checkmarx-ltd · cx-prathmesh-borle · Oct 10, 2025 · Oct 16, 2025 · Oct 16, 2025 · cx-rakesh-kadu
diff --git a/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.js b/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.js
@@ -172,7 +172,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
 
             for (item in jsonLastScanReportResp.results) {
                 if (((resultStateFilter == true && (result_state_array.indexOf(jsonLastScanReportResp.results[item].state.toUpperCase()) != -1)) ||
-                        resultStateFilter == false)) {
+                    resultStateFilter == false)) {
                     if (includesast == true && jsonLastScanReportResp.results[item].type == "sast" && shouldProcessSast == true) {
                         var isSastScanIncluded = 'false';
                         var scanTypeToCheck = '';
@@ -186,12 +186,11 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                                 m++;
                             }
                         }
-                        var sastScanUrl = '';
-
-                        if (!jsonLastScanReportResp.results[item].data.resultHash.indexOf('/') == -1) {
-                            sastScanUrl = apibaseurl + '/results/' + scanId + '/' + appId + '/sast?result-id=' + encodeURIComponent(jsonLastScanReportResp.results[item].data.resultHash) + '&amp;redirect=true';
-                        } else {
-                            sastScanUrl = apibaseurl + '/results/' + scanId + '/' + appId + '/sast';
+                        var sastResultsUrl = apibaseurl + '/sast-results/' + appId + '/' + scanId;
+                        var sastVulnerabilityLink = '';
+                        var resultHash = jsonLastScanReportResp.results[item].data.resultHash;
+                        if (resultHash && resultHash != '') {
+                            sastVulnerabilityLink = apibaseurl + '/sast-results/' + appId + '/' + scanId + '?resultId=' + encodeURIComponent(resultHash);
                         }
                         var sastId = jsonLastScanReportResp.results[item].id;
                         SASTscanDetailedAll += '<result id="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].similarityId) + '"' +
@@ -207,7 +206,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             ' line_no="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].data.nodes[0].line) + '"' +
                             ' cvssScore="' + this.UTIL.escapeXmlChars(cvssScore) + '"' +
                             ' recommendation="' + this.UTIL.escapeXmlChars(recommendedVersion) + '"' +
-                            ' sourcefile="' + this.UTIL.escapeXmlChars(apibaseurl + '/results/' + scanId + '/' + appId + '/sast') + '"' +
+                            ' sourcefile="' + this.UTIL.escapeXmlChars(sastResultsUrl) + '"' +
+                            ' vulnerability_link="' + this.UTIL.escapeXmlChars(sastVulnerabilityLink) + '"' +
                             ' cvssVector="' + this.UTIL.escapeXmlChars(cvssVector) + '"' +
                             ' first_found_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanReportResp.results[item].firstFoundAt)) + '"' +
                             ' state="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].state) + '"' +
@@ -243,6 +243,15 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             exploitable_method = 'Exploitable methods: ' + exp_path;
                         }
                         var scaseverity = jsonLastScanReportResp.results[item].severity;
+                        var scaResultsUrl = apibaseurl + '/results/' + appId + '/' + scanId + '/sca';
+                        var scaVulnerabilityLink = '';
+                        var cveId = jsonLastScanReportResp.results[item].id;
+                        if (cveId && sca_packageID) {
+                            var pathComponent = cveId + '%3A' + sca_packageID;
+                            var internalPath = '/vulnerabilities/' + pathComponent + '/vulnerabilityDetailsGql';
+                            scaVulnerabilityLink = apibaseurl + '/results/' + appId + '/' + scanId + '/sca?internalPath=' + encodeURIComponent(internalPath);
+                        }
+
                         SCAscanDetailedAll += '<result id="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].id) + '"' +
                             ' scan_type="sca"' +
                             ' cweId="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].vulnerabilityDetails.cweId) + '"' +
@@ -257,7 +266,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             ' package_unique_id="' + this.UTIL.escapeXmlChars(sca_packageID) + '"' +
                             ' recommendation="' + this.UTIL.escapeXmlChars(recommendedVersion) + '"' +
                             ' package_name="' + this.UTIL.escapeXmlChars(sca_packageID) + '"' +
-                            ' sourcefile="' + this.UTIL.escapeXmlChars(apibaseurl + '/results/' + appId + '/' + scanId + '/sca') + '"' +
+                            ' sourcefile="' + this.UTIL.escapeXmlChars(scaResultsUrl) + '"' +
+                            ' vulnerability_link="' + this.UTIL.escapeXmlChars(scaVulnerabilityLink) + '"' +
                             ' line_no="' + this.UTIL.escapeXmlChars(line) + '"' +
                             ' location="' + this.UTIL.escapeXmlChars(location) + '"' +
                             ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
@@ -275,6 +285,14 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
 
