Attestation reports
Attestation reports provide evidence of vulnerability remediation based on the most current application information. Meet compliance and auditing requirements with these PDF reports.
Note
This report expires seven days after you create it. Contrast then deletes the report after this time.
Attestation reports include:
An itemized list of the specific filter settings used to run the report
A summary of the security posture for the application
Vulnerabilities assessment for both custom code and open-source libraries. Note that critical severities will not be displayed in this section if CVSS 3.1 has not been turned on for existing organizations. To enable this, contact Contrast Support.
Route coverage as a security assessment metric
An optional compliance policy assessment and detailed information about open vulnerabilities for the application
An appendix that describes methodologies and terminologies
To run an attestation report:
Select Applications in the header.
Select an application in the Applications grid.
Click the Reports icon
located at the top-right of the application's page.
Select Generate Attestation Report from the list.
In the window that appears, define the Vulnerabilities, Environments, and additional Security Standards that you want to include in the report.
The default is to show all vulnerabilities and environments, but you can filter them by clicking the fields. Choose an option from Security Standards to include an additional Security Standards section in the generated report. Optionally, you can choose to include detailed information about open vulnerabilities.
The following table outlines the categories that you can use to create a custom report.
Field
Default
Filter options
Vulnerabilities
All
Status (Reported, Suspicious, Confirmed, Not a Problem, Remediated, Fixed, Remediated - Auto-Verified)
Severity (Note, Low, Medium, High Critical)
Assess Rules
Vulnerability details
None
Include vulnerability details
Environments
All
Development
Test
Production
Security Standards
None
DISA ASD STIG
IPA-7.0
OWASP 2013 Top 10
OWASP 2017 Top 10
OWASP 2021 Top 10
OWASP Top 10 API Vulnerabilities 2019
PCI DSS - 2.0
PCI DSS - 3.0
PCI DSS - 3.2.1
Select Generate.
Once generated a download link appears in the Notifications panel.
If an application has more than 16,000 vulnerabilities, Contrast does not generate the report. Contrast displays an error message indicating that the application exceeds the 16,000 vulnerability limit.
Click the report link to download the PDF.