Custom States
Notice
Custom states is a BETA feature that will be rolled out in production environments in the coming weeks. This feature can only be activated for accounts that have Phase 1 of the new Access Management. Custom states is currently supported for risks identified by SAST, SCA, IaC Security and Container Security scanners.
Custom states allow more flexibility in triaging your scan results within your tenant account. This is especially relevant if you have CxSAST on-prem and are migrating to Checkmarx One or a tailored triage process that needs to integrate seamlessly with your existing workflows. Once created, custom states can be applied to risks identified in your projects in addition to the predefined states in Checkmarx One. Currently, creating custom states in a tenant account can only be done via REST API, and requires tenant admin permission. Once created, custom states can be applied to specific risks via the Checkmarx One web application (UI), CLI and plugins.
Notice
In the upcoming release, custom state creation and management will be supported also via the web application.
When a custom state is created via the API, the tenant admin automatically receives the dynamic permission to edit its result. Specific users must be assigned permissions manually in Access Management. Deleting a custom state removes its permission, but existing results with the state will still display it. Editing a custom state or assigning it to a scan result follows the same process as predefined states.
When editing a result in the results viewers, the five predefined states will always appear at the top, separated by a divider from the custom states listed alphabetically. If the list exceeds 10 states, an auto-complete search field will appear for easier navigation.
 |
In addition to being shown in all relevant places in the Checkmarx One web application, custom states are also supported in the context of
Feedback Apps
CLI tool (from version 2.3.16 and above)
IDE plugins (recent versions)