Navigation Panel
Checkmarx One has multiple screens, all accessible from the navigation pane on the left side of the workspace. Screens are divided into sections. For example, Analytics & Dashboard is under ASPM.
The following is a description of all screens plus helpful links.
ASPM (application security posture management) provides an overview of all your data’s analytics, risks, and integrations. As the landing page in Checkmarx One, Application Risk Management features your top 10 risky applications.
Screen | Description | Links |
|---|---|---|
Analytics & Dashboard | The Analytics and Dashboard screen displays panels with charts, insights, and filtering to detail an organization’s data in Checkmarx One. | For details on leveraging analytics in Checkmarx One, see Analytics. |
Application Risk Management | The Application Risk Management screen lists the top 10 risky applications. View risk scores, analyze 50 risks per application, and triage results. | For details on analyzing risky applications, see Using Application Risk Management. |
Cloud Insights | The Cloud Insights screen lets you manage the integration of runtime environments (Wiz, AWS, or other CNAPPs). You can analyze data between containers and their Checkmarx One projects. | To learn about managing vulnerabilities in runtime environments, see Cloud Insights. |
Workspace houses projects, applications, and environments together with all their scan results, plus any scan results imported from external tools.
Screen | Description | Links |
|---|---|---|
Projects | The Projects screen lets you manage projects and assign them to applications. You can also see detailed scan results for all projects. | For guidance on handling projects, see Managing Projects, Creating Projects, and Scanning Projects. To understand scan results, see Viewing Scan Results in the Results Viewer. |
Applications | The Applications screen lets you manage applications and view detailed scan results. | To manage applications within Checkmarx One, see Managing Applications and its articles. |
Environments | Environments are setups for DAST scans on web applications and APIs. You can manage and run environments on this screen. | For details on setting up a DAST environment, see DAST Environment Setup Wizard. For general information on DAST, see Checkmarx DAST. |
External Imports | The External Imports screen lets you import security test results from external tools to consolidate AppSec testing within Checkmarx One. You can attach imported results to projects. | For details on importing external test results into Checkmarx One, see Bring Your Own Results. |
Resource Management is home to all scans, results, and configurations, including SAST and IaC presets, scan schedules, custom query editing, and policies.
Screen | Description | Links |
|---|---|---|
Scans | The Scans screen shows aggregate scan results for projects, with filters, tags, and search. | To learn how to read and filter scan results, see Scans. |
SAST Presets | The SAST Preset Management screen is where you manage predefined and custom SAST presets. Presets enhance scan accuracy and are currently supported by SAST and IaC Security scanners only. | For details on managing SAST presets, see SAST Presets Management. |
IaC presets | The IaC Preset Management screen is where you manage custom IaC Security presets. Currently, IaC offers custom presets only. It does not offer predefined presets. | For details on viewing and managing IaC presets, see IaC Security Presets Management. |
Schedules Management | The Schedules Management screen lets you automate schedules for scanning projects. | To schedule scans for your projects, see Scheduling Scans. |
Query Editor | The Query Editor screen lets you customize SAST queries or create new ones for QA, security, and application logic. | To learn how to create and edit SAST queries, see SAST Query Editor. |
Policies | The Policies screen lets you create and edit policies to evaluate project scan results and trigger automatic responses like breaking the software build. | To learn about policy management, including viewing policies and toggling a break build, see Policy Management Overview. |
Manage your integrations. Checkmarx One supports integration with code repositories, feedback apps, cloud connection, CI/CD, and IDE. For an overview of all available integrations, see Checkmarx One Integrations.
Screen | Description | Links |
|---|---|---|
Feedback Apps | The Feedback Apps screen lets you create alerts in email or team collaboration apps. Alerts can be triggered by scan completion or vulnerability detection. | To connect and configure feedback apps, see Feedback Apps. |
Cloud Connections | The Cloud Connections screen lets you set up and configure private container repos to automatically pull images for scanning and runtime usage. | To set up an integration, read the guide for each repository under Private Registry Integration for Container Security Scanner. To set up a Sysdig integration, see Sysdig Integration - Runtime Usage. |
External Plugins | The External Plugins screen lets you download and view the source code for CLI, CI/CD, IDE, and vulnerability management plugins. | To see all IDE plugins and their features, see Checkmarx One IDE Plugins. |
Project Migration | The Project Migration screen lets you convert and export Checkmarx One projects to an external code repository. | To learn how to perform single-project and multi-project migrations to a cloud-hosted or self-hosted flow, see Project Migrations. |
Resources extend Checkmarx One's core features by tracking AI components, SCA, and API risks to improve security posture.
