Viewing Results from All Scans (v8.9.0 to v9.2.0)

To view scan results, you can view either of the following tables:

  • In Projects & Scans > Projects, view an individual project scan results.
  • In  Projects & Scans > All Scans, view the results from all scans.

To see one project scan results using the All Scans table, in the project's row, click Open Viewer .

Projects Scan List and Actions

In Projects & Scans > Projects, various scans and action lists are available (see Creating and Configuring Projects).


Scan List

 View Project Scans

Displays the project in the individual project path, for example, Projects & Scans/View Project Scans/My Java Projects.
 Full Scan
A scan of the whole project. If the project is configured for a local location, this will require uploading a zip file with the updated source code.

 Incremental Scan

A scan of only new and modified files since the last previous scan. 

Incremental scan significantly shortens the scan time, but it is not recommended for projects with significant amounts of changes.

 Branch Project

The Branch Project operation is similar to copy project, but it copies a different set of properties: Preset, Team and the Last scan from the source project with all results and remarks.
 Duplicate Project
Duplicate Project creates a new project based on the setting of an existing one. From the existing project it will copy the following: Preset, Team, Exclusions, Scheduling, Pre-scan emails, Post-scan emails and Scan failure emails.

All Scans

All Scan results appear in a table with each row representing an individual scan result set. You can manage the table, including sorting by Scan Date, Scan Complete date, Project Name, or Risk Level Score. 

- indicates scan in process
- indicates a full scan

Aditionally indicates a partial scan. Information about why only a partial scan was performed is provided in Scan Summary. For more information about partial scans, refer to the FAQ section.

- indicates an incremental scan

Each row of the scan results table includes a Risk Level Score and a risk indicator bar, showing the overall risk calculation of all vulnerabilities found in this scan. Some of the other columns are:

  • Initiator: The user who activated the scan
  • Origin: The system from which the scan was activated
  • LOC: The number of Lines of Code in the project
  • Team: Team that the scan is assigned to
  • Server Name: The CxEngine server that performed the scan
  • Cx Version: The CxSAST version number at scan time.
  • Comments: Indicates any comments maintained for the project, for future scans and for instances that continue to be found.
  • Access: Defines whether the scan is a private scan (not visible to others, but can be viewed by immediate managers) or a public scan.
  • Locked: Specific scans may be marked as “Locked” to avoid automated purging of important scan data. Locked scans cannot be deleted.
  • There are also additional available Actions.

If a scan was initiated for a non-local project (or, for an Incremental scan for a local project) with no code changes since the previous scan, the Comments indicate that the scan was not actually performed.

Selecting a scan in the table displays its details at the bottom of the window: 

The Monitoring tab provides two graphical summaries of found vulnerabilities:

    • The Top 5 High and Medium Vulnerabilities chart shows the five most common High and Medium vulnerabilities found in this scan.
    • The Risk Indicator chart represents the correlation between the severity and the quantity of the results.
      • Severity - Axis X (value between 0 and 100) is calculated according to the number of High, Medium and Low severity results
      • Quantity - Axis Y (value between 0 and 100) is calculated according to the number of High, Medium and Low severity results

The Comments tab allows you to write comments on the scan results. 

Deleting Scans

To delete one or more scans:

Select the rows of the requested scans.

Click the Delete button. A prompt appears, requesting you to confirm the deletion operation.

Click OK

If the user does not have the authorization required for deleting scans, no scan will be deleted. 

If one or more of the scans is locked, a message appears indicating, for example, that only 2 of the 3 scans were deleted succefully.

Clicking the Export as CSV File  options downloads the DeleteErrors.csv file, which displays the details of the locked scans.

Unlocking all scans indicated in the report enables full deletion of the project.

Comparing Scans

To compare scans:

In Projects & Scans > All Scans, select two scans to compare.

Click the Compare Scans option. The Scans Compare screen is displayed. 

Click on the Results button in order to see a 'file compare' showing the code differences in each file, grouped by vulnerability/scan result.