Issue information pane

The Issue information pane shows all content available for the issue.

To open the Issues pane for an issue:
  • On the Issues page, click a specific issue.
    The Issue information pane opens to the right of the screen.
    Tip: You can toggle between issues and issue information by selecting different issues on the main page with the information pane open. The Issue information pane refreshes when you select different issues.
From the Issues information pane, you can:
  • Click Full view to open full issue details in a new browser tab.
  • View issue severity, current status, and location from all tabs.
  • View specific issue-related information from one of several tabs.

Issue information pane tabs

Tab Description
Details Displays an summary of issues details in collapsible tiles, including, where possible, the part of the code where the vulnerability is contained or shown. The information displays in one of these tiles:
  • Details tile: Source, sink, and method, or API, caller, and call trace. Method shows best and alternate fix points, taint flow and taint data.
  • Related tile: Fix group and fix group ID, where applicable.
Source code

View source code associated with the issue for faster and more efficient issue triage.

By default, you can browse your local directory structure for source code files:
  • Click Add directory to associate a local root source code directory with the issue.
  • Hover over highlighted vulnerabilities in source code for remediation suggestions.
  • Source code viewed through the Issues detail pane remains private. It is not uploaded to AppScan 360°.
If the IRX file scanned was generated in a GitHub repository, and as such the scan has information linking it to GitHub:
  • Ensure that the last commit available during the scan is also available on the GitHub server.
  • Click Open file on GitHub to open the file in the GitHub web interface in a new browser tab.
  • Remediate the code in GitHub.

In either instance, the connection to source code is not persistent; reconnect to source code each browser session as needed during for triage and remediation.

Note: The Source code tab is available for static analysis issues only.
How to fix Offers detailed information on cause, risk, exploit example, fix recommendation, CWE, related articles and external references.

Where possible, a large selection of code-specific information is available by clicking the relevant code name (.Net, Angular, Apex and so on) directly underneath the issue name.

Comments Use this tab to add your own comments visible to you and other users, and included in reports.
Audit trail The audit trail for this issue.
Properties The Properties tab lists expanded issue details, including how and when the issue was found, type, status, severity, scanner, and location, and including issue ID.
From the Properties tab you can:
  • Click the issue ID to open full issue details in the current browser tab.
  • Click the copy icon () to copy a specific property to the system clipboard for pasting to other applications.
  • Click Copy properties to copy all listed properties to the system clipboard for pasting to other applications, such as a Jira item.

\