Reports

You can generate reports for issues discovered in an application, to send to developers, internal auditors, penetration testers, managers, and the CISO. Security information might be extensive, and can be filtered depending on your requirements.

Application and scan reports

From the Application and Scan pages you can generate a variety of reports on the current status of the application.

To generate an application report:
  1. For an application: On the Application page, click the Manage button and select Report.

    For a scan: On the Scan page, from the Execution created drop-down at the top left of the page select the required execution, then click Manage execution > Report, at the top right.

    The Application report dialog box opens.

  2. Give your report a name (or leave the default name), and select file type (HTML, PDF, and in some cases also CSV and XML).
  3. Optionally add a Note that will be added at the top of the report.
  4. Select the report Type:
    • Security report: A configurable report on all issues found in the application.
    • Industry standard report: In the next step you will be given a list to select from.
    • Regulatory compliance report: In the next step you will be given a list to select from.
    • Open source report (SAST only)
  5. Click Next to continue.

Security reports

Security reports can be generated for:
  • A whole application
  • A specific scan (if the scan has been run more than once you need to specify which execution is used)
  • A filtered list of issues
To generate a security report:
  1. Do one of the following:
    • For an application or scan, perform the steps described above.
    • For an issues list, apply filters to show only the issues you want included in the report, then click Security report.
    The Security reports dialog opens.
  2. Give your report a Name (or leave the default name), and select the file type (HTML, PDF, and in some cases also CSV and XML).
  3. Optionally add a Note that will be added at the top of the report.
  4. Select the check boxes for the sections you want in the report, and clear those you do not want.
  5. Click Generate report.
    The report is generated and saved to your machine.
    Note: For filtered lists the Security Report is generated when you click the button. Therefore, unlike the general Security Report, that reflects the data at the time the scan completed, the filtered report reflects the latest status of issues found. For example an issue changed from New to Fixed is shown as Fixed in this report.
    Note: In the case of very large reports, PDF generation may fail. In such cases an HTML report will be generated instead. If this happens and PDF format is needed, use filters to create smaller chunks of issues, and generate two or more reports.

Industry standard and regulatory compliance reports

You can choose from the following reports for an application:
Industry Standard Regulatory Compliance
CWE Top 25 Most Dangerous Software Weaknesses 2021 CANADA Freedom of Information and Protection of Privacy Act (FIPPA)
International Standard - ISO 27001 EU General Data Protection Regulation (GDPR)
International Standard - ISO 27002 Payment Application Data Security Standard
NIST Special Publication 800-53 PCI Compliance
OWASP Top 10 2017 US DISA's Application Security and Development STIG. V5R1
OWASP Top 10 2021 US Electronics Funds and Transfer Act (EFTA)
OWASP Top 10 Mobile 2016 US Federal Information Security Mgmt. Act (FISMA)
WASC Threat Classification 2.0 US Health Insurance Portability and Accountability Act (HIPAA)
US Sarbanes-Oxley Act (SOX)

Export scan data as CSV, JSON, or SARIF

You can export data from the Issues list of an application or scan as a CSV, JSON or SARIF file.
Note: The SARIF option applies only to SAST issues, not including Open Source issues. It is not available with free subscriptions.
To export data:
  1. Filter the issues list as needed, till only the issues you want to export are shown.
  2. Using the Columns drop-down on the right above the table, select the columns you want to include.
  3. At the top of the table, click Export.

    The Export data dialog opens.

  4. Type in the name for the file, select CSV, JSON, or SARIF and then click Export.

    The data is exported to file.