Track vulnerabilities

Use Contrast's bugtracker integrations to send vulnerability data to other members of your organization. Integrations allow you to plan and maintain timely patching to protect against attacks, and help you streamline workflows by sending vulnerability information directly to your bugtracking tool. You can receive also notifications if Contrast finds any new high or critical vulnerabilities in your application.

You can send vulnerabilities to a bugtracker from the Send Vulnerability (paper plane) icon located in the Vulnerabilities grid, or from the Vulnerabilities tab of an application's details page. When you send a vulnerability to a bugtracker, it's automatically updated to a Reported status, and an arrow icon appears beside the status in the grid row for the vulnerability. To quickly see which vulnerabilities are tracked, use the filter in the Status column, and select "Being Tracked".

Integrations

Contrast offers integration with the several bugtrackers, including Jira, Bugzilla, Serena Business Management and VSTS/TFS. Organization Administrators can set up any of these bugtrackers and other integrations in User menu > Organization Settings > Integrations. See a full list of integrations here.

Send findings

You can send vulnerabilities to a bugtracker by selecting the Send Vulnerability icon in the Vulnerabilities grid, or from the Vulnerabilities tab of an application's details page. In the dialog that follows, choose which information to include in the bugtracker ticket that will be generated.

Note

Bugtracker integrations must be configured before you send vulnerabilities.

When you send a vulnerability to a bugtracker, the status of the vulnerability changes to Reported. An arrow icon also appears beside the status in the grid row for the vulnerability. Hover over this icon for more information, including the bugtracker name(s) and corresponding ticket number(s).

Note

To quickly see which vulnerabilities are tracked, use the filter in the Status column and select "Being Tracked".

Custom processing

You can also export vulnerability data to a CSV or XML file for custom processing.

If you want to gather this data outside of the web interface, Contrast also provides robust APIs where you can explore even more information.