Compliance Reports

Generate timestamped PDF reports of security issues that Contrast has identified while monitoring your application. Each report includes a summary of the application's security status as well as details on each vulnerability and remediation guidance.

Generate a Report

To create a report, go to the Applications page and select an application. Click the Generate Report icon located at the top of the application's Overview page.

In the dialog that appears, choose the Report Type, Vulnerability Status and Vulnerability Tag that you want to include in the report, and click Generate. Once generated, the report will download automatically.

Report Content

The report is comprised of information on each vulnerability that's been discovered in your application, including technical details, risk of an issue, remediation guidance and industry references. You can also find a breakdown of the application's known vulnerable libraries, architecture and security scorecard.

Time-to-Remediation

Placeholder article (NEEDS TO BE WRITTEN)

Vulnerability Trend

Vulnerability management is a vital responsibility of any security team. Use the Vulnerability Trend reports to recognize the vulnerabilities your applications face and how well they're being managed so that you have a better understanding of your security posture.

Access Data

Select Reports in the User menu to go the Vulnerability Trend dashboard. Click the View link to see the graphs in more detail.

Select New to see a graph of new vulnerabilities. Select Total to see a graph of all reported vulnerabilities compared to all remediated vulnerabilities. Each black data point represents the total number of Suspicious, Confirmed and Reported vulnerabilities for that date. Each green data point represents the total number of vulnerabilities marked as Not A Problem, Remediated or Fixed. Hovering over each data point generates a tooltip with status breakdowns.

Filter vulnerabilities

Each report defaults to all applications, servers and rules, but you can filter vulnerabilities by clicking in the fields above the graph. The following table outlines the categories that you can use to create a custom report.

Field Default Filter Options
Date Last 7 Days Last 30 days
Last 12 weeks
Last 12 months
Applications All Importance (Critical, High, Medium, Low, Unimportant)
Application Tags
Licensed (List of all applications)
Servers All Environment (Development, QA, Production)
Server Tags
Servers (List of all servers)
Rules All Severity (Critical, High, Medium, Low, Note)
Vulnerability Tags
Vulnerability Rules (List of all rules)

Save Reports

You can save filter criteria to recall any customized report at a later time. Saved reports are at the User level, so each of you have your own defined list of saved vulnerability trend reports. You can edit or delete these reports at any time.

To save a report view, click the star icon at the top right of the report page. This generates a popup with a field to name the report. Once saved, the named report appears next to the Vulnerability Trend heading with a dropdown menu. Each time you come to the Vulnerability Trend page, the menu shows all of your saved reports as well as an option to Start a new report.

Rename reports

When viewing a saved report, hover over the star icon to generate a Manage Report tooltip. Click the icon to produce a popup with a field to rename the report and buttons to Cancel, Remove or Save.

Edit and remove reports

If you change filter options while viewing a saved report, the star icon changes to an unsaved state and Edited appears next to the report name. Click the icon to generate a popup menu to Save Existing or Save As New. Choose Save Existing to update the saved report name with the current filters and remove the Edited status. Choose Save As New to save the report view with the current filters as a new report under a different name.

Click Remove to permanently delete the saved report that you're currently viewing. Contrast automatically takes you to the default Vulnerability Trend page view and removes the report name from the dropdown menu.

Start new reports

To clear unsaved edits to an existing report and start over with the report defaults, choose the Start a new report option in the dropdown menu. The report name changes to New Report.

Manage reports

When you've created more than five saved reports, a Manage link appears within the Saved Reports dropdown. Click the link to go to the Manage Saved Reports dialog. Select the checkbox next to each report that you want to remove or use the Select All checkbox. To rename a report in the dialog, click the report name and edit it inline. You can also use the search field to find reports.

Export Reports

Create a timestamped PDF report of the Vulnerability Trend to capture a snapshot of your vulnerability management by clicking the Export icon in the upper right hand corner of the page. Contrast immediately generates the report and prompts you to download when it’s ready. Each PDF report includes a summary of the variables included in your customized view, the trend graphic, and a table of the metrics and breakdowns of each data point.

Organization Statistics

Gain robust and comprehensive visibility into your organization data with Organization Statistics.

Go to the Reports page via the User Menu to find widgets with information about licensing utilization and expirations, breakdowns across various data points for onboarded applications, and deployed servers and how they’re being utilized. Use the filters in the dropdown menus to choose which data to compare at a glance.

In the Licenses chart, view the number of overall licenses for Assess and Protect, as well as the number of unlicensed applications and servers that exist in your organization. Click the application count to navigate to the Unlicensed quick view in the Applications page.

In the next chart, get a glimpse of active applications. The inner ring designates the breakdown by language; choose the categories you want to compare in the outer ring by selecting Technology or Grade in the dropdown menu.

Finally, view your deployed servers. Select Container or Environment in the dropdown menu to choose how the numbers are analyzed.

To take a closer look at this information, select the View link under each heading.

Licenses

The Licenses tab features an activity trend chart of data on license consumption over the past year. Hover over a data point on the Assess or Protect trend lines to see how many licenses were used each month. The thermometer chart below shows the total number of licenses purchased compared to the number being used. The timeline shows how many licenses are about to expire on given dates. For a different view of the data, the circular charts show breakdowns by fraction and percentage for Assess and Protect.

Note: If your organization doesn't own any Protect or Assess licenses, Contrast alerts you to the count of unlicensed assets in that mode.

Protect usage

Take a closer look at your Protect license usage by clicking beneath the Protect trend line in the chart. This switches you to the Protect Usage mode, which shows data for the current month in a trend chart as well as a quick view of Usage Statistics.

Hover over data points in the trend chart to see the number of Protect servers used and the number of available licenses that remained for each day. The y-axis marker (dotted line) shows the number of licenses that you had purchased. Use the dropdown menu above the chart to view data from a previous month within the past year.

Click on the vertical bars in the chart to view your hourly usage of Protect licenses for each day. Peak hourly usage is represented by bright green shading at the top of the bars.

To return to your view of license activity data for Assess and Protect servers, click the link above the graph to go Back to License Activity.

Applications

In the Applications tab, the Status thermometer chart shows the total number of applications broken down by the number that are licensed, unlicensed and archived. Click on the total number of onboarded applications to go to the Applications page for more details on each one. Contrast also reminds you of how many licenses are available in your organization.

The circular Language Breakdown chart shows the number of applications by language in the inner band, and by Technology or Grade in the outer band. Click the number of active applications to go directly to the Applications page. High Risk and Expirations snapshots show the number of applications with critical open vulnerabilities and expiring licenses, respectively. The Protection Coverage snapshot shows the number of applications on Production servers that have incomplete Protection coverage. Click the link to see a breakdown of Protection coverage by application.

Applications that were added within the last week and applications that reside on an offline server are listed separately in the sidebar.

Servers

Switch to the Servers tab to view a thermometer chart that shows the breakdown of all deployed servers by environment. Click on the total number of servers to go to Servers page for more information on each one.

The circular Container Breakdown chart displays the number of deployed servers for each language in a given environment. Select a different environment in the dropdown menu to update the ring and total number of servers. Click on the server count to go to the Servers page with the relevant environment filter applied. Snapshots show servers being Assessed and Protected as well as all servers online compared to the total number of servers in the given environment. The right sidebar includes a list of newly onboarded, offline and deleted servers.

User Statistics

Placeholder article (NEEDS TO BE WRITTEN)