Attestation reports
Attestation reports provide evidence of vulnerability remediation based on the most current application information. Meet compliance and auditing requirements with these PDF reports.
Attestation reports include:
An itemized list of the specific filter settings used to run the report.
A summary of the security posture for the application.
Vulnerabilities assessment for both custom code and open-source libraries.
Route coverage, as a security assessment metric.
An optional compliance policy assessment, and detailed information about open vulnerabilities for the application.
An appendix that describes methodologies and terminologies
To run an attestation report:
Select Applications in the header and select an application.
Click the Reports icon located at the top of the application's page.
In the drop-down list, select Generate Attestation Report.
In the window that appears, define the Vulnerabilities, Environments, and additional Security Standards that you want to include in the report.
The default is to show all vulnerabilities and environments, but you can filter them by clicking in the fields. Choose an option from Security Standards to include an additional Security Standards section in the generated report. Optionally, you can choose to include detailed information about open vulnerabilities.
The following table outlines the categories that you can use to create a custom report.
Field
Default
Filter options
Vulnerabilities
All
Status (Reported, Suspicious, Confirmed, Not a Problem, Remediated, Fixed, Remediated - Auto-Verified)
Severity (Note, Low, Medium, High Critical)
Assess Rules
Vulnerability details
None
Include vulnerability details
Environments
All
Development
Test
Production
Security Standards
None
DISA ASD STIG
OWASP 2017 Top 10
OWASP 2013 Top 10
PCI DSS - 2.0
PCI DSS - 3.0
PCI DSS - 3.2.1
Select Generate. Once generated, a download link appears in the Notifications panel.
Click the report link to download the PDF.