Cyver Core allows you to directly import Checkmarx scan results and reports into the platform using XML. Here, you can import SAST results on an ongoing basis with the API, import your entire library, or import individual vulnerabilities. Cyver Core supports imports across the full Checkmarx toolset, including code, repository, API, and other security scans. You can also import assets and link those to vulnerabilities.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated |
|
| Title | <title>Download_of_Code_Without_Integrity_Check</title> | |
| Type | Vulnerability Observation |
|
| Assets | ||
| Description | ||
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
<severity>High</severity> |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
<cweList>CWE-494</cweList> |
| CVEList | for example: CVE-1; CVE-721 |
|
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | <backgroundInformation>PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control</backgroundInformation> | |
| Recommendation | ||
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | <evidence> <title>/root/header.jsp</title> </evidence> |
|
| Evidence Location | <evidence> <location>https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284</location> </evidence> |
|
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details | <evidence> <evidenceDetails> Code: Class.forName("org.hsqldb.jdbcDriver"); </evidenceDetails> </evidence> |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).