                         var kicsowasp = this._getOWASPTop10(jsonLastScanReportResp.results[item].vulnerabilityDetails.compliances);
                         var kicssans = this._getSANSTop25(jsonLastScanReportResp.results[item].vulnerabilityDetails.compliances);
+                        var kicsResultsUrl = apibaseurl + '/results/' + scanId + '/' + appId + '/kics';
+                        var kicsVulnerabilityLink = '';
+                        var kicsAlternateId = jsonLastScanReportResp.results[item].alternateId;
+                        if (kicsAlternateId && kicsAlternateId != '') {
+                            kicsVulnerabilityLink = apibaseurl + '/results/' + scanId + '/' + appId + '/kics?result-id=' +
+                                encodeURIComponent(kicsAlternateId);
+                        }
+
                         KICSscanDetailedAll += '<result id="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].similarityId) + '"' +
                             ' scan_type="kics"' +
                             ' cweId="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].data.queryId) + '"' +
@@ -287,7 +305,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             ' line_no="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].data.line) + '"' +
                             ' cvssScore="' + this.UTIL.escapeXmlChars(cvssScore) + '"' +
                             ' recommendation="' + this.UTIL.escapeXmlChars(recommendedVersion) + '"' +
-                            ' sourcefile="' + this.UTIL.escapeXmlChars(apibaseurl + '/results/' + scanId + '/' + appId + '/kics') + '"' +
+                            ' sourcefile="' + this.UTIL.escapeXmlChars(kicsResultsUrl) + '"' +
+                            ' vulnerability_link="' + this.UTIL.escapeXmlChars(kicsVulnerabilityLink) + '"' +
                             ' cvssVector="' + this.UTIL.escapeXmlChars(cvssVector) + '"' +
                             ' first_found_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanReportResp.results[item].firstFoundAt)) + '"' +
                             ' state="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].state) + '"' +
@@ -314,6 +333,21 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                         if (jsonLastScanReportResp.results[item].vulnerabilityDetails.cvss != null && jsonLastScanReportResp.results[item].vulnerabilityDetails.cvss != '') {
                             access_vector = jsonLastScanReportResp.results[item].vulnerabilityDetails.cvss.access_vector;
                         }
+
+                        // Container Security - Link to specific image vulnerabilities
+                        var containerResultsUrl = apibaseurl + '/container-security-results/' + appId + '/' + scanId;
+                        var containerVulnerabilityLink = '';
+                        var imageFilePath = jsonLastScanReportResp.results[item].data.imageFilePath;
+                        var imageName = jsonLastScanReportResp.results[item].data.imageName;
+                        var imageTag = jsonLastScanReportResp.results[item].data.imageTag;
+
+                        var encodedFilePath = encodeURIComponent(gs.base64Encode(imageFilePath));
+                        var fullImageName = imageName + (imageTag ? ':' + imageTag : '');
+                        var encodedImageName = encodeURIComponent(gs.base64Encode(fullImageName));
+
+                        containerVulnerabilityLink = apibaseurl + '/container-security-results/' + appId + '/' + scanId +
+                            '/results/' + encodedFilePath + '/' + encodedImageName + '/vulnerabilities';
+
                         conSecScanDetailedAll += '<result id="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].similarityId) + '"' +
                             ' scan_type="containers"' +
                             ' cweId="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].vulnerabilityDetails.cweId) + '"' +
@@ -326,7 +360,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             ' line_no="' + this.UTIL.escapeXmlChars(line) + '"' +
                             ' cvssScore="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].vulnerabilityDetails.cvssScore) + '"' +
                             ' recommendation="' + this.UTIL.escapeXmlChars(recommendedVersion) + '"' +
-                            ' sourcefile="' + this.UTIL.escapeXmlChars(apibaseurl + '/container-security-results/' + appId + '/' + scanId + '/results/') + '"' +
+                            ' sourcefile="' + this.UTIL.escapeXmlChars(containerResultsUrl) + '"' +
+                            ' vulnerability_link="' + this.UTIL.escapeXmlChars(containerVulnerabilityLink) + '"' +
                             ' cvssVector="' + this.UTIL.escapeXmlChars(access_vector) + '"' +
                             ' first_found_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanReportResp.results[item].firstFoundAt)) + '"' +
                             ' state="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].state) + '"' +
@@ -341,9 +376,11 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             '<description>' + this.UTIL.escapeCDATA(jsonLastScanReportResp.results[item].description) + '</description>' +
                             '</result>';
                     }
+
                     // secret detection
                     if (includeSecretDetection == true && jsonLastScanReportResp.results[item].type == "sscs-secret-detection") {
                         var secretDetectionSeverity = jsonLastScanReportResp.results[item].severity;
+                        var secretDetectionResultsUrl = apibaseurl + '/supply-chain/' + appId + '/' + scanId + '/2ms';
                         secretDetectionScanDetailedAll += '<result id="' +
                             this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].similarityId + '_' + jsonLastScanReportResp.results[item].id) + '"' +
                             ' scan_type="SecretDetection"' +
@@ -357,7 +394,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             ' line_no="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].data.line) + '"' +
                             ' cvssScore="' + this.UTIL.escapeXmlChars(cvssScore) + '"' +
                             ' recommendation="' + this.UTIL.escapeXmlChars(recommendedVersion) + '"' +
-                            ' sourcefile="' + this.UTIL.escapeXmlChars(apibaseurl + '/results/' + scanId + '/' + appId + '/kics') + '"' +
+                            ' sourcefile="' + this.UTIL.escapeXmlChars(secretDetectionResultsUrl) + '"' +
+                            ' vulnerability_link=""' +
                             ' cvssVector="' + this.UTIL.escapeXmlChars(cvssVector) + '"' +
                             ' first_found_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanReportResp.results[item].firstFoundAt)) + '"' +
                             ' state="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].state) + '"' +
@@ -377,10 +415,10 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             '</result>';
                     }
 
