Viewing the policy compliance of an application
Viewing policy compliance through the user interface
To view the policy compliance of an application through the user interface:
- Open the Application tab for the application for which to view compliance details.
- The Compliance area of the tab notes which policies are associated with the application.
- Add Application Policies and Compliance columns to the Application table using the Column Selection menu to view policy related issues.
Policy compliance reporting
You can run reports from the Application tab to review policy compliance. The Application Reports button is enabled after a scan has been run on an application.To run a security or compliance report:
- After running a scan on an application, click Application
Reports on the Application tab, then choose a type
of report.
- Security Report
- CWE/SANS Top 25 Report
- EU General Data Protection Regulation (GDPR) Report
- HIPAA Compliance Report
- OWASP Top 10 2017 Report
- PCI Compliance Report
- (Security Report only:) On the Generate Report dialog box:
- If the application is associated with a policy, filter issues by compliance as desired. You can specify all issues to include in the report or only the non-compliant issues.
- Specify the metadata to include in the report.
- Specify a name and format for the report, and include notes if appropriate.
- Click Run Report.
To run an issues report:
- After running a scan on an application, click Issue Management on the Application tab.
- Click Filter to apply severity, status, and compliance filters
to the report. Optional.Note: If no policies are enabled, and the Non-compliant filter is selected, all New, Open and In-Progress issues are displayed.
- Use the Search field to filter in results. Optional.
- Select one or more issues to include in the report. Optional.Note: If you select none, a report is generated for all displayed issues.
- Click the Filtered Security Report button.
- On the Generate Report dialog box:
- Specify the metadata to include in the report.
- Specify a name and format for the report, and include notes if appropriate.
- Click Run ReportNote: If you close the dialog, the report will continue to be generated in the background, but if there are any errors you will not see them.
Viewing policy compliance using the REST API
You can see application's
ComplianceStatuses
with its associated policies in the
model that is returned from the GET /apps
API:"ComplianceStatuses": [
{
"PolicyId": "00000000-0000-0000-0000-000000000000",
"Enabled": true,
"Name": "string",
"Compliant": true
}
]
This is an array of all policies associated with the application. For each policy you can see
whether the application is compliant or not.
Note: The
Enabled
property is
currently not used.