Compliance reports
Generate timestamped PDF reports of security issues that Contrast has identified while monitoring your application. You can choose from the following report types:
DISA ASD STIG: DISA's Application Security and Development STIG reports the security posture as it relates to policy requirements for security programs and best practices for Information Assurance (IA)-enabled applications.
OWASP 2013 Top 10, OWASP 2017 Top 10, and OWASP 2021 Top 10: The Open Web Application Security Project reports the problems that are “worth fixing” or in the top ten list of flaws.
OWASP Top 10 API Vulnerabilities 2019: The Open Web Application Security Project reports the unique vulnerabilities and security risks with APIs.
PCI DSS - 2.0, 3.0 and 3.2.1: The Payment Card Industry Data Security Standard protects cardholder data in the event of a data breach. To achieve compliance, organizations must identify and remediate all critical vulnerabilities.
Each report includes a summary of the application's security status as well as details on each vulnerability and remediation guidance.
The report shows each vulnerability that's been discovered in your application, along with:
Technical details
Risk of an issue
Remediation guidance
Industry references
The application's known vulnerable libraries
A security scorecard
To run a compliance report:
Select Applications in the header.
Select an application in the Applications grid.
Click the Reports icon
located at the top-right of the application's page.Select Generate Security Standards Report from the list.
In the window that appears, choose the Report Type, Vulnerability Status/Severity and Vulnerability Tag that you want to include in the report.
Click Generate.
Once generated, the report will automatically download.