-
                     // scorecard detection
                     if (includeScoreCard == true && jsonLastScanReportResp.results[item].type == "sscs-scorecard") {
                         var scorecardSeverity = jsonLastScanReportResp.results[item].severity;
+                        var scorecardResultsUrl = apibaseurl + '/supply-chain/' + appId + '/' + scanId + '/Scorecard';
                         scorecardScanDetailedAll += '<result id="' +
                             this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].similarityId + '_' + jsonLastScanReportResp.results[item].id) + '"' +
                             ' scan_type="ScoreCard"' +
@@ -394,7 +432,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                             ' line_no="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].data.line) + '"' +
                             ' cvssScore="' + this.UTIL.escapeXmlChars(cvssScore) + '"' +
                             ' recommendation="' + this.UTIL.escapeXmlChars(recommendedVersion) + '"' +
-                            ' sourcefile="' + this.UTIL.escapeXmlChars(apibaseurl + '/results/' + scanId + '/' + appId + '/kics') + '"' +
+                            ' sourcefile="' + this.UTIL.escapeXmlChars(scorecardResultsUrl) + '"' +
+                            ' vulnerability_link=""' +
                             ' cvssVector="' + this.UTIL.escapeXmlChars(cvssVector) + '"' +
                             ' first_found_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanReportResp.results[item].firstFoundAt)) + '"' +
                             ' state="' + this.UTIL.escapeXmlChars(jsonLastScanReportResp.results[item].state) + '"' +
@@ -421,7 +460,6 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
             }
             if (includesast == true) {
                 scanDetailedAll += SASTscanDetailedAll;
-
             }
             if (includekics == true) {
                 scanDetailedAll += KICSscanDetailedAll;
@@ -466,7 +504,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
 
             for (var entry in jsonApiSecScanReportResp.entries) {
                 if (((resultStateFilter && result_state_array.includes(jsonApiSecScanReportResp.entries[entry].state)) ||
-                        !resultStateFilter) &&
+                    !resultStateFilter) &&
                     severity_array.includes(jsonApiSecScanReportResp.entries[entry].severity.toUpperCase())) {
 
                     var affectedUrl = jsonApiSecScanReportResp.entries[entry].http_method + " " + jsonApiSecScanReportResp.entries[entry].url;

diff --git a/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.js b/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.js
@@ -241,6 +241,14 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
                         resultObj['location'] = node.getAttribute('location');
                         resultObj['source_sdlc_status'] = 'Not Applicable';
                         resultObj['source_link'] = node.getAttribute('sourcefile');
+
+                        var vulnerabilityLink = node.getAttribute('vulnerability_link');
+                        if (vulnerabilityLink && vulnerabilityLink != '') {
+                            resultObj['source_vulnerability_summary'] = '<a href="' + vulnerabilityLink + '" target="_blank">' + vulnerabilityLink + '</a>';
+                        } else {
+                            resultObj['source_vulnerability_summary'] = '';
+                        }
+
                         if (node.getAttribute('line_no') && node.getAttribute('line_no') != '' && node.getAttribute('line_no') != null && parseInt(node.getAttribute('line_no'), 10) > -1) {
                             resultObj['line_number'] = parseInt(node.getAttribute('line_no'), 10);
                         }