Skip to main content

triage

The triage command is used for managing risks in Checkmarx One.

For more information about triaging results in Checkmarx One, see Managing (Triaging) Vulnerabilities.

Usage

./cx triage [command] [flags]

Triage Commands

triage can be used with the following commands:

triage update

The triage update command is used to triage the results in Checkmarx One.

Usage

./cx triage update [flags]

Flags

Glossary
--comment <string>

Optional comment.

--help

Help for the update command.

--project-id <string> (Required)

The project ID of the project for which this profile change will take effect.

--scan-type <string> (Required)

The type of scanner that identified the risk. Options are: sast, kics or scs.

--severity <string> (Required)

Specify the severity of the vulnerability. Options are: critical, high, medium, low or info.

--similarity-id <string> (Required)

The unique identifier of a specific instance of a vulnerability.

--state <string> (Required)

Specify the current state of this vulnerability. Options are: to_verify, not_exploitable, proposed_not_exploitable, confirmed or urgent.

Examples

Update result
./cx triage update --scan-type <scan-type> --project-id <project-id> --similarity-id <similarity-id> --state <state> --severity <severity>
user@laptop:~/ast-cli$ ./cx triage update --scan-type "sast" --project-id "885ca4ad-5926-4177-b51c-fa1d11248d84" --similarity-id "549106280"  --state "confirmed" --severity "low"
Predicate updated successfully.

triage show

The triage show command is used to retrieve a list of all changes made to the predicate of a specific risk instance.

Usage

./cx triage show [flags]

Flags

Glossary
--format <string> (Default: list)

The output format for the response. Possible values are json, list or table.

--help

Help for the triage show command.

--project-id <string> (Required)

The project ID of the project for which you want to see the changes.

--scan-type <string> (Required)

The type of scanner that identified the risk. Options are: sast, kics or scs.

--similarity-id <string> (Required)

The unique identifier of the specific risk instance.

Examples

Sample command:

./cx triage show --scan-type <scan-type> --project-id <project-id> --similarity-id <similarity-id>

Sample response:

user@laptop:~/ast-cli$ ./cx.exe triage show --scan-type "sast" --project-id "885ca4ad-5926-4177-b51c-fa1d11248d84" --similarity-id "549106280"
Fetching the predicate history for SimilarityId : 549106280

ID            : d10e7acd-d59a-4cbf-afd1-146e0253f23e
Project ID    : 885ca4ad-5926-4177-b51c-fa1d11248d84
Similarity ID : 549106280
Severity      : LOW
State         : CONFIRMED
Comment       : Can wait till Q3
CreatedBy     : service-account-user_client
Created at    : 01-03-22

ID            : 5147c12a-9021-4c25-97c7-b0cc27a6a449
Project ID    : 885ca4ad-5926-4177-b51c-fa1d11248d84
Similarity ID : 549106280
Severity      : MEDIUM
State         : TO_VERIFY
Comment       : assigned to appsec team A
CreatedBy     : user
Created at    : 01-03-22

ID            : f590fdb8-1a1a-492f-ab3d-8e3693e59359
Project ID    : 885ca4ad-5926-4177-b51c-fa1d11248d84
Similarity ID : 549106280
Severity      : HIGH
State         : TO_VERIFY
Comment       :
CreatedBy     : user
Created at    : 01-03-22
In this section: