Manually adding new filters after upgrading
For AppScan® Source installations configured with a SoldDB or Oracle database, manually add new reporting filters after upgrade to 10.0.8 or later.
As part of AppScan® Source 10.0.8, the following report filters have been introduced:
- OWASP Top 10 API Security 2019 filter
- CWE 2021 Top 25 filter
- OWASP Top 10 2017 report
- OWASP Top 10 2021 report
By default, the newly added filters are available in AppScan® Source installation, except for the installations upgraded from earlier releases configured with a database (SolidDB or Oracle).
To make these filters available to certain upgraded installations of AppScan®
Source, perform these steps:
- Copy the report definition files from
<data_dir>\IBM\AppScanSource\data\default\filters\
to <data_dir>\IBM\AppScanSource\scanner_filters\.The relevant report definition file names are:
- CWE Top 25 2021 Vulnerabilities.off
- OWASP API Security Top 10 2019 Vulnerabilities.off
- OWASP Top 10 2017 Vulnerabilities.off
- OWASP Top 10 2021 Vulnerabilities.off
- Edit the copied files:
- Change the value of XML property
global
fromtrue
tofalse
. - Change
<Filter added="false" exclude_matching_findings="true" global="true" global_exclusion="false" name="CWE Top 25 2021 Vulnerabilities" version="0">
to<Filter added="false" exclude_matching_findings="true" global="false" global_exclusion="false" name="CWE Top 25 2021 Vulnerabilities" version="0">
- Change the value of XML property
- Start AppScan® Source for Analysis client.
- Open the Filters view.
The newly added filters will be available as Custom Filters local to the installation.
- Optional. Mark the filter as Shared to make it available to other AppScan® Source installations connecting to the same database.