Skip to main content

Audit Workspace

Upon login, the Audit Workspace is displayed.

6436186127.jpg

This work-space displays the projects that already exist in the SAST server. Projects are listed in the Projects panel (left). When you select a project, the scan result sets appear in the Scans panel (center). Scan result sets are sorted according to scan date. When you select a set of scan results (scan date), the scan results summary appears in the Summary panel (right).

  • To add a query to the Audit View without loading a project, click Edit Queries, select the relevant language from the drop-down and click Edit Queries. An empty query file is created with the extension relevant to the language selected.

  • If you just want to view and manage the selected results set without editing queries, click View Results. The Scan Results screen is displayed (see also Working with Scan Results).

6436186118.jpg

Notice

This interface is similar to SAST's scan results interface (see Scan Results).

To begin editing and creating queries, you need to open the Audit View. This can be achieved using either of the following methods:

  • Select File > Exit. Once the Audit Workspace is displayed, select a scan result set and click Audit.

  • Create a New Local Project, with locally accessible source code (not a zip file).

    Notice

    When creating a New Local Project and selecting the Project Directory drop-down, Audit displays a list of the last five (5) projects.

In both cases, after some initial analysis, the Audit View is displayed.

6436186121.jpg

Notice

Once audited, queries can be exported - Exporting Queries.

This interface is similar to View Results, but adds the Query and Debug Messages tabs in the lower-left pane.

You can increase/decrease the font size of the code in the Source Code panel by using the + - magnifier icons on the toolbar. Navigation arrows on the toolbar can be used and also controlled using keyboard shortcuts (Alt + left/right arrows).

  • To edit code for a project, right-click on the code in the Source Code panel, select the Edit option and edit the code in the default text editor that appears.

  • To find the definition of a certain element, right-click on the element and select Find Definition. Clicking on results in the Result panel takes you to the definition in the Source Code panel.

  • To find all references of a certain element, right-click on the element and select Find All References. Clicking on the results in the Result panel takes you to the definition in the Source Code panel.

  • To find dependencies between Cx queries, right-click on a query in the Query tab and select Show Dependencies. The Query Dependencies Viewer is displayed.

6436186088.jpg

Once the Dependencies Viewer is opened it displays graphically where the selected query is the central node. Outgoing arrows point to all queries this query depends on or uses. There are three kinds of color-coded graph nodes for queries:

  • Grey - indicates the query being explored

  • Green - indicates atomic queries used by the main query

  • Yellow - indicates general queries used by the main query.

Forward navigation can be performed by right clicking on the yellow nodes of the graph. A contextual menu with a single option "Go To Query" appears. By clicking this option, the graph is redrawn by showing the clicked query and its dependencies. Backward navigation can be performed when the button on the bottom-left corner "Previous Query" is clicked. The graph is then redrawn to show the query that was explored previously.

When a query is selected in the Query tab, the pane to its right displays the code of the selected query. Debug messages that you write in all queries are listed in the Debug Messages tab.

Audit View also includes additional available buttons and commands for running and editing queries. This is the main Audit interface, where you will perform query editing tasks.

Notice

Projects initially created in Audit appear in SAST with Risk = 0 .

Click File and select Open Logs and Config Folder for easy access to the logs and DefaultConfig.xml files.