, the data is aggregated to provide a snapshot of the cumulative or aggregate statistics. This mode is ideal for assessing the overall performance and security status of your applications and projects without considering specific time intervals.


It's useful for gaining insights into the current state of your data, such as the total number of successful and failed scans, lines of code, and projects. This mode offers a general view of your security posture.

Over Time mode

The Over Time mode, on the other hand, focuses on tracking and visualizing how your data security evolves across specific time intervals. It's designed to help you monitor trends, patterns, and changes in your security landscape.


This mode is particularly useful for identifying shifts in your program's effectiveness, understanding the impact of security improvements or changes in practices, and planning for future security initiatives. You can set custom date ranges to see how metrics have changed over time, which is essential for trend analysis.

Switching between these two modes provides a well-rounded perspective of your data. For instance, you can use Totals to see the total number of failed scans across all projects, and then switch to Over Time to track whether the frequency of failed scans has decreased or increased over the past year, helping you set priorities for ongoing security efforts.

Executive Overview Dashboard

The Executive Overview dashboard offers a holistic view of an organization's application security portfolio, empowering executives to make informed decisions.


To maintain focus and minimize noise, the filter are adjusted to display only critical and high vulnerabilities. Additionally, sorting options are available by project, solution, and date.

Applications Rating Score

The Applications Rating Score provides an overview of the overall health of the application portfolio. The following approach is applied to determine the Rating Score:

  • Bad:

    • Applications with at least one project containing a Critical severity issue.

    • Applications where more than 50% of projects have at least one High severity issue.

  • Poor:

    • Applications where more than 25% of projects have at least one High severity issue.

  • Fair:

    • Applications where more than 0% and up to 5% of projects have at least one High severity issue.

  • Good:

    • Applications with no Critical or High severity issues in any project.

  • Excellent:

    • Applications with no Critical, High, or Medium severity issues in any project.

Top vulnerable Applications or Projects

The list of top vulnerable applications highlights those with the highest concentration of critical vulnerabilities identified through our thorough scanning and analysis. This list is instrumental in prioritizing security efforts, drawing focus to applications that urgently require attention due to their current vulnerability status.

Clicking on the project icon switches the view to a list of top vulnerable projects.


Trend Indicators

Recent changes in the health of each application are indicated at the end of each bar, enabling managers to track progress in mitigating associated risk factors.

Tracking security progress and trends with Over Time chart

The next logical step is to examine the trends graph. While an effective AppSec program encompasses more than just remediated vulnerabilities, tracking these trend lines provides valuable insights into process effectiveness. Currently, the overtime graph allows visualization of the number of vulnerabilities divided by lines of code, as well as the total number of vulnerabilities fixed over time.

Data categories

In the Analytics module, users can switch between two main categories of data: Scans and Vulnerabilities. These categories provide different perspectives on your data and allow for a comprehensive analysis of your security posture.


The data presented in the Analytics charts is not entirely real-time. Please consider a potential delay of up to 24 hours in the availability of the data.

Scans category

In the Scans category, you can explore such metrics as the total number of scans (Scans), lines of code (Scanned LOC), and the total number of scanned projects (Scanned Projects).


In the Scans category, you will also find the following charts:

  • Lines of Code: An overview of the total lines of code across all scanned projects. It helps you understand the scale of the codebase under analysis and track changes over time.

  • Scanned Projects: The number of scanned projects within the specified timeframe.

  • Scans Status: This chart provides an overview of the status of your security scans. It categorizes scans into different statuses, such as Successful, Failed, and Partial. This breakdown helps you quickly assess the outcome of your scanning activities, highlighting areas that require immediate attention and areas where your security measures are effective.

  • Incremental Scans (SAST): The number of incremental scans performed using the SAST scanner.

  • Scanner Usage Distribution: A breakdown of the usage of different scanners.

  • Scanners Used in Combination: This chart visualizes the combinations of scanners used together in code scanning workflows.

Vulnerabilities category

In the Vulnerabilities category in the Analytics module, users have access to two informative charts that provide insights into the security vulnerabilities detected within their data.

Vulnerabilities Over Time

In the Over Time view type, the following vulnerability-related charts are available:

Vulnerabilities by Severity

This chart categorizes vulnerabilities based on their severity levels, namely Info, Low, Medium, and High. Each severity level represents the potential impact and risk associated with a specific vulnerability. This chart allows users to understand the distribution of vulnerabilities across different severity levels within their applications.

For example, it can highlight the prevalence of low-severity issues, which may not pose an immediate threat but should still be addressed, as well as high-severity vulnerabilities that demand urgent attention. This information is essential for prioritizing and addressing security weaknesses.

Vulnerabilities by State

This chart classifies vulnerabilities into various states, such as To Verify, Not Exploitable, Urgent, and Confirmed. These states represent the current status or progress of addressing vulnerabilities. To Verify vulnerabilities may require further investigation, while Urgent ones demand immediate remediation.

This chart offers a dynamic view of the vulnerability management process, allowing users to track the lifecycle of vulnerabilities, from their initial discovery to their resolution.

By understanding the severity and status of vulnerabilities, organizations can prioritize remediation efforts and allocate resources effectively. This data-driven approach ensures a proactive and adaptive response to security threats and helps safeguard applications from potential risks.