Skip to main content

SCS Reports

You can generate reports for SCS scans. The reports included both a high level summary of the results as well as detailed information about specific risks that were identified. The reports use the standard functionality for generating Checkmarx One scan reports. For more information about generating scan reports in Checkmarx One, see Scan Reports.

Limitations

  • Currently, only Scan Reports are supported for SCS, not Project Reports.

  • Currently, SCS reports only include a summary of the vulnerabilities by severity level, not vulnerability details.

Generating SCS Reports from the Web Application (UI)

Use one of the following methods to generate an SCS report from the Checkmarx One web application.

  • Go to the project details page for a project that ran the SCS scanner. Open the Scan History tab, find the relevant scan and click on the more options icon More_Options.png. Then, select either Generate Default Report or Customize Report from the drop-down menu (depending on whether you want to customize the report).

    Image_1372.png
  • Alternatively, on the Insights Insights.png Analytics page click on the Reports button in the top right corner. In the side panel that opens, set the Report Type as Scan and make sure that Supply Chain Security Vulnerabilities is selected under Customization Settings .

Generating SCS Reports from the CLI

SCS reports can be generated via CLI while running the scan using scan create or as a separate action using results show. For more details, see here. When generating a pdf report, for --report-pdf-options specify scs (or ScanResults for all scanners).

Notice

Reports generated via the CLI use the standard scan report format. There is a newer type of customized scan report that can be generated via API or from the web application.

Generating SCS Reports via REST API

SCS scan reports can be generated via REST API. They are included in the customized scan reports created using the v2 Customized Reports API.

Set the reportName as improved-scan-report. And, for the filters > scanners specify microengines.