Compliance reports

Generate timestamped PDF reports of security issues that Contrast has identified while monitoring your application. You can choose from the following report types:

  • DISA ASD STIG: DISA's Application Security and Development STIG reports the security posture as it relates to policy requirements for security programs and best practices for Information Assurance (IA)-enabled applications.

  • OWASP 2013 Top 10, OWASP 2017 Top 10, and OWASP 2021 Top 10: The Open Web Application Security Project reports the problems that are “worth fixing” or in the top ten list of flaws.

  • OWASP Top 10 API Vulnerabilities 2019: The Open Web Application Security Project reports the unique vulnerabilities and security risks with APIs.

  • PCI DSS - 2.0, 3.0 and 3.2.1: The Payment Card Industry Data Security Standard protects cardholder data in the event of a data breach. To achieve compliance, organizations must identify and remediate all critical vulnerabilities.

Each report includes a summary of the application's security status as well as details on each vulnerability and remediation guidance.

The report shows each vulnerability that's been discovered in your application, along with:

  • Technical details

  • Risk of an issue

  • Remediation guidance

  • Industry references

  • The application's known vulnerable libraries

  • A security scorecard

To run a compliance report:

  1. Select Applications in the header.

  2. Select an application in the Applications grid.

  3. Click the Reports icon icon-reports.svglocated at the top-right of the application's page.

  4. Select Generate Security Standards Report from the list.

  5. In the window that appears, choose the Report TypeVulnerability Status/Severity and Vulnerability Tag that you want to include in the report.

  6. Click Generate.

    Once generated, the report will automatically download.