Exporting issues as reports

You can generate customized reports (in PDF, HTML, or XML) for issues and send them to developers, internal auditors, penetration testers, managers, and the CISO. The reporting templates in AppScan Enterprise map application security data to key government regulations and industry standards. Use the reports to document progress towards regulatory compliance goals, such as showing a reduction in the number of application vulnerabilities that are associated with compliance issues.

Before you begin

Note:
  1. You can export reports with a mix of issues that are imported from the various technologies. However, the reports are separated by scanner technology; for example, if you choose four different types of imported issues to export, then you get 4 PDFs.
  2. Each PDF is chunked at a limit of 100 issues.
  3. The reports are exported in a zip file that contains separate reports for each technology.
  4. Company logos cannot be included on the cover page of a report.

Procedure

  1. In an application, group the issues (Severity, Issue Type, Status, Scanner, or by no group).
  2. Select all the issues, or select just the relevant ones you want to create a targeted report.
  3. Click List menu, choose one of Export to HTML, Export to PDF, Export to Excel or Export to XML, and select a report type.
    Report typeDescription
    Security Report of security issues that were discovered. Security information might be extensive, and can be filtered depending on your requirements.
    Industry Standard Report of the compliance (or non-compliance) of your application with a selected industry committee
    Note: This report is only exported in English.
    Regulatory Compliance Report of the compliance (or non-compliance) of your application with a large choice of regulations or legal standards
    Note: This report is only exported in English.
  4. Follow the wizard for the report type you chose. Configure the report layout and export the contents.
    Note: As of v9.0.3.1, in the Security report, you can include application and issue attributes. You can also include attributes that don't have values; for example, if the issue hasn't been fixed yet, the Fixed Date field would be empty in the report.
    • By default, the Application attributes check box is selected. You can pick and choose which attributes to include in the introduction of the report.
    • By default, the Additional Issue Attributes check box is selected to include them in the exported report. You can pick and choose which issue attributes to include. Or, you can clear the check box if you don't want to include them in the report.

Results

Distribute the report to stakeholders to show progress towards compliance goals.