The CxOSA Full Report provides information about the distribution of security issues for the job/project and is divided into the following categories:
If the build failed due to CxOSA and/or CxSAST policy violations, then a unified report will be displayed showing the following information:
- Number of violated policies
- Names of violated policies
- Names of respective rules violated
- Type of scan used
- Number of instances of a violated rule
- First detection date
A textual summary of the scan results can be viewed in the Logs (Build Results Summary > Logs > View).
The source repository should be checked out in the same Job as the Checkmarx Task for the CxSAST Bamboo plugin to recognize the checkout folder. Using plan level repositories that are checked out in other Job/Stage is not yet supported. In this case a log message that "repository was not found" is displayed in the logs.
The ‘PDF report location:’ URL provides navigation to the current CxSAST scan results in PDF format: