Viewing the policy compliance of an application

Viewing policy compliance through the user interface

To view the policy compliance of an application through the user interface:
  1. Open the Application tab for the application for which to view compliance details.
  2. The Compliance area of the tab notes which policies are associated with the application.
  3. Add Application Policies and Compliance columns to the Application table using the Column Selection menu to view policy related issues.

Policy compliance reporting

You can run reports from the Application tab to review policy compliance. The Application Reports button is enabled after a scan has been run on an application.
To run a security or compliance report:
  1. After running a scan on an application, click Application Reports on the Application tab, then choose a type of report.
    • Security Report
    • CWE/SANS Top 25 Report
    • EU General Data Protection Regulation (GDPR) Report
    • HIPAA Compliance Report
    • OWASP Top 10 2017 Report
    • PCI Compliance Report
  2. (Security Report only:) On the Generate Report dialog box:
    1. If the application is associated with a policy, filter issues by compliance as desired. You can specify all issues to include in the report or only the non-compliant issues.
    2. Specify the metadata to include in the report.
    3. Specify a name and format for the report, and include notes if appropriate.
  3. Click Run Report.
To run an issues report:
  1. After running a scan on an application, click Issue Management on the Application tab.
  2. Optionally click Filter to apply severity, status, and compliance filters to the report.
    Note: If no policies are enabled, and the Non-compliant filter is selected, all New, Open and In-Progress issues are displayed.
  3. Optionally use the Search field to filter in results.
  4. Optionally select one or more issues to include in the report.
    Note: If you select none, a report is generated for all displayed issues.
  5. Click the Filtered Security Report button.
  6. On the Generate Report dialog box:
    1. Specify the metadata to include in the report.
    2. Specify a name and format for the report, and include notes if appropriate.
  7. Click Run Report
    Note: If you close the dialog, the report will continue to be generated in the background, but if there are any errors you will not see them.

Viewing policy compliance using the REST API

You can see application's ComplianceStatuses with its associated policies in the model that is returned from the GET /apps API:
"ComplianceStatuses": [
      {
        "PolicyId": "00000000-0000-0000-0000-000000000000",
        "Enabled": true,
        "Name": "string",
        "Compliant": true
      }
    ]
This is an array of all policies associated with the app. For each policy you can see whether the app is compliant or not.
Note: The Enabled property is currently not used.