Tracking defects through email (sending findings by email)

About this task

If you have configured email preferences, you can email findings or bundles directly to developers to advise them of potential defects found after a scan. The email includes an attachment that contains the findings - and text that describes the findings.

Note: Some Simple Mail Transfer Protocol (SMTP) relays only deliver mail to specific domains. In this case, if you send from mydomain.com, only recipients in mydomain.com can receive the email through AppScan® Source for Analysis.

To email findings from a findings table:

Procedure

  1. Select the finding or findings in the table, or open a bundle. If you open a bundle, select the bundle findings to mail.
  2. Right-click the selection and choose Email Findings from the menu.
  3. The email will include a bundle attachment that contains the findings. In the Attachment File Name dialog box, specify a name for the finding bundle. For example, specifying my_finding in the Attachment File Name field causes a bundle with file name my_finding.ozbdl to be attached to the email.
    Click OK to open the Email Findings dialog box.
  4. By default, the Mail To field in the Email Findings dialog box will populate with the To Address that is specified in the email preferences - however, it can easily be changed when preparing the email. In this dialog box, review the contents of the email and then click OK to send the email.

Results

Example email contents:

1 findings:
Name: JavaAny.test_DataInput
Type: Vulnerability.Validation.Required
Severity: Low
Classification: Suspect
File Name: C:\TestApps\java\JavaAny\src\JavaAny.java
Line / Col: 275 / 0
Context: di . java.io.DataInput.readFully ( ba )
Notes: Check into this vulnerability and report back ASAP.
Tip: You can email individual findings or bundles from the Finding Detail view. You can also email bundles by clicking Email Bundle on the Bundle toolbar.