The AppScan® Source triage process

The triage process includes manipulating findings through bundles, filters, and exclusions - and comparing assessment results.

Filters

A filter is a set of rules that defines findings with certain traits. A filter allows you to present a dynamic view of these findings and allows you to triage similar findings.

Filters are either shared or local:

  • Shared filters reside on the AppScan® server. Anyone connected to that server may use the filter.
  • Local filters reside on the local computer.

Bundles

A bundle is a named collection of individual findings that is stored with an application. A bundle is created by simply selecting findings and adding them to a new or existing bundle.

Grouping similar findings into bundles allows security analysts to segment and triage source code problems. You can submit bundles to a defect tracking system or email the findings to developers for review as part of the triage and analysis process.

Exclusions

An exclusion omits findings from scans. AppScan® Source has a built-in Excluded Bundle, which contains any findings that you exclude (for example, because they do not require resolution).

Note: Findings excluded from assessment results do not contribute to the calculation of application or project metrics.

Modified findings

A modified finding is a finding with an altered vulnerability type, severity, or classification. If you add notes to findings, the finding is also considered modified.

Comparing assessments

Assessments are compared in AppScan® Source for Analysis using the Diff Assessments action. When two assessments are compared, the differences between the two are displayed in the Assessment Diff view (which resembles a combination of the My Assessments view and the Findings view).

Note: When assessments are compared, filters and bundles are ignored.