Codebashing, a secure-coding boot camp, trains developers in secure coding practices.
Screen | Description | Links |
|---|---|---|
AI Supply Chain Global Inventory | The AI Supply Chain Global Inventory lists all detected AI components in an account, enhancing AI transparency and enforcement. | To learn about all possible AI components in an application, see AI Supply Chain Security. To learn more about filtering projects out of AI scans, see Navigating AI Supply Chain. |
SCA Inventory and Risks | The SCA Inventory & Risks screen lists policy violations, vulnerabilities, and outdated versions of software packages. | To learn about all the risks associated with packages, see Global Inventory. |
SCA AppSec Knowledge Center | The SCA AppSec Knowledge Center lets you search vulnerabilities and affected packages by version and license. | To learn about the new version of the SCA AppSec Knowledge Center and see a sample workflow, see AppSec Knowledge Center. |
SCA Private Packages Catalog | The SCA Private Packages Catalog lists in-house libraries, indicating how many projects use outdated versions and the number of outdated versions in use. | To read the release notes and resolved issues for private packages, see Private Packages. |
API Inventory | The API Inventory shows a comprehensive list of the APIs used in an account and associated risks. | For descriptions of API parameters, see API Inventory. |
Codebashing | This is a link to Codebashing, the secure-code training platform for developers built by Checkmarx. | To learn about the assessments, challenges, tournaments in Codebashing, see What is Codebashing. |
In Settings, you can manage license, identity and access, tenant settings, imports, CxLinks, and display language.
Screen | Description | Links |
|---|---|---|
License | The License screen presents license details, consumption, and upgrade options. | For available license information and details on upgrading, see Viewing License Info and Upgrading a License. |
Global Settings | The Global Settings screen enables configuration of tenant-level parameters. These parameters apply to all applications, projects, and scans in the tenant account. | To learn how to control settings in most areas of your Checkmarx One account, including all scanner parameters, cloud insights, and code repositories, see Global Account Settings. |
Identity and Access Management | In Identity and Access Management (IAM), admin managers can manage authorization and access settings for all Checkmarx One users, as follows:
| For complete information on IAM in Checkmarx One, see User Management and Access Control. To learn how to open the IAM console, see Accessing the IAM console. |
Imports | Use the Imports screen to import external SAST environments into Checkmarx and see migration logs. | To learn how to export an outside environment and import it to Checkmarx One, see Importing SAST to Checkmarx One. |
CxLink | As an alternative to a site-to-site VPN, use CxLink to generate and delete links to simplify your firewall and security when importing repositories into Checkmarx One. | To set up the CxLink Client and create CxLinks, see CxLink. |
Language | The Languages popup lets you choose from three display languages: English, Korean, or Traditional Chinese. | |
Access Control | The Access Control screen has basic access control resets of your authentication method and devices. | To learn more about when to use these access control options, see Access Control. |
Have a problem or a suggestion? You can submit a ticket to the help desk or pitch an idea to the Idea Portal. Also, find the full guide to Checkmarx One.
Screen | Description | Links |
|---|---|---|
Contact Support | Contact Support opens a sliding pane to submit a ticket with attachments. | For details on submitting tickets, see Contacting Support. |
Suggest a Feature | Suggest a Feature opens the Idea Portal, where you can suggest a feature directly to Checkmarx’s Product Management department. | For a guide on using the Idea Portal, see the Idea Portal Overview. To learn about the Idea Portal and to register, click here. Already a user? Log in to the Idea Portal here. |
Version | Version shows the current version of Checkmarx One. Clicking it opens the full guide to Checkmarx One. | You can also find the full guide to Checkmarx One here. |