Making Comments Mandatory on Result Severity State Change

CxSAST offers the option to require adding comments when changing the state of a scan result in one of the following two modes:

This functionality is configured via a flag in your SQL database and disabled by default. If you wish to enable this feature, you have to do so in the respective SQL database table as explained below:

1. On the host that hosts your database, search for Microsoft SQL Server Management Studio

2. Log in to the database. The database interface with the Object Explorer appears.

3. Start a new query by clicking . A new query interface appears.

4. Copy the query below and paste it into the empty query interface.

5. Once you have pasted the relevant code into the query interface and click . The database is updated.

To verify the current feature configuration:

In the screenshot above, you can see an example of a configuration where the mandatory comment has been turned on for all Result State changes.

To verify the result manually:

1. In the Object Explorer, expand the Databases folder and then expand CxDB.

2. Under Tables, navigate to dbo.CxComponentsConfiguration.

3. Right-click dbo.CxComponentsConfiguration and select Select Top 1000 Rows from the menu.

4. Navigate to MandatoryCommentOnChangeResultState and MandatoryCommentOnChangeResultStateToNE and check whether the configuration keys' value is set to false or true as desired.

5. Save your changes, if not already done.

6. Exit the database. To do so, go to the File menu and select Exit.