Getting to Know the System Dashboard (v8.8.0)

Overview

The CxSAST web interface v7.2 and up includes drop-down navigation menus for each relevant module, as follows:

Visual indicators are displayed just underneath the Checkmarx logo/version and may include:

Type of product edition currently installed - SDLC or Security Gate
Expiry date of the current CxSAST license. The indicator appears 90 days (defined in the DB) before the actual license expiry date and, if defined, an email notification is automatically sent to the CxSAST System Administrator.

The Services &Support button allows CxSAST users to navigate to available support resources on our new Checkmarx Customer Center portal. This portal enables the option to open tickets and also provides access to useful Checkmarx links.

CxSAST web interface menu items are described below.

Dashboard Menu

View the state of your engines, scans and queues:

Project State: The current project state, including project information such as Risk level score, High/Medium vulnerabilities, LOC, and Last scan date.

Failed Scans: Log of failed scans, including reason or partial explanation such as "failed to start scanning due to one of the following reasons: source folder is empty, all source files are of an unsupported language or file format".

Utilization: A graphic interface divided into the following four quadrants:

Engine State: Provides information about the number of scans to engine ratio.
Queue State: Provides information about the number of scans in the queue and their LOC size/ Average waiting time.
Projects with Longest Scans: Provides information about the Top 3 scans in the Longest Waiting Time category.
Queue Load: Provides perspective about the queue load over a 7 day period. The darker the blue the more in the queue; whereas the empty cell with the black outline is the queue running now.

Risk: The Risk graph at the upper half of the window displays the High Risk projects over the last 7 day period, while the lower half displays the Risk Trend of selected projects and Time periods.

Projects and Scans

View projects scans and queues:

Create New Project: Starts the New Project wizard.
Queue: View statuses of currently running scans.
Projects: All projects configured for groups in which the logged-on user is a member.
All Scans: Existing scan results of projects configured for groups in which the logged-on user is a member.

Management Settings

Manage Scan and Server settings:

Scan Settings:

Query Viewer: View and manage queries used in the system.
Preset Manager: Create and manage sets of queries according to your needs.
Pre & Post Scan Actions: Allows defining actions, based on preloaded scripts that will run prior or post scan.
Source Control Users: View and modify details of user accounts for accessing source control repositories.

Connection Settings:

LDAP Servers: Define an LDAP Server for your environment.
SAML: Configure SAML for your environment.
Issue Tracking Settings: Configure issue tracking.

Application Settings:

General: Folder locations, SMTP, and other settings.
License Details: The installed license details, including supported languages, roles, and number of companies and service providers.
Installation Information: Locations of server components.
External Services: Define settings for external services (e.g. Codebashing).
Engine Management: Manage single/multiple engines.

Maintenance:

Data Retention: Set the requested policy for deleting scans from all projects in the system.

Manage Custom Fields:

Manage Custom Fields: Define project attributes (metadata) by using custom fields

Users & Teams

Manage users and the user hierarchy:

Organization: Configure the organizational hierarchy
Confirm Users: Confirm users who self-registered

Data Analysis

View and analyze scan-related data.

My Profile

Change personal details (for all user types) and password (only for Application local users, not Windows domain users) of logged-on user.