Export vulnerability findings

Export details on vulnerability findings by selecting the vulnerabilities that you want to include in the report, and clicking the Export icon in the action bar. Once choose to generate the report in CSV or XML format, Contrast immediately generates the file for download.

The exported file contains the following data fields for each vulnerability:

  • Vulnerability Name

  • Vulnerability ID

  • Category

  • Rule Name

  • Severity

  • Status

  • Number of Events

  • First Seen

  • Last Seen

  • Application Name

  • Application ID

  • Application Code

  • CWE ID

  • Request Method

  • Request Port

  • Request Protocol

  • Request Version

  • Request URI

  • Request Qs

  • Request Body


For users looking to craft custom software composition analysis reports about their applications, the vulnerability export feature might not provide sufficient information; however, Contrast offers a rich Application API which gives you access to Contrast vulnerability data. Reference the Contrast RESTful API documentation > Application Trace Filtering > /ng/{orgUuid}/traces/{appId}/filter section for instructions on using the Application API.

You may also explore additional details on your vulnerabilities using a manual method.

Example: This cURL request retrieves a list of vulnerabilities that also shows a list of the applications in which each vulnerability was found. The jq tool formats the data as CSV for use in a custom report.

curl \
    -H "Authorization: $(echo -n $username:$servicekey | base64)" \
    -H "API-Key: $apikey" \
    https://app.contrastsecurity.com/Contrast/api/ng/$orgid/orgtraces/filter?expand=request | \
    jq -r '.traces[] | {uuid: .uuid, protocol: .request.protocol} | [.uuid, .protocol] | @csv'