Vulnerability Matrix view

The Vulnerability Matrix view displays the aggregate number of findings for all applications included in the scan. Modifications to findings update the matrix.

Note: In AppScan® Source for Development (Visual Studio plug-in), this view is part of the Edit Filters window.

Vulnerability Matrix view

Security findings and scan coverage findings appear in colored squares that indicate the order of priority in which findings should be investigated or dealt with:

  1. High severity definitive security findings are colored red, marking them as the highest priority.
  2. Medium severity definitive and high severity suspect security findings are colored orange and should be dealt with next.
  3. These matrix entries are colored yellow, and should be considered next:
    • Low severity definitive security findings
    • Medium and low severity suspect security findings
  4. Scan coverage findings are in grey squares and can be given the lowest priority.

When you click a cell, row header, or column header in the Vulnerability Matrix, it updates the current filter to include only the results in that cell, row, or column. Click Reset to return to a view of all findings.

In the Vulnerability Matrix view, toolbar buttons control the numbers in the colored squares. You can view:

  • Counts and totals of filtered findings only
  • Counts and total number of findings
    Note: Quality findings and findings that are classified with the Info severity level are not included in the Vulnerability Matrix view.
  • Counts and total number of findings that are filtered and all findings
Note: Filters that are applied outside of the Vulnerability Matrix view may not affect the Vulnerability Matrix view. The Vulnerability Matrix view Show the counts of filtered findings toolbar button must be selected for the filter to be reflected in the Vulnerability Matrix view.