SCS Reports
You can generate reports for SCS scans. The reports included both a high level summary of the results as well as detailed information about specific risks that were identified. The reports use the standard functionality for generating Checkmarx One scan reports. For more information about generating scan reports in Checkmarx One, see Scan Reports.
Limitations
Currently, only Scan Reports are supported for SCS, not Project Reports.
Currently, SCS reports only include a summary of the vulnerabilities by severity level, not vulnerability details.
Generating SCS Reports from the Web Application (UI)
Use one of the following methods to generate an SCS report from the Checkmarx One web application.
Go to the project details page for a project that ran the SCS scanner. Open the Scan History tab, find the relevant scan and click on the more options icon . Then, select either Generate Default Report or Customize Report from the drop-down menu (depending on whether you want to customize the report).
Alternatively, on the Insights Analytics page click on the Reports button in the top right corner. In the side panel that opens, set the Report Type as Scan and make sure that Supply Chain Security Vulnerabilities is selected under Customization Settings .
Generating SCS Reports from the CLI
SCS reports can be generated via CLI while running the scan using scan create
or as a separate action using results show
. For more details, see here. When generating a pdf report, for --report-pdf-options
specify scs
(or ScanResults
for all scanners).
Notice
Reports generated via the CLI use the standard scan report format. There is a newer type of customized scan report that can be generated via API or from the web application.
Generating SCS Reports via REST API
SCS scan reports can be generated via REST API. They are included in the customized scan reports created using the v2 Customized Reports API.
Set the reportName
as improved-scan-report
. And, for the filters
> scanners
specify microengines
.