Fix Groups

Fix Groups currently apply only to issues found in Static Analysis.

Fix Groups are a new approach to managing, triaging and solving issues found in Static Analysis. Once you have run a Static scan, ASoC organizes the issues found into Fix Groups based on vulnerability type and the required remediation task. In every new Static scan, new issues found will be added to these groups, and new groups will be created as needed.

Each Issue belongs to a single Fix Group, that is shown in the application's Fix Group tab, and in Scan Reports. There are three types of group:
Common Fix Point
Contains issues that share the same vulnerability. The entire group can be remedied by a single fix (one code point).
Common API
Contains issues that are related to the same API call. The same fix can be applied to all issues in the group.
Common Open Source
Contains issues that are all related to a single Open Source library or function. The same fix can be applied to all issues in the group.

Issues in any group always share the same Vulnerability type.

Fix Group Severity

Fix Group Severity is determined by the highest Severity of all the Issues it contains.

Fix Group Status

Fix Group Status is assigned only when all Issues in the group have the same Status.

When changing the Status of all Issues in a group, you can select whether or not to apply the status to issues added to group from future scans. If the status is not applied to future issues, the group's Status will change to Mixed when new Issues are added.