Fix groups
Fix groups currently apply only to issues found in static analysis scans.
Fix groups are a new approach to managing, triaging and solving issues found during static analysis scan. Once you have run a static scan, AppScan on Cloud organizes the issues found into fix groups based on vulnerability type and the required remediation task. In every new static scan, new issues are added to these groups, and new groups are created as needed.
- Common Fix Point
- Contains issues that share the same vulnerability. The entire group can be remedied by a single fix (one code point).
- Common API
- Contains issues that are related to the same API call. A common API group puts findings with the same root cause together if they cannot fit into a common fix point group. This lessens the context switching when reviewing results and applying the fix. In general, the fix is similar for each of the affected findings; the same fix can be applied to all issues in the group.
- Common Open Source
- Contains issues identified in third-party code, based on the library in which they were found. For each vulnerable library identified in the application, a fix group is created. Each fix group can have one or multiple vulnerabilities depending on how many vulnerabilities were found in the specific library. The same fix can be applied to all issues in the group.
Issues in any group always share the same vulnerability type.
Fix Group Severity
Fix Group Severity is determined by the highest severity of all the issues it contains.
Fix Group Status
Fix Group Status is assigned only when all issues in the group have the same status.
When you change the status of all issues in a group, you can choose whether to apply the same status to the issues added to the group from future scans by selecting the Automatically apply to future issues checkbox. Note that the Automatically apply to future issues option, also known as "StickyStatus" or "IsSticky" in the API and the audit trail user interface respectively, is the same. Additionally, selecting this option prevents you from modifying the status of any individual issue that is part of this group.
If you do not select the Automatically apply to future issues checkbox and new issues with different status are added from future scans, then the group's status will change to Mixed.
Tutorial
The Issue details pane displays comprehensive information about the issue, including a trace that indicates fix location and relevant issue properties.