Getting to Know the System Dashboard

Overview

The CxSAST web interface includes drop-down navigation menus for each relevant module, as follows:

DashboardProjects & Scans | Settings | Access Control | Management & OrchestrationMy Profile  | /wiki/spaces/CCCD/pages/1042874608 | Service & Support 

Visual indicators are displayed just underneath the Checkmarx logo/version and may include:

  • Type of product edition currently installed - SDLC or Security Gate
  • Expiry date of the current CxSAST license. The indicator appears 90 days (defined in the DB) before the actual license expiry date and, if defined, an email notification is automatically sent to the CxSAST System Administrator.

The Services & Support button allows CxSAST users to navigate to available support resources on our new Checkmarx Customer Center portal. This portal enables the option to open tickets and also provides access to useful Checkmarx links. 

CxSAST web interface menu items are described below.

Dashboard Menu

View the state of your engines, scans and queues:

  • Project State: The current project state, including project information such as Risk level score, High/Medium vulnerabilities, LOC, and Last scan date.
  • Failed Scans: Log of failed scans, including reason or partial explanation such as "failed to start scanning due to one of the following reasons: source folder is empty, all source files are of an unsupported language or file format".
  • Utilization: A graphic interface divided into the following four quadrants:
    • Engine State: Provides information about the number of scans to engine ratio.
    • Queue State: Provides information about the number of scans in the queue and their LOC size/ Average waiting time.
    • Projects with Longest Scans: Provides information about the Top 3 scans in the Longest Waiting Time category.
    • Queue Load: Provides perspective about the queue load over a 7 day period. The darker the blue the more in the queue; whereas the empty cell with the black outline is the queue running now.
  • Risk: The Risk graph at the upper half of the window displays the High Risk projects over the last 7 day period, while the lower half displays the Risk Trend of selected projects and Time periods.
  • Data Analysis: Displays a summary analysis of multiple projects. The data can be presented in several predefined configurations and you can also create your own tables. 

Projects and Scans

View projects scans and queues:

  • Create New Project: Starts the New Project wizard.
  • Queue: View statuses of currently running scans.
  • Projects: All projects configured for groups in which the logged-on user is a member.
  • All Scans: Existing scan results of projects configured for groups in which the logged-on user is a member.

Settings

Manage Scan and Application settings:

Scan Settings:

  • Query Viewer: View and manage queries used in the system.
  • Preset Manager: Create and manage sets of queries according to your needs.
  • Pre & Post Scan Actions: Allows defining actions, based on preloaded scripts that will run prior or post scan.
  • Source Control Users: View and modify details of user accounts for accessing source control repositories.

Application Settings:

  • General: Folder locations, SMTP, and other settings.
  • OSA Settings: Organization token, OSA scan options and test connection settings.
  • License Details: The installed license details, including supported languages, roles, and number of companies and service providers.
  • Installation Information: Locations of server components.
  • External Services: Define settings for external services (e.g. Codebashing enablement).
  • Engine Management: Manage single/multiple engines.
  • Data Retention: Set the requested policy for deleting scans from all projects in the system.
  • Issue Tracking Settings: Configure issue tracking.

Manage Custom Fields:

Access Control

 Manage teams, users, roles and access control settings.

Management & Orchestration

  • Policy Manager: Manage policies
  • Policy Violations: View policy violations
  • Remediation Intelligence: Manage remediation intelligence weight and rank settings
  • Analytics: View analytics results

My Profile

Change personal details (for all user types) and password (only for Application local users, not Windows domain users) of logged-on user.

/wiki/spaces/CCCD/pages/1042874608

Codebashing in-context eLearning platform. Codebashing is fully integrated into CxSAST so when developers encounter a security vulnerability they can activate the appropriate learning module at a single click. Once they have run through the hands-on training they get straight back to work equipped with the new knowledge to resolve the problem.

Services and Support

Checkmarx customer center with ticketing capabilities, access to the Checkmarx knowledge center and useful links to plugins, utilities and version updates..