Scan History

Select the Scans tab to get details on the scan results for the selected security pipeline.

 

 

Each performed scan is presented as a separate string. The string contains the following fields:

  • The scan ID in Maverix. Click the value in this column for detailed information about the scan. The following page appears.



    This page displays the following information.
    • Details.
    • Scan target.
    • Quality gate: information on passing the specified Quality Gate.
    • Quality gate condition violations — information on exceeding the threshold values defined in the profile of connected Quality Gate.
    • Status.
    • Started.
    • Duration.
    • CI system.
    • Ext build ID. Clicking on a value will take you to the corresponding CI / CD tool.
    • Started from — the method to start scanning.
    • Branch of code base.
    • Issue import results — the result of importing Security Issues in the form of a diagram with the distribution by status (New, Repeated, Fixed). There is an icon next to the diagram. Click it to go to the list of security issues detected during this scan. It's possible to update data on the page (Refresh data button).
  • Details — scan status in the orchestration tool:
    • image149.png — SUCCESS.
    • image126.png — FAILURE.
    • Maverix BYPASSED.

 

With Quality Gate set, the scan results from TeamCity and Maverix perspectives can be significantly different. Running a scan in the orchestration tool could be successful, but the criteria defined in QG in terms of security and compliance risks identified may not be met. In this case, the QG Check status in Maverix may be "Failed" and the security pipeline has to be aborted because the QG criteria haven't been met. For example, after QG criteria aren't met, the step of deploying the build to the target environment should not be performed. If QG isn’t set and the scan is successfully completed in the CI/CD tool (TeamCity), the scan result in Maverix is defined as "Passed". The scan status in Maverix from a QG perspective is displayed in the SAST QG, SCA QG, and DAST QG fields.

 

  • Version —version of the scanned artifact.
  • Build — the build version of the scanned artifact. For source code pipelines, this field is called Branch and contains the branch name.
  • Started.
  • Duration.
  • SAST QG — scan status in Maverix in terms of the specified SAST QG. If QG is not set, this field is empty. If QG is set, but criteria specified in QG aren't met, this field contains the Failed image126.png icon. Click this icon to get detailed information on the scan results.

 

  • If QG is set, and criteria specified in QG are met, this field will contain the Passed image149.png.
  • SCA QG — scan status in Maverix in terms of the specified SCA QG. If QG is not set, this field is empty. If QG is set, but criteria specified in QG aren't met, this field contains the Failed image126.png icon. Click this icon to get detailed information on the results. If QG is set, and criteria specified in QG are met, this field will contain the Passed image149.png.

 

image163.png

  •  
  • DAST QG — scan status in Maverix in terms of the specified DAST QG. If QG is not set, this field is empty. If QG is set, but criteria specified in QG aren't met, this field contains the Failed image126.png icon. Click this icon to get detailed information on the results. If QG is set, and criteria specified in QG are met, this field will contain the Passed image149.png.
  • EXTERNAL ID — the external scan ID. Clicking on a value will take you to the corresponding CI / CD tool.