View vulnerabilities at an organization level
Exercise (browse or use) your application so Contrast can find weaknesses and present results in the Contrast application.
To see your application's vulnerability data in more detail, configure your Contrast agent to report session metadata.
In the header, select Vulnerabilities.
To display vulnerabilities for licensed applications only, select Show licensed only at the top of the vulnerabilities list.
To filter by columns, select the Filter icon ( ) next to the column headers. These filter options are available if applicable to the selected application:
Severity: Available filters are: Critical, High, Medium, Low, and Note.
Vulnerability: Available filters are:
Vulnerability tags:: Vulnerabilities associated with custom tags that you created.
Type: Types of vulnerabilities.
Servers: Vulnerabilities for applications associated with selected servers.
Environments: Vulnerabilities for applications in selected environments: Development, QA, and production.
Sinks: Vulnerabilities that originate from a common sink.
A sink is common custom code shared between multiple data-flow vulnerabilities.
Filtering by sink can help you identify a line of code that is causing multiple vulnerabilities.
URLs: Vulnerabilities associated with a specific URL.
Compliance policy: Vulnerabilities associated with a compliance policy
Application: Available filters are:
Application names: Names associated with applications.
Custom tags: Tags you assigned to applications.
Languages: The languages used for applications.
Technologies: Technologies that applications use. For example, JSON or jQuery.
Application importance: The importance level you set in the application settings.
Application metadata: Application metadata that you associated with applications.
Last detected: Available filters are: First or Last detected and Time range. Select Custom to enter specific dates and times.
Status: Available filters are Status and whether Contrast is tracking the vulnerability
To remove filters, select Clear next to the column header.
To view vulnerability details, select a name. You can view details for these categories:
HTTP information
Steps on how to fix this vulnerability
Details about the identity, timing and location of the vulnerability including build numbers, reporting servers, category and security standards