Differences between managing issues in reports and applications

If a scan is not associated with an application, triage its issues through the reports in the Scans view (same as 9.0.0.1 and earlier). Otherwise, consider these differences when you are classifying issues in scans that are associated with applications.

  • If a scan is associated with an application, then issue management is disabled in the reports that contain security issues only (it doesn't affect the Broken Links report, for example). You must triage the security issues in the associated application in the Monitor view instead. When you triage issues in an application in the Monitor view, the Status and Severity Values (including CVSS values calculated by the formulas) are propagated in the reports in the Scans view; you don't need to rerun the report to see the changes, but you might have to refresh the report screen.
  • Issue management through application view: In v9.0, issue management privileges were set on the folder that contained a scan. In v9.0.1, issue management is set on the application. Upon upgrade from 9.0, if a scan is already associated with an application, users who used to have issue management privileges on the folder will now have basic permissions on the application so they can continue managing these issues. There is the potential of giving them access to scans they previously were not allowed to access. For example,
    v9.0 v9.0.1 Result
    Folder A: (Bob has an Issue Manager role)
    • Scan X
    • Scan Y
    Folder B: (Mary has an Issue Manager role)
    • Scan A
    • Scan B
    Application 1 is associated with these scan jobs:
    • Scan X
    • Scan B
    Mary now has basic access permissions to Scan B so that she can continue to do her job but she also has access to Scan X, which she didn't have in v9.0.
    To restrict a user's permissions to managing issues on specific applications, remove them from the Basic Access on the applications they are not allowed to access. In the example above, remove Mary's Basic Access permissions on Scan X. To find the application that contains Scan X, go to the Scans view and flatten the hierarchy to show only jobs. Find Scan X and click the link for the application name it is associated with. On the Application tab, click View details and in the Users section of the dialog, remove Mary's Basic Access permissions.