View the results of your Mend CLI IaC scan

Overview

Once your Mend CLI IaC scan is completed, there are multiple resources provided to help you review, analyze, and triage your results.

Console results

The Mend CLI IaC scan outputs a summary of the detected misconfiguration files:

image-20260713-130826.png

Misconfiguration Files

The misconfigurations are displayed in a visual table, providing the vitals you need to triage these findings:

image-20260713-131019.png

Field

Description

CHECKOV ID

The unique identifier of the Checkov (CKV) policy check that produced the finding — for example, CKV_AWS_127 or CKV_K8S_23. Each ID maps to a specific infrastructure-as-code security or compliance rule. The Checkov ID is one of the fields shown in a finding's information.

Severity

The severity of the vulnerability. The available values are:

  • Critical - CVSS 3 score of 9.0 - 10.0

  • High - CVSS 3 score of 7.0-8.9

  • Medium - CVSS 3 score of 4.0-6.9

  • Low - CVSS 3 score of 0.1-3.9

Status

The result of the policy check for the scanned resource. FAILED indicates the resource does not comply with the check — i.e., a misconfiguration was detected.

Path

The location of the IaC file that contains the misconfiguration, shown as the file path within the scanned repository or project. This corresponds to the Path to Misconfiguration shown at the top of the finding details.

Start Line

The first line number of the misconfigured resource or code block within the file.

End Line

The last line number of the misconfigured resource or code block within the file. Together with Start Line, this defines the exact line range of the finding.

Title

A summary of what the check verifies — the misconfiguration the finding represents (for example, "IAM Policy Document Allows All or Any AWS Principal Permissions to Resources")

Type

The category of the Checkov check / scan stage that produced the finding (for example, Build for build-time IaC scanning).

Frameworks

The IaC framework(s) the check applies to and against which the file was evaluated — for example, Terraform, TerraformPlan, CloudFormation, Kubernetes, Helm, or Git (for secret detection). Frameworks is one of the fields shown in a finding's information.

Remediation Fix

Mend's recommended fix to remediate the detected misconfiguration.

Mend CLI IaC results - Mend Application

Within the Mend Application, you can review each Mend CLI scan’s summary, details, and more. For more information on how to navigate the Mend Platform, visit our Analyze your results in the Mend Application documentation:

image-20260713-131213.png

Mend CLI IaC Logs

The Mend CLI stores Infrastructure-as-Code scan logs in the .mend/logs/iac directory.

The Support token at the end of the scan can be provided to Mend Support for investigation purposes.