- Checkmarx Documentation
- Checkmarx One
- Checkmarx One User Guide
- Checkmarx One Reports
- SCA (Package) Reports
- SCA Scan Reports
- Checkmarx One SCA Scanner Reports
Checkmarx One SCA Scanner Reports
You can export comprehensive Scan Reports for scans run in Checkmarx SCA. The report shows an overview of the security of your project as well as specific vulnerabilities, legal risks, and outdated versions identified by the scan. Reports can be generated in pdf, xml, json, or csv format and downloaded locally.
Notice
The info shown in the Scan Report is similar to the info shown in the web portal on the Scan Results page.
We do not currently support the option to filter results included in a Scan Report. However, it is possible to filter the data exported as a CSV file from the Global Inventory & Risks page. So, on the Global Inventory & Risks page, you can filter for a specific Project and then apply additional filters as needed in order to generate a customized report for a particular Project.
Reports show data for the following subjects:
Packages - shows info about the open source packages used by your project that contain risks, including: security vulnerabilities, license violations, and outdated versions. The info is separated into a direct packages table and a transitive packages table.
Vulnerabilities - shows info about all of the security vulnerabilities that were identified in the open source packages used by your project, including: severity level, CVE references, remediation recommendations etc.
Licenses - shows the licenses that you have for the packages in your project and the legal risks associated with those packages.
Policy Violations - shows any security Policies which the Project violates.
When you generate a report, you can specify whether you want to include all sections or only specific sections.