report (rpt)
Description
Report
generates
an AppScan®
Source report
of the specified type, including findings reports and AppScan®
Source reports.
A valid AppScan® Source for
Automation license
is required for use of this command.
Available report output formats are HTML, PDF, and zip.
Syntax
report "<report type>" <output format> <output location>
[<assessment id>] [-includeHowToFix] [-includeSrcBefore:<n>] [-includeSrcAfter:<n>]
[-includeTrace:<definitive|suspect|coverage>]
report type
: The name of the report, in double quotation marks, to generate. Specify one of the following:- A Findings report:
Findings
Findings by Fix Group
Findings by Type
Findings by Classification
Findings by File
Findings by API
Findings by Bundle
Findings by CWE
DTS Activity
- An AppScan®
Source report:
2021 CWE Top 25 Most Dangerous Software Weaknesses
DISA Application Security and Development STIG V5R1
DISA Application Security and Development STIG V5R3
OWASP API Security Top 10 2023
OWASP API Security Top 10 2019
OWASP Mobile Top 10
OWASP Top 10 2017
OWASP Top 10 2021
PCI Data Security Standard V3.2
Software Security Profile
- A custom report, if available.
When entering the report type, in double quotation marks, enter the exactly as specified in the above list - for example
Findings by Classification
orSoftware Security Profile
.- A Findings report:
output format
: Specify one of the following formats for this report:html
: Generates the report as HTML and displays it online.zip
: Creates a ZIP file that contains all HTML report components- For reports in PDF format, you can specify the level of detail:
pdf-summary
: Contains counts for each custom report grouppdf-detailed
: Contains counts for each API for each vulnerability propertypdf-comprehensive
: Contains tables consisting of every finding for every APIpdf-annotated
: Contains all findings, any notes included with the findings, and designated code snippetsoutput location
: The file path to write the report.
output location
: Specify the absolute path and file name to which you want to save the report.assessment id
: Optional. The assessment ID, which you obtain from thelistassess (la)
command. If you omit assessment ID, the report is generated from the most recent scan.-includeHowToFix
: Optional. Include advisory information for how to address and correct findings.-includeSrcBefore:<n>
: Optional. The number of lines of source code to include in a report before each finding.-includeSrcAfter:<n>
: Optional. The number of lines of source code to include in a report after each finding.-includeTrace:<definitive|suspect|coverage>
: Optional. Include trace information in the report for definitive, suspect, or scan coverage findings (see Classifications to learn about findings classifications). To include trace information for more than one findings classification, specify this option multiple times. For example, to include trace information for definitive and suspect findings, specify-includeTrace:definitive -includeTrace:suspect
.
Examples
- Request a Findings by API report written to HTML. In the
report, include trace information for definitive findings:
AllApplications>> report "Findings by API" html C:\reports\findings.html -includeTrace:definitive
- Request an OWASP Top 10
AppScan®
Source
report written to PDF with comprehensive detail using
existing assessment
542:
AllApplications>> report "OWASP Top 10 2021" pdf-comprehensive /reports/webgoat_OWASP_21_comp.pdf 542