Skip to main content
Version: 1.4

Issues

In the Projects → Project Name → Issues section (or in the Issues section from the left main menu), all detected vulnerabilities (within a specific project/all projects) and additional information about them are displayed.

The list of vulnerabilities is displayed with the following parameters:

  • Vulnerability ID - ID of the detected security issue
  • False-Positive flag - indicates a false positive security issue
  • Duplicate flag - indicates a duplicate security issue
  • Excluded by Security Rule flag - indicates a security issue that was excluded by a security rule
  • Category - name of the security issue category
  • Severity - severity level of the security issue
  • Status - security issue status
  • Tool - vulnerability detection tool name
  • CWE - CWE parameter name
  • CVE - CVE parameter name
  • Source - scanning source name
  • Source branch/tag - scanning source branch/tag
  • File - scanned file name
  • Line - line number
  • Code fragment - source code contained in the security issue
  • Library name - library name
  • Library version - library version
  • Created - security issue discovery date
  • Updated - security issue update date
  • Project - project name (in specific project's security issues the field is not shown)
  • Assignee - users or user groups assigned in the responsible roles
  • Comments - comments and unread quantity

The following capabilities are also provided:

  • View detailed information about a security issue.
  • Visibility of security issue statuses.
  • Advanced filtering by available attributes. To configure, click the filter button and select the required filter settings.
  • Search by CWE and CVE parameters.
  • Bulk actions on security issues.

Security Issue Details

For each detected issue, additional information is available in the vulnerability details window. To view, click on the corresponding Vulnerability ID.

The details window contains the following tabs:

  • Information - block with basic vulnerability information
  • Description - detailed description of the vulnerability category
  • History - history of actions performed on the vulnerability
  • Duplicates - vulnerability duplicates
  • Dependency Library - vulnerability dependencies
  • Created Tasks - tasks created from vulnerabilities
  • Comments - the ability to add comments to security issues is implemented. Tagging other users, the ability to reply to a specific comment, deleting others' comments (available only for the admin account), tracking unread comments are provided.

Security Issue Statuses

Security issue statuses can be manually changed when viewing the list of detected issues, as well as in the details window.

The system also supports configuration of a Status Model, which allows manual/automatic status switching according to status transitions, helping to maintain the declared workflow for security issue statuses.

Security Issue Filtering

In the Security Issues section (as well as for issues within a specific project), advanced filtering of the issue list is provided for convenient vulnerability management.

Filtering is available by the following parameters:

General Parameters:

  • Category - name of the security issue category
  • Severity Level - severity level of the security issue
  • Status - security issue status
  • Project - security issues of a specific project
  • Assignee - users or user groups assigned as responsible parties
  • Created - date the security issue was created in the ASOC system
  • Excluded by Security Rule - security issues excluded by a Security Rule
  • False-positives - false positive security issues
  • Duplicates - vulnerability duplicates

Detection Parameters:

  • Detected by - name of the vulnerability detection tool
  • CWE - CWE parameter name
  • CVE - CVE parameter name

Code Parameters:

  • Scanned Object - name of the scanned object
  • Source Branch/Tag - source branch/tag of the scan
  • Library Name - library name
  • Library Version - library version
  • Matching Code - source code contained in the security issue

Security Issue Comment Parameters:

  • Content text - text contained in comments for the issue/issues
  • Authors - comment authors
  • Number of authors - number of comment authors for security issues
  • Unread comments - unread comments in which the user was mentioned.
  • Last - from another author - last comment from other users
  • No my comments - security issues without comments from the current user
  • I was replied to - contains replies to the current user's comments
  • I was mentioned - the current user was mentioned in comments

Creating Filter Presets

The system also allows using presets of previously configured filters, both personal and shared (global or group-specific), adding new presets, and resetting presets.

Please note! A limit is set for personal presets - 10 presets. To delete or edit presets, select the corresponding icon next to the preset name in the preset search bar.

To create a preset, follow these steps:

  1. In the Security Issues section, click the filter icon.
  2. In the opened filter settings form, set the required filter values for the security issues table fields.
  3. After filling out, click the Save as preset button.
  4. In the opened window, fill in the following preset parameters:
    • Name
    • Access (Personal/Shared) If Shared access is selected, you must add the user group that will have permission to use the preset in the Group field (mandatory)
  5. Click the Save button.

Bulk Actions on Security Issues

The bulk actions functionality for security issues is designed for simultaneous management of multiple security issues.

To apply bulk actions, select security issues from the list using the checkboxes.

The following bulk actions are available:

  • Changing security issue statuses
  • Changing severity level
  • Assigning a new assignee (specific user or user groups)
  • Creating tasks from security issues
  • Adding a comment
  • Marking as False-positive
  • Marking as Duplicate Actions to remove False-positive and Duplicate marks are also available.