Skip to main content
Version: 1.3

Issues

In the Projects → Project Name → Issues section (or in the Issues section from the left main menu), all detected vulnerabilities (within a specific project/all projects) and additional information about them are displayed.

The list of vulnerabilities is displayed with the following parameters:

  • Vulnerability ID - ID of the detected security issue
  • False-Positive flag - indicates a false positive security issue
  • Duplicate flag - indicates a duplicate security issue
  • Excluded by Security Rule flag - indicates a security issue that was excluded by a security rule
  • Category - name of the security issue category
  • Severity Level - severity level of the security issue
  • Detected by - name of the vulnerability detection tool
  • CWE - CWE parameter name
  • CVE - CVE parameter name
  • Status - security issue status
  • Scanned Object - name of the scanned object
  • Source Branch/Tag - source branch/tag of the scan
  • Library Name - name of the scanned object's library
  • Library Version - version of the scanned object's library
  • Line - line number
  • Matching Code - source code contained in the security issue
  • Created - date the security issue was detected
  • Updated - date the security issue was updated
  • Project - project name (not shown in project-specific security issues)
  • Assignee - users or user groups assigned as responsible parties

The following capabilities are also provided:

  • View detailed information about a security issue.
  • Visibility of security issue statuses.
  • Advanced filtering by available attributes. To configure, click the filter button and select the required filter settings.
  • Search by CWE and CVE parameters.
  • Bulk actions on security issues.

Security Issue Details

For each detected issue, additional information is available in the vulnerability details window. To view, click on the corresponding Vulnerability ID.

The details window contains the following tabs:

  • Information - block with basic vulnerability information
  • Description - detailed description of the vulnerability category
  • History - history of actions performed on the vulnerability
  • Duplicates - vulnerability duplicates
  • Dependency Library - vulnerability dependencies
  • Created Tasks - tasks created from vulnerabilities

The ability to add/remove comments to security issues is also implemented in the right-hand block. Features include tagging other users, replying to specific comments, and deleting others' comments (based on assigned permissions).

Security Issue Statuses

Security issue statuses can be manually changed when viewing the list of detected issues, as well as in the details window.

The system also supports configuration of a Status Model, which allows manual/automatic status switching according to status transitions, helping to maintain the declared workflow for security issue statuses.

Security Issue Filtering

In the Security Issues section (as well as for issues within a specific project), advanced filtering of the issue list is provided for convenient vulnerability management.

Filtering is available by the following parameters:

General Parameters:

  • Category - name of the security issue category
  • Severity Level - severity level of the security issue
  • Status - security issue status
  • Project - security issues of a specific project
  • Assignee - users or user groups assigned as responsible parties
  • Created - date the security issue was created in the ASOC system
  • Excluded by Security Rule - security issues excluded by a Security Rule
  • False-positives - false positive security issues
  • Duplicates - vulnerability duplicates

Detection Parameters:

  • Detected by - name of the vulnerability detection tool
  • CWE - CWE parameter name
  • CVE - CVE parameter name

Code Parameters:

  • Scanned Object - name of the scanned object
  • Source Branch/Tag - source branch/tag of the scan
  • Library Name - library name
  • Library Version - library version
  • Matching Code - source code contained in the security issue

Security Issue Comment Parameters:

  • Content text - text contained in comments for the issue/issues
  • Authors - comment authors
  • Number of authors - number of comment authors for security issues
  • Last - from another author - last comment from other users
  • No my comments - security issues without comments from the current user
  • I was replied to - contains replies to the current user's comments
  • I was mentioned - the current user was mentioned in comments

Creating Filter Presets

The system also allows using presets of previously configured filters, both personal and shared (global or group-specific), adding new presets, and resetting presets.

Please note! A limit is set for personal presets - 10 presets. To delete or edit presets, select the corresponding icon next to the preset name in the preset search bar.

To create a preset, follow these steps:

  1. In the Security Issues section, click the filter icon.
  2. In the opened filter settings form, set the required filter values for the security issues table fields.
  3. After filling out, click the Save as preset button.
  4. In the opened window, fill in the following preset parameters:
    • Name
    • Access (Personal/Shared) If Shared access is selected, you must add the user group that will have permission to use the preset in the Group field (mandatory)
  5. Click the Save button.

Bulk Actions on Security Issues

The bulk actions functionality for security issues is designed for simultaneous management of multiple security issues.

To apply bulk actions, select security issues from the list using the checkboxes.

The following bulk actions are available:

  • Changing security issue statuses
  • Changing severity level
  • Assigning a new assignee (specific user or user groups)
  • Creating tasks from security issues
  • Adding a comment
  • Marking as False-positive
  • Marking as Duplicate Actions to remove False-positive and Duplicate marks are also available.