Working with static analysis fix groups

Fix groups are a new approach to managing, triaging, and resolving issues found in static analysis scans. After running a static scan, AppScan® Source organizes issues into fix groups based on vulnerability type and the required remediation task.

Viewing findings in fix groups

Static analysis findings now display by fix group by default in the Findings tab. This default display applies to both new scans and when you open an existing assessment.

You can work with fix group findings just as you would with findings sorted by Vulnerability Type, Classification, and so on.

Fix group types

There are two types of fix groups:
  • Common fix point fix group

    A common fix point fix group contains issues that share the same vulnerability. The entire group can be remedied by a single fix at one code point.

  • Common API fix group

    A common API point fix group contains issues that are related to the same API call. The same fix can be applied to all issues in the group (although it my need to be applied multiple times).

Issues in any group always share the same Vulnerability Type.

To learn more about static analysis, see Intelligent Findings Analytics (IFA).

Reporting with fix groups

A new Findings report, Findings By Fix Group, is available in the Generate Findings Report dialog.