The AppScan Source triage process

The triage process includes manipulating findings through bundles, filters, and exclusions - and comparing assessment results.

Filters

A filter is a set of rules that defines findings with certain traits. A filter allows you to present a dynamic view of these findings and allows you to triage similar findings.

Filters are either shared or local:

  • Shared filters reside on the AppScan® server. Anyone connected to that server may use the filter.
  • Local filters reside on the local computer.

Bundles

A bundle is a named collection of individual findings that is stored with an application. A bundle is created by simply selecting findings and adding them to a new or existing bundle.

Grouping similar findings into bundles allows security analysts to segment and triage source code problems. You can submit bundles to a defect tracking system or email the findings to developers for review as part of the triage and analysis process.

Exclusions

An exclusion omits findings from scans. AppScan Source has a built-in Excluded Bundle, which contains any findings that you exclude (for example, because they do not require resolution).

Note: Findings excluded from assessment results do not contribute to the calculation of application or project metrics.

Modified findings

A modified finding is a finding with an altered vulnerability type, severity, or classification. If you add notes to findings, the finding is also considered modified.

Comparing assessments

Assessments are compared in AppScan Source for Analysis using the Diff Assessments action. When two assessments are compared, the differences between the two are displayed in the Assessment Diff view (which resembles a combination of the My Assessments view and the Findings view).

Note: When assessments are compared, filters and bundles are ignored.