Custom States

Custom states allow more flexibility in triaging your scan results within your tenant account. This is especially relevant if you have CxSAST on-prem and are migrating to CxOne or a tailored triage process that needs to integrate seamlessly with your existing workflows. Once created, custom states can be applied to risks identified in your projects in addition to the predefined states in Checkmarx One. Currently, creating custom states in a tenant account can only be done via REST API, and requires tenant admin permission. Once created, custom states can be applied to specific risks via the Checkmarx One web application (UI), CLI and plugins.

When a custom state is created via the API, the tenant admin automatically receives the dynamic permission to edit its result. Specific users must be assigned permissions manually in Access Management. Deleting a custom state removes its permission, but existing results with the state will still display it. Editing a custom state or assigning it to a scan result follows the same process as predefined states.

When editing a result in the SAST results viewer, the five predefined states will always appear at the top, separated by a divider from the custom states listed alphabetically. If the list exceeds 10 states, an auto-complete search field will appear for easier navigation.