Viewing the policy compliance of an application

Viewing policy compliance through the user interface

To view the policy compliance of an application through the user interface:
  1. On the All Applications page, you can add the Associated compliance policies and Compliant columns to the Application table using the Column selection menu to view compliance policy related issues.
  2. Open the Application tab for the application for which to view compliance details.
  3. On the single application view, the Compliance policies area of the tab notes which policies are associated with the application.

Policy compliance reporting

You can run reports from the Application tab to review policy compliance. The Manage > Generate report button is enabled after a scan has been run on an application.
To run a security or compliance report:
  1. After running a scan on an application, click Manage > Generate report on the Application tab, then choose a type of report and then click Next.
    • Security report
    • Industry standard report
    • Regulatory compliance report
    • Open source report
  2. (Security Report only:) On the Application report dialog box:
    1. If the application is associated with a policy, filter issues by compliance as desired. You can specify all issues to include in the report or only the non-compliant issues.
    2. Specify the metadata to include in the report.
    3. Specify a name and format for the report, and include notes if appropriate.
  3. Click Generate report.
To run an issues report:
  1. After running a scan on an application, click All issues on the Application tab.
  2. Click Filter to apply severity, status, and compliance filters to the report. Optional.
    Note: If no policies are enabled, and the Non-compliant filter is selected, all New, Open and In-Progress issues are displayed.
  3. Use the Search field to filter in results. Optional.
  4. Select one or more issues to include in the report. Optional.
    Note: If you select none, a report is generated for all displayed issues.
  5. Click the filtered Security report button.
  6. On the Issues report dialog box:
    1. Specify the metadata to include in the report.
    2. Specify a name and format for the report, and include notes if appropriate.
  7. Click Generate report
    Note: If you close the dialog, the report will continue to be generated in the background, but if there are any errors you will not see them.

Viewing policy compliance using the REST API

You can see application's ComplianceStatuses with its associated policies in the model that is returned from the GET /apps API:
"ComplianceStatuses": [
          {
          "PolicyId": "00000000-0000-0000-0000-000000000000",
          "Enabled": true,
          "Name": "string",
          "Compliant": true
          }
          ]
This is an array of all compliance policies associated with the application. For each compliance policy you can see whether the application is compliant or not.
Note: The Enabled property is currently not used.