Compliance reports

Generate timestamped PDF reports of security issues that Contrast has identified while monitoring your application. You can choose from the following report types:

  • DISA ASD STIG: DISA's Application Security and Development STIG reports the security posture as it relates to policy requirements for security programs and best practices for Information Assurance (IA)-enabled applications.

  • OWASP 2013 Top 10 and OWASP 2017 Top 10: The Open Web Application Security Project reports the problems that are “worth fixing” or in the top ten list of flaws.

  • PCI DSS - 2.0, 3.0 and 3.2.1: The Payment Card Industry Data Security Standard protects cardholder data in the event of a data breach. To achieve compliance, organizations must identify and remediate all critical vulnerabilities.

Each report includes a summary of the application's security status as well as details on each vulnerability and remediation guidance.

The report shows each vulnerability that's been discovered in your application, along with:

  • Technical details

  • Risk of an issue

  • Remediation guidance

  • Industry references

  • The application's known vulnerable libraries

  • A security scorecard

To run a compliance report:

  1. Select Applications in the header, then select an application.

  2. Select the Generate Security Standards Report icon located at the top of the application's Overview page.

  3. In the window that appears, choose the Report TypeVulnerability Status/Severity and Vulnerability Tag that you want to include in the report.

  4. Click Generate. Once generated, the report will download automatically.