SCA Scanner Parameters

The parameters that will be defined for the SCA scanner will be applied for all the Projects that will run SCA scans.

The table below presents all the optional parameters, and their optional values.

Parameter	Values	Notes
Folder/file filter	Allow users to select specific folders or files that they want to include or exclude from the code scanning process.	Including a file type - .java Excluding a file type - !.java Use “,” sign to chain file types. for example: .java,.js The parameter also supports including/excluding folders. regex is not supported.
Exploitable Path	Toggle On/Off	When Exploitable Path is activated, scans that use the SCA scanner will identify whether or not there is an exploitable path from your source code to the vulnerable 3rd party package. Learn more about Exploitable Path.
Exploitable Path Configuration	Radio button selection	The Exploitable Path feature uses queries in the SAST scan of your project to identify exploitable paths to vulnerable 3rd party packages. Therefore, it is always necessary to run a SAST scan on the project in order to get results for Exploitable Path. Whenever you run a Checkmarx One scan with both the SAST and SCA scanners selected, Exploitable Path uses the results of the current SAST scan for analysis. When you run a Checkmarx One scan with only the SCA scanner selected, Checkmarx One can either use results from a previous SAST scan or it can initiate a new SAST scan (using default settings) that runs the Exploitable Path queries. Select one of the following configurations: Use SAST scans for past _ day/s - specify the number of days for which results from a historic SAST scan will be used for Exploitable Path. If no scan was run within the specified period, then a new scan will be triggered. Warning Not fully supported in all environments. The default value of one day may be applied automatically. Do not use existing SAST scans - Whenever you run a Checkmarx One scan with only the SCA scanner selected, a SAST scan will be triggered automatically in order to run the Exploitable Path queries.

Parameter

Values

Notes

Folder/file filter

Allow users to select specific folders or files that they want to include or exclude from the code scanning process.

Including a file type - *.java
Excluding a file type - !*.java
Use “,” sign to chain file types.
for example: *.java,*.js
The parameter also supports including/excluding folders.
regex is not supported.

Exploitable Path

Toggle On/Off

When Exploitable Path is activated, scans that use the SCA scanner will identify whether or not there is an exploitable path from your source code to the vulnerable 3rd party package.

Learn more about Exploitable Path.

Exploitable Path Configuration

Radio button selection

The Exploitable Path feature uses queries in the SAST scan of your project to identify exploitable paths to vulnerable 3rd party packages. Therefore, it is always necessary to run a SAST scan on the project in order to get results for Exploitable Path.

Whenever you run a Checkmarx One scan with both the SAST and SCA scanners selected, Exploitable Path uses the results of the current SAST scan for analysis. When you run a Checkmarx One scan with only the SCA scanner selected, Checkmarx One can either use results from a previous SAST scan or it can initiate a new SAST scan (using default settings) that runs the Exploitable Path queries. Select one of the following configurations:

Use SAST scans for past _ day/s - specify the number of days for which results from a historic SAST scan will be used for Exploitable Path. If no scan was run within the specified period, then a new scan will be triggered.
Warning
Not fully supported in all environments. The default value of one day may be applied automatically.
Do not use existing SAST scans - Whenever you run a Checkmarx One scan with only the SCA scanner selected, a SAST scan will be triggered automatically in order to run the Exploitable Path queries.

In this section:

SCA Scanner Parameters

Warning

Search results