Consolidated Project State (v8.9.0 and up)

The Consolidated Project State window provides a high level summary of the status of each project.

To display the Consolidated Project State window:

Go to Dashboard > Project State and click the link on the Project Name. The Consolidated Project State window is displayed. 

Summary

You can perform the following actions from the Consolidated Project State window:

  • Full Scan - perform a SAST scan for the whole project 
  • Incremental Scan - perform a SAST scan for only new and modified files since the last scan

  • Run OSA - perform Open Source Analysis on predefined open source libraries associated with this project.

    Note that a purchased or trial CxOSA license is required in order to run CxOSA projects. Please contact your Checkmarx Administrator.

    CI/Build plugins now use new core library with better compatibility and increased result accuracy. The new capability extracts dependencies resolving manifest files on the customer side.

    Additional Actions:

    • Edit Project - displays the projects details
    • Open Scan Summary - displays the scan summary
    • Open Viewer - displays the scan results viewer

    • CxOSA Viewer - displays the CxOSA scan results viewer (see Getting to Know the CxOSA Viewer in the Checkmarx OSA Documentation).

      Action options on the Consolidated Project State window are available according to the user's permissions.

Current Status - Includes the time/date stamp indicating the date and time of the last SAST scan 

SAST Vulnerabilities Status

Provides a graph with the status of each vulnerability severity.

 -  All new vulnerability instances discovered accorsding to severity (high, medium and low)

 - Recurring vulnerability instances from previous scan

 Solved is defined as vulnerabilities fixed/solved since last scan

If no scans have yet been performed a "No Scans Performed" message is displayed. For more details about projects and scans, refer to Creating and Configuring Projects.

If a new scan is currently in progress a "New Scan in Progress "message is displayed. For more details about the status of the scan, refer to the Queue.

Click the Full Scan Results link to display the Scan List for this project.

SAST Progress Status

Provides a graph with the progress status of each vulnerability severity.

 -  All new vulnerability instances discovered according to severity (high, medium and low) 
 - Vulnerability instances from previous scan
 - Fixed/solved vulnerability instances from previous scan
 - Recurring vulnerability instances from previous scan

Open Source Analysis (CxOSA)

Open Source Analysis (OSA) helps you manage the security risk involved in using open source libraries in your applications. This provides open source analysis results for predefined open source libraries associated with this project. Includes a stamp indicating the date and time of the last analysis.

In order to start working with CxOSA, you need to accept the End User License Agreement (EULA). Click the View EULA button, read and accept the agreement. 

The following summary results are displayed:

  • No Known Vulnerable Libraries - Number of libraries without any known security vulnerabilities.
  • Vulnerable LibrariesDistribution of the vulnerable libraries:
    • Vulnerable - number of libraries that have at least one security vulnerability
    • Outdated - number of vulnerable libraries for which a newer version is available (major vs minor release).

If the Open Source Analysis license has not yet been enabled for this project a warning message is displayed. Please contact your Checkmarx Administrator.

Click the Run Analysis Now link to perform an Open Source Analysis. A "New Open Source Analysis is in progress" indicator is displayed.

If the Open Source Library directory location has not yet been configured and you try to run CxOSA, a warning message is displayed. Click on the link and define the Open Source Libraries location before continuing with the analysis.

For more information about Running Open Source Analysis and Open Source Analysis (CxOSA) in general, see Initiating a CxOSA Scan in the Checkmarx CxOSA Documentation.

Scan History

Click the Scans History tab to display the scan results for the project.