Custom findings
To augment your analysis results, you can create custom findings. These are user-created findings that AppScan® Source for Analysis adds to the currently-open assessment or selected application. Custom findings impact assessment metrics and can be included in reports. Once created, a custom finding is automatically included in future scans of the application.
The behavior of a custom finding depends on the view from which it is created.
When created from the Findings view, the custom finding:
- Is applied to the currently-open assessment.
- Is saved as part of the application and appears in the application properties.
- Affects the current scan and future scans of the same application.
- Affects assessment metrics immediately.
When created from the Properties view or by selecting the Add Custom Finding action for a selected application, the custom finding:
- Is applied to the selected application.
- Is added to the current assessment if the application is the application that was scanned.
- Is contained in future scans of that application.
When created from the code editor:
- If an assessment is open, the custom finding operates as when created in the Findings view.
- If no assessment is open, the custom finding operates as when created in the Properties view.
AppScan Source for Analysis automatically saves the application after you create custom findings. You cannot modify the assessment without modifying the application. However, if an assessment is not associated with an application, no application is modified.
If you add custom findings to an application, they are included in subsequent scans of that application and cannot be excluded. To remove a custom finding, you must exclude it from an assessment or delete it from the application.
A custom finding consists of these attributes:
- Vulnerability Type (required)
- Severity (required)
- Classification (required)
- File (required)
- Context
- Line number
- Column number
- API
- Notes
- Bundle