Skip to main content

Reviewing Scan Results

Scan results activated by Jenkins are displayed in the Jenkins web interface and the CxSAST interface, as explained in Navigating Scan Results in CxSAST. The results are saved in Jenkins and, if defined, can be sent by email as a Jenkins post-scan action, as explained in Setting up Scans in Jenkins.


The synchronous mode, as defined in Setting up Scans in Jenkins, enables viewing scan results in Jenkins. If cleared (asynchronous mode), the build's scan results are not displayed. A link to the scan results in the CxSAST web application is provided with the build results. In this case, any results displayed in Jenkins are from the previous successful scan.


The Checkmarx SAST Security Vulnerabilities Trend graph is displayed in the Jenkins Job/Project dashboard. It provides the number of found vulnerabilities for each severity level and by the last recent builds. A graphical side-by-side summary of the CxSAST results can also be viewed in the Jenkins Job/Project dashboard under Checkmarx Report. Summaries and full reports can be viewed per application and consist of the elements listed and explained below.


The results displayed in the Checkmarx report depend on which scan options were enabled during the scan configuration.