- Checkmarx Documentation
- SAST/SCA Integrations
- CI/CD Plugins
- TeamCity Plugin
- Reviewing Scan Results in TeamCity
Reviewing Scan Results in TeamCity
Scan results retrieved by TeamCity are displayed in TeamCity and CxSAST. For additional information, refer to Navigating Scan Results in CxSAST.
Notice
Scanning in Synchronous Mode enables viewing the scan results in TeamCity. In Asynchronous Mode, only a link to the scan results in the CxSAST web platform is provided with the build results.

The Checkmarx Report on the Build Results Dashboard provides a graphical side-by-side summary of the scan results.
The CxSAST Summary provides information about the distribution of security issues for the plan/project and is divided into the following categories:
Status Bar – red indicates that issues have been found which exceed the threshold or cause a violation of one or more policies:
Status Bar – green indicates a passed scan:
Vulnerabilities Status – This graph represents the status and severity of security vulnerabilities discovered during a scan as explained in the legend.
This graph represents the status and severity of security vulnerabilities discovered during a scan as listed in the table below.
Label
Description
Recurrent
The status of a vulnerability is recurrent if it was already discovered in a previous scan.
New
The status of a vulnerability is new if it was discovered for the first time, or if it was re-opened after being resolved in a previous scan.
Default Threshold
Indicates the default threshold setting.
High
Indicates the number of high severity vulnerabilities.
Medium
Indicates the number of medium severity vulnerabilities.
Low
Indicates the number of low severity vulnerabilities.
Results
Provides a link to the code viewer in CxSAST. Refer to Navigating Scan Results in CxSAST for additional information.
PDF Report
Provides a link to the CxSAST report in PDF format.
The CxSAST Full Report provides information about the distribution of security issues for the build/project and is divided into the following categories:
Report Criteria – Provides the following information:
Start/End – Start and end time of the CxSAST scan.
Files – Total number of scanned files.
Code Lines – Total number of scanned lines of code.
Vulnerability Type – Provides a list of the vulnerabilities found, the distribution of the vulnerabilities by type (high, medium and low) and the number of vulnerability instances for each type.
Analyze Results – Provides a link to the source code viewer in CxSAST. Foir additional information, refer to Navigating Scan Results in CxSAST.
PDF Report – Provides a link to the CxSAST report in PDF format.
The CxSCA Summary provides the following information:
Displays the vulnerabilities scored in three categories: high, medium and low
Lists the number of vulnerable, outdated and clean libraries.
The CxSCA Full Report provides the following information:
Lists the number of vulnerabilities scored in three categories: high, medium, low
Identifies the libraries and the vulnerability code.
Indicates the number of scanned libraries and thge scan date.
Provides a link to CxSCA WebApp to allow viewing the results in detail.
The CxOSA Summary provides information about the distribution of security issues for the build/project and is divided into the following categories:
Vulnerabilities & Libraries Status - provides a graph with the status of each vulnerability severity and the number of found vulnerability instances for each severity level.
Label
Description
Default Threshold
Indicates the default threshold setting.
High
Indicates the number of high severity vulnerabilities.
Medium
Indicates the number of medium severity vulnerabilities.
Low
Indicates the number of low severity vulnerabilities.
Notice
CxOSA Summary takes vulnerability result states into consideration, for example Not Exploitable vulnerabilities are not aggregated in the global summary.
Results – Provides a link to the CxOSA Viewer in CxSAST.
Notice
If the build is marked as failed (High), the number of detected vulnerability instances may exceed the configured threshold.
The CxOSA Full Report provides information about the distribution of security issues for the build/project and is divided into the following categories:
Report Criteria – Provides the following information:
Start/End – Start and end time for the CxOSA analysis.
Libraries – Total number of analyzed libraries.
Vulnerability Type – Provides a list of the vulnerabilities found, the distribution of the vulnerabilities by type (high, medium and low) and the number of vulnerability instances for each type.
Analysis Results – Provides a link to the CxOSA Viewer in CxSAST.
Notice
Not Exploitable vulnerabilities are not aggregated in the global summary. In coordination with this, the CxOSA Full Report now displays Not Exploitable vulnerabilities with a strike-through.

If the build failed due to CxOSA and/or CxSAST policy violations, a unified report is displayed providing the following information:
Number of violated policies
Names of violated policies
Names of respective rules violated
Type of scan used
Number of instances of a violated rule
First detection date
A textual summary of the scan results can be viewed in the Build Log tab (Build Log > Step 1/1: Checkmarx).

Links to all the available reports are available in the Artifacts tab (Artifacts > Checkmarx).

To download a compressed file (.zip) of all available reports, click Download all (.zip).