Scan with start
Once online scans finishes we get the result like following :
Above picture shows that we scanned an application named “petstore.swagger.io” which has Website Issues. Let’s dive into that.
Understanding the results:
Here,
“C” - number of Critical severe vulnerabilities found in DAST scan
“H” - number of Hard severe vulnerabilities found in DAST scan
“M” - number of Medium severe vulnerabilities found in DAST scan
“L” - number of Low severe vulnerabilities found in DAST scan
Step 2 : Click on row with title “Website Issues” and you will see screen like this :
Which will contain the following information about your SAST scan
1) Project Scanned
Name of our current project. In this case petstore.swagger.io
2) Snapshot Scan Time
When scan was performed, on which date and at what time
3) API Key Owner
Which user performed this scan? We show their email address
4) Scan Type
Here it is DAST
Search Bar :
Users can search vulnerabilities by giving input in this search bar :
Filters on left side :
You can apply filters through the left filter bar. The filter bar includes:
SEVERITY: Enables filtering of vulnerabilities based on their severity levels such as Critical, High, Medium, or Low, or Exploitability allowing you to prioritize remediation efforts.
In Allowed List: This filter shows only those vulnerabilities that have been added to the allowed list, facilitating quick review of previously acknowledged issues.
New Vulnerabilities: Filters the vulnerabilities based on their discovery date, helping to isolate recent issues that need immediate attention.
Show Files: This filter allows you to choose the files which “Excluded” or “Not Excluded”.
Vulnerability card :
Three Dots Menu: A clickable icon represented by three dots on the card. Clicking this brings up a menu with several options for managing the vulnerability:
Add to Allowed List: Allows you to temporarily include the vulnerability in your allowed list, acknowledging it but deciding it does not require immediate action.
Mark as False Positive: If you determine that the reported vulnerability is not a genuine threat, you can label it as a false positive for a certain duration.
Overwrite Severity: Provides the capability to adjust the severity rating of a vulnerability, based on your assessment.
Create Jira Ticket: This enables you to create a Jira ticket directly from the vulnerability card. This feature allows you to set up a ticket that describes the vulnerability and assigns it for remediation within your development workflow.
Add Comment: Offers a space to add notes or comments regarding the vulnerability, which can be useful for team communications or future reviews.
Options like, “Add to Allowed List” and “Mark as False Positive” further provide various timeline options allowing you to set the duration of these settings:
Mark for a Day: Apply the setting for 24 hours.
Mark for a Week: Extend the setting for one week.
Mark for a Month: Keep the setting for one month.
Mark for a Year: Maintain the setting for a full year.
Mark Forever: Indefinitely apply the setting until changed.
Select Custom Date: This choice opens a popup where you can select an exact date for the setting to expire, offering precise control over the duration.
Manage vulnerabilities in Cluster
For more efficient vulnerability management, our interface allows users to apply settings to multiple vulnerabilities simultaneously. This feature is especially useful when you need to quickly classify several issues as false positives or add them to the allowed list without adjusting each one individually.
Select Vulnerabilities: At the top left of each vulnerability card, there is a checkbox. Click these checkboxes to select the vulnerabilities you wish to manage together.
Apply Cluster Actions: After making your selections, two options will appear next to the count of selected vulnerabilities at the top of the list:
Set as False Positive: This action enables you to collectively mark all selected vulnerabilities as false positives.
Add to Allowed List: This allows you to add all chosen vulnerabilities to the allowed list simultaneously.
Managing vulnerabilities in groups saves time, reduces mistakes, and keeps your project’s security handling consistent and straightforward.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article