Creating custom findings in the source code editor
About this task
When you add custom findings using the source code editor, these conditions apply:
- If the visible source file in the source code editor belongs to the currently-opened assessment, the custom finding is added to the assessment and the associated application.
- If the custom finding does not belong to the currently-opened assessment, the custom finding is only added to the application that contains the source file.
- If the source file belongs to more than one application, or AppScan® Source for Analysis cannot determine the application, you must select the appropriate application.
If you create a custom finding from the source code editor, the Create Custom Finding dialog box pre-populates with information from the editor.
- File: Name of the currently-opened file
- Context: Any selected text in the editor. If text is not selected, context is the current line of the cursor location. If multiple lines are selected, all selected lines become the context.
- Line number and column number: Current® line and column number
To create a custom finding from the editor:
Procedure
- Select the lines of code to add as a custom finding.
- Right-click the selection and choose Create Custom Finding from the menu. The Create Custom Finding dialog box populates with the file, context, column number, and line number.
- Select the Vulnerability Type, Severity, and Classification. Optionally add an API, notes, or bundle designation.
- Click OK.