Exporting issues as reports

You can generate customized reports ( HTML, PDF, Excel, or XML) for issues and send them to developers, internal auditors, penetration testers, managers, and the CISO. The reporting templates in AppScan Enterprise map application security data to key government regulations and industry standards. Use the reports to document progress towards regulatory compliance goals, such as showing a reduction in the number of application vulnerabilities associated with compliance issues.

Before you begin

Note:
  1. You can export reports with a mix of issues imported from the various technologies. However, the reports are separated by scanner technology; for example, if you choose four types of imported issues to export, you get 4 PDFs.
  2. Each PDF is chunked at a limit of 100 issues.
  3. The reports are exported in a zip file that contains separate reports for each technology.
  4. Company logos cannot be included on the cover page of a report.

Procedure

  1. In an application, group the issues (Severity, Issue Type, Status, Scanner, or by no group).
  2. Select all the issues, or the relevant ones you want to create a targeted report.
  3. Click the List menu.
  4. Choose one of the following options:
  • Export to HTML
  • Export to PDF
  • Export to Excel
  • Export to XML
  1. Select one of the following report types:
    Report typeDescription
    Security Report of security issues that were discovered. Security information might be extensive and can be filtered depending on your requirements.
    Industry Standard Report of the compliance (or non-compliance) of your application with a selected industry committee.
    Note:
    This report is only exported in English.
    Regulatory Compliance Report of the compliance (or non-compliance) of your application with a wide choice of regulations or legal standards.
    Note:
    This report is only exported in English.
  2. Follow the wizard for the report type you chose. Configure the report layout and export the contents.
    Note:
    The security report includes Application Attributes, Executive Summary, Security Issues (Additional Issue Attributes, Components issues, and Issue Details), How to Fix, and Visited URLs (DAST issues only). You can also include attributes that don't have values; for example, if the issue hasn't been fixed yet, the Fixed Date field will be empty in the report.
    • By default, the Application Attributes check box is selected. You can choose which attributes to include in the report's introduction.
    • By default, the Executive Summary check box is selected.
    • By default, the Security Issues check box that includes Additional Issue Attributes and Components issues is selected to have them in the exported report. However, you can choose which issue attributes to include in the report. You can clear the check box if you don't want to have them.
    • By default, reports include CVSS 4.0 score and vector details. To exclude this data, clear the Include CVSS 4.0 details checkbox on the Issue attribute page in the Generate Report dialog.

Results

The AppScan Enterprise will now generate the report in the selected format. You can distribute the report to stakeholders to show progress towards compliance goals.