Skip to main content

Attestation reports

The Attestation report provides a detailed point-in-time snapshot of an application's security posture. This report includes information about the application's composition, configuration, and all open vulnerabilities, serving as a formal attestation of its security status. All attestation reports are delivered as time-stamped PDFs that are downloaded locally. You can generate an attestation report for a single application or for a group of applications.

As of November 7, 2023, this report replaces the Security standards report. The Attestation report provides similar information as the Security standards report. It will help you meet compliance requirements and identify areas of urgent attention.

Note

This report expires seven days after you create it. Contrast deletes the report after this time.

Attestation reports include:

  • An itemized list of the specific filter settings used to run the report

  • A summary of the security posture for the application

  • Vulnerability assessment for both custom code and open-source libraries. Note that critical severities will not be displayed in this section if CVSS 3.1 has not been turned on for existing organizations. To enable this, contact Contrast Support.

  • Route coverage as a security assessment metric

  • An optional compliance policy assessment and detailed information about open vulnerabilities for the application

  • An appendix that describes methodologies and terminologies

Before you begin

An Attestation report has the following limits:

  • 1,350 vulnerabilities with details

  • 18,000 vulnerabilities without details

  • 15,000 routes with observations

  • 30,000 routes without observations

If your report exceeds these limits, an error message displays and the report doesn't generate. If this situation occurs, change your report selections to reduce the amount of information in the report.

Steps to generate an Attestation report for a single application

To generate a report for an individual application, navigate to the application's overview page and select the option to create an attestation report from the reports menu. The generated PDF will contain detailed findings specific to that application.

  1. Select Applications in the header.

  2. Select an application in the Applications grid.

  3. Select the Reports icon (icon-reports.svg) located at the top-right of the application's page.

  4. Select Generate Attestation Report from the list.

    In the Attestation report window, select the VulnerabilitiesEnvironments, and additional Security Standards that you want to include in the report.

    The default is to show all vulnerabilities and environments, but you can filter them by selecting the fields and then selecting filters. Choose an option from Security Standards to include an additional Security Standards section in the generated report.

    Optionally, you can choose to include detailed information about open vulnerabilities and observed routes.

    The following table includes the categories that you can use to create a custom report.

    Category

    Default

    Filter options

    Vulnerabilities

    All

    • Status (Reported, Suspicious, Confirmed, Not a Problem, Remediated, Fixed, Remediated - Auto-Verified)

    • Severity (Note, Low, Medium, High Critical)

    • Assess Rules

    Vulnerability details

    None

    Include vulnerability details by selecting the checkbox for it.

    Route observations

    None

    Include details about observed routes by selecting the checkbox for it.

    Environments

    All

    • Development

    • QA

    • Production

    Security Standards

    None

    • DISA ASD STIG

    • IPA-7.0

    • OWASP 2013 Top 10

    • OWASP 2017 Top 10

    • OWASP 2021 Top 10

    • OWASP Top 10 API Vulnerabilities 2019

    • PCI DSS - 2.0

    • PCI DSS - 3.0

    • PCI DSS - 3.2.1

    • PCI DSS - 4.0

  5. Select Generate.

    After Contrast generates the report, the Notifications panel displays a download link for it.

    Select the link to download the report.

Steps to generate an Attestation report for multiple applications

To provide a portfolio-level view, you can now generate a single attestation report that covers multiple applications without needing to merge them.

  1. Select Applications in the header.

  2. Select the application rows in the Applications grid.

  3. Select the Reports icon (icon-reports.svg) located at the top-right of the page.

  4. Select Generate Attestation Report from the list.

  5. Use the options as mentioned in the single application table with these additional options:

    Category

    Default

    Filter options

    Application List

    All

    The page that lists every application included in the report.

    Table of Contents

    All

    Includes dynamic links to the detailed section for each application within the report.

    Application Rating Widget

    All

    The table that displays the individual security rating (A-F) for each application in the group.

    Application Rating Distribution

    All

    A bar chart that visualizes the distribution of application ratings across the entire group.

    Vulnerability Distribution

    All

    This widget shows an aggregated count of all vulnerabilities by severity (Critical, High, etc.) across all selected applications.

  6. Select Generate.

    After Contrast generates the report, the Notifications panel displays a download link for it.

    Select the link to download the report.

In this section: