Import issues from a third-party scanner or from manual pen testing so that you can
triage them. These issues are marked as 'New' so that you can easily identify them in the list of
issues that you must address.
Before you begin
- If you are importing issues from a CSV file, you must prepare the file so that the issues are
successfully imported. Read Preparing a CSV file for import.
- If you are importing reports results from AppScan Standard v9.0.3, you must export the report
results first to an XML file. Read Importing issues from an exported report from AppScan Standard.
- You can import issues from these third-party scanners:
- Black Duck
- Burp Suite Professional
- HP Fortify
- HP WebInspect
- IBM Security Guardium
- Nessus Vulnerability Scanner
- Veracode
Procedure
-
From an application tab in the Monitor view of AppScan Enterprise, click Import Issues.
-
Select an existing scan or create a new one. Follow the wizard instructions to complete the
process. Make sure you give the scan a unique name; don't use the default name of the scan as the
name.
-
Check the log file to investigate whether any issues weren't imported.
Note:
- If the attribute contributes to the issue uniqueness, but has an error in the file, the issue is
not imported.
- If the attribute does not contribute to issue uniqueness and has an error:
- For dropdown attributes, AppScan Enterprise replaces the error with the default value specified in the scanner profile, and imports the issue.
- For all other attribute types, AppScan Enterprise does not import the attribute value that has the error, but does import the issue.
These behaviors are then logged in the import log file.
-
To see a list of issue imports for an application, click View details in
the sidebar, and scroll down the Application Attributes window to the
Issue Imports section. If a scanner is deleted from AppScan Enterprise, the
imports for that scanner are deleted from the list, although the import issues are still available
in the application grid.
Note: You can delete selected issue imports from the application. Depending on the number of
issues being removed from this application, this operation might take a while.
Results
If any imported issues appear in the Undetermined category, it means that
the CVSS score cannot be calculated because required attributes are not defined.