- Checkmarx Documentation
- Checkmarx One
- Checkmarx One CLI Tool
- Checkmarx One CLI Commands
- triage
triage
The triage
command is used for managing risks in Checkmarx One.
For more information about triaging results in Checkmarx One, see Managing (Triaging) Vulnerabilities.
Usage
./cx triage [command] [flags]
Triage Commands
triage
can be used with the following commands:
triage update
The triage update command is used to triage the results in Checkmarx One.
Usage
./cx triage update [flags]
Flags
- --comment <string>
Optional comment.
- --help
Help for the update command.
- --project-id <string> (Required)
The project ID of the project for which this profile change will take effect.
- --scan-type <string> (Required)
The type of scanner that identified the risk. Options are: sast, kics or scs.
- --severity <string> (Required)
Specify the severity of the vulnerability. Options are: critical, high, medium, low or info.
- --similarity-id <string> (Required)
The unique identifier of a specific instance of a vulnerability.
- --state <string> (Required)
Specify the current state of this vulnerability. Options are: to_verify, not_exploitable, proposed_not_exploitable, confirmed or urgent.
Notice
The states mentioned above are pre-configured for all Checkmarx One accounts. In addition, you can create custom states in your account. Once they are created, you can assign those custom states to results (currently supported only for SAST results, for more info see Custom States.
Examples
Update result
./cx triage update --scan-type <scan-type> --project-id <project-id> --similarity-id <similarity-id> --state <state> --severity <severity>
user@laptop:~/ast-cli$ ./cx triage update --scan-type "sast" --project-id "885ca4ad-5926-4177-b51c-fa1d11248d84" --similarity-id "549106280" --state "confirmed" --severity "low" Predicate updated successfully.
triage show
The triage show command is used to retrieve a list of all changes made to the predicate of a specific risk instance.
Usage
./cx triage show [flags]
Flags
- --format <string> (Default: list)
The output format for the response. Possible values are
json
,list
ortable
.- --help
Help for the triage show command.
- --project-id <string> (Required)
The project ID of the project for which you want to see the changes.
- --scan-type <string> (Required)
The type of scanner that identified the risk. Options are: sast, kics or scs.
- --similarity-id <string> (Required)
The unique identifier of the specific risk instance.
Examples
Sample command:
./cx triage show --scan-type <scan-type> --project-id <project-id> --similarity-id <similarity-id>
Sample response:
user@laptop:~/ast-cli$ ./cx.exe triage show --scan-type "sast" --project-id "885ca4ad-5926-4177-b51c-fa1d11248d84" --similarity-id "549106280" Fetching the predicate history for SimilarityId : 549106280 ID : d10e7acd-d59a-4cbf-afd1-146e0253f23e Project ID : 885ca4ad-5926-4177-b51c-fa1d11248d84 Similarity ID : 549106280 Severity : LOW State : CONFIRMED Comment : Can wait till Q3 CreatedBy : service-account-user_client Created at : 01-03-22 ID : 5147c12a-9021-4c25-97c7-b0cc27a6a449 Project ID : 885ca4ad-5926-4177-b51c-fa1d11248d84 Similarity ID : 549106280 Severity : MEDIUM State : TO_VERIFY Comment : assigned to appsec team A CreatedBy : user Created at : 01-03-22 ID : f590fdb8-1a1a-492f-ab3d-8e3693e59359 Project ID : 885ca4ad-5926-4177-b51c-fa1d11248d84 Similarity ID : 549106280 Severity : HIGH State : TO_VERIFY Comment : CreatedBy : user Created at : 01-03-22