Compliance reports

Generate timestamped PDF reports of security issues that Contrast has identified while monitoring your application. You can choose from the following report types:

  • DISA ASD STIG: DISA's Application Security and Development STIG reports the security posture as it relates to policy requirements for security programs and best practices for Information Assurance (IA)-enabled applications.

  • OWASP 2013 Top 10: The Open Web Application Security Project reports the problems that are “worth fixing” or in the top ten list of flaws.

  • PCI DSS - 2.0 & 3.0: The Payment Card Industry Data Security Standard protects cardholder data in the event of a data breach. To achieve compliance, organizations must identify and remediate all critical vulnerabilities.

Each report includes a summary of the application's security status as well as details on each vulnerability and remediation guidance.

The report is comprised of information on each vulnerability that's been discovered in your application, including technical details, risk of an issue, remediation guidance and industry references. You can also find a breakdown of the application's known vulnerable libraries, architecture and security scorecard.

Run a report

To run a compliance report:

  1. Go to the Applications page and select an application.

  2. Click the Generate Security Standards Report icon located at the top of the application's Overview page.

  3. In the dialog that appears, choose the Report TypeVulnerability Status/Severity and Vulnerability Tag that you want to include in the report.

  4. Click Generate. Once generated, the report will download automatically.