You can generate customized reports (in PDF, HTML, or XML) for issues and send them to
developers, internal auditors, penetration testers, managers, and the CISO. The reporting templates
in AppScan Enterprise map application security data to key government regulations and industry
standards. Use the reports to document progress towards regulatory compliance goals, such as showing
a reduction in the number of application vulnerabilities that are associated with compliance
issues.
Before you begin
Note:
- You can export reports with a mix of issues that are imported from the various technologies.
However, the reports are separated by scanner technology; for example, if you choose four different
types of imported issues to export, then you get 4 PDFs.
- Each PDF is chunked at a limit of 100 issues.
- The reports are exported in a zip file that contains separate reports for each technology.
- Company logos cannot be included on the cover page of a report.
Procedure
-
In an application, group the issues (Severity, Issue Type, Status, Scanner, or by no
group).
-
Select all the issues, or select just the relevant ones you want to create a targeted
report.
-
Click List menu, choose one of Export to HTML,
Export to PDF, Export to Excel or Export to
XML, and select a report type.
| Report type | Description |
|---|
| Security |
Report of security issues that were discovered. Security information might be extensive, and
can be filtered depending on your requirements. |
| Industry Standard |
Report of the compliance (or non-compliance) of your application with a selected industry
committee Note: This report is only exported in English. |
| Regulatory Compliance |
Report of the compliance (or non-compliance) of your application with a large choice of
regulations or legal standards Note: This report is only exported in English. |
-
Follow the wizard for the report type you chose. Configure the report layout and export the
contents.
Note: As of v9.0.3.1, in the Security report, you can include application and issue attributes. You
can also include attributes that don't have values; for example, if the issue hasn't been fixed yet,
the
Fixed Date field would be empty in the report.
- By default, the Application attributes check box is selected. You can
pick and choose which attributes to include in the introduction of the report.
- By default, the Additional Issue Attributes check box is selected to
include them in the exported report. You can pick and choose which issue attributes to include. Or,
you can clear the check box if you don't want to include them in the report.
Results
Distribute the report to stakeholders to show progress towards compliance goals.
