Skip to main content

Generating Scan Result Reports

You can generate a report containing detailed scan results, in any of the following formats:

Important

All disclaimers footnoted in the reports should be understood in the following context: The report only includes the presets/filters you applied to the scan results.

  • PDF (default)

  • RTF

  • CSV

  • XML.

To generate a scan results report:

1. In the All Scans table (for all projects or for an individual project), click Create Report 6478528830.png. The report settings are displayed.

6478528896.png

2. Filter results for the generated report and select the report file format. By default, all categories are selected to be included in the report.

To customize categories:

1.Go to the relevant group under the Categories section, click the group to expand it and clear the vulnerabilities that you do not want to display in the report, as shown below.

6478528767.jpg

2. If these changes are only relevant for a specific need and do not need to be saved as a different template, click Generate to generate the report. Otherwise, follow the procedure below to save the modifications you make as an updated report template.

To change the report template:

1.Select Change template. The template setting are displayed.

6478528899.png

2.Select which details should be presented on the report cover page, in the report itself and what details to show for each result.

3.Select the Save as default check-box to save the modified template as the default report template.

(Click Back and review all settings you defined.)

4.Click Generate Report. The report starts generating.

The details about the scan are displayed on the Scan Report section at the beginning of the PDF file, as shown below.

6478528761.jpg

Notice

In cases where the project's source location is defined as Git, the Git branch information will also be included in the PDF report underneath the Source Origin field.

The exclusions that were made are displayed on the Filter Setting section, as shown below.

6478528758.jpg
6478528731.jpg

Parameters that were selected to be displayed will appear in the report even if none of these parameters (for example, OWASP A-6 category) were detected in the scan, in which case they will appear with the count "0".

6478528755.jpg

The OWASP (2017, 2013 & Mobile 2016), PCI, FISMA and NIST summary sections in the scan report include a column named Best Fix Locations, which indicates the number of locations in the flow map that have been found as the best locations to fix the issues that belong to the selected category (for example, A1-Injection).

6478528752.jpg
6478528749.jpg
6478528746.jpg
6478528743.jpg
6478528740.jpg
6478528734.jpg

The Best Fixed Location is an absolute number that cannot be filtered and always displays all of the values. As a result, it is quite probable that while in effect the number of vulnerabilities far exceeds the number of best fix locations for a specified category (for example, 8000 and 600 respectively), the filtered report may display 350 issues and 300 best fix locations.

.CSV Report Results

The following is a basic description of the fields provided in the .csv report result, which is generated by the create report feature if the selected format is .csv:

  • SrcFileName – file name of the first node of the result

  • Line – line of the first node of the result

  • Column – column of the first node of the result

  • NodeId – internal id to be able to identify the query in the first node

  • Name – text of the first node of the result

  • DestFileName – file name of the last node of the result

  • DestLine – line of the last node of the result

  • DestColumn – column of the last node of the result

  • DestNodeId – internal id to be able to identify the query in the last node

  • DestName – text of the last node of the result