You can easily view Code Security Analysis scanned results on all projects after scan triggered. All scan results will be listed in Latest Overall Scan Reports.
Step 1: Select the project
1. Go to left menu and select "Projects" under DEVSECOPS section. Click on the Project ID or the three dots action icon on the project, select "View Project".
Step 2: View details of vulnerabilities detected
All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.
Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.
1. A Latest Overall Scan Report of Code Security Analysis will be auto generate for you. In a single glance of summary reports, you could see 4 scanners' result.
2. You can also see past scanned reports under "SCAN HISTORY" tab to compare the previous results and current results. This is very useful if you have make correction or remediation on your code; or simply to compare with the latest possible vulnerabilities found.
The scan report will be summarised into 5 categories of CWE and CVE vulnerabilities' severity levels; Critical, High, Medium, Low and Information.
There are 2 ways to view details of vulnerabilities detected.
By each scanner
1. You can view individual scanner's results. Each scanner have its own automated Report compiled. Simply click "View Report" if you want to looks at the details of scanned results.
2. Click on "Vulnerabilities Detected" (default selection). You will see each scanner details report.
All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.
Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.
You can easily view your latest source code's compliances based on this each scanned results.
By overall vulnerabilities
1. Go to left menu and select Vulnerabilities under MANAGE section. You can easily sort based the project/branches, severity level, compliance or type of scanner (of all scanners).
Step 3: Mitigate vulnerabilities
There are 2 ways to mitigate vulnerabilities detected.
By each scanner
1. Click on "Mitigation & Task Assignment". Here you can sort the list based on severity that you intend to focus on.
2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.
By overall vulnerabilities
1. Go to left menu and select Vulnerabilities under MANAGE section. You can easily sort based the project/branches, severity level, compliance or type of scanner (of all scanners).
2. For each vulnerability found, click "Mitigate" to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status.
There are 2 main parts of mitigation:
Part 1
- AI False Positive Detector - to check with AI's analysis in real-time to ensure the detected vulnerability won't mistakenly identifies as a threat or risk.
- Task management - to assign the task across team members to fix and track the mitigation progress and status.
Part 2
- Vulnerability's type and information - to list in details information the found vulnerability.
- Generated By AI - to check with AI's analysis and it's recommended remediation in real-time.
Notes:
Each vulnerability detected or found have it own characteristic, type, severity and risk to you and company. That's why each vulnerability have it's own remediation to work on. That sometime to learn on about ArmourZero's AI-powered false positive detector and recommended remediation in the links provided above.