Let's explore the issues page to get information about the diagnosed issues and their contribution in the overall risk of the organization.
This page gives you a high-level view of the issues identified during the scan, as it displays the list of issues identified in each application along with risk score, category, description of the issue, issue owner, and total count. Moreover, it also tells you about the contribution of each issue to the overall organizational risk.
You can sort the issues based on their score, category, and other factors.
The score of the issue for each app is calculated by factorizing the issue severity with the business priority score. The goal is to ensure that security issues in high business priority apps will be prioritized over security issues in lower business priority apps.
The most severe issues are highlighted in red to indicate the severity, issues with mid-level scores are highlighted in yellow, and issues with minimum scores are highlighted in grey.
On clicking the 3 dots menu on any issue, you will get the option to exclude the issue, mark an app as irrelevant, and disable the policy.
Options against each issue
You can exclude any issue from the list by selecting the exclude issue option from this menu. On confirming the exclusion on the pop-up, the specific issue will be excluded from the list and you will see a success notification.
You can also make any application irrelevant by selecting the Make app irrelevant option from this menu. On marking an app as irrelevant, all of the linked issues of that specific app will be removed from the list and you won't need to handle them one by one.
Marking app irrelevant
On selecting the disable policy option, you will be able to disable the selected policy from current and future scans.
You can view the details of any issue by clicking the desired issue from the list. Once you click on the issue, a pop up with issue details will appear in the bottom section of the page.
The top left section gives you information about the application - its repo, app CI/CD flow, application's risk score and business priority.
On the top right section you can see information about the policy that was violated and the issue severity.
For code issue, you can see a table with all relevant commits, the code snippet, the people who did the commit, review and merge and the time, with links to both the code and the commit. This will allow for a quick and easy triage and attribution to the exact person who can solve the issue.
Recommendation section, which gives the recommended solution for the issue.
Training link is a link to a few minutes micro-training, describing the specific issue.
Source tool shows the original tool which triggered the incident. It can be one of the customer's commercial security tools which we integrated to, an open source security tool activated by OX, or an OX security technology.
You will have many additional supporting information under the additional info section. This info will change according to the identified issue and context, to give you the most relevant supporting data for the given context.
You can mark the issue as excluded by clicking the exclude option displayed at the bottom.
If you are interested in specific issues only, you can filter them out by using the filter options on the left. You can filter them based on applications, severity, category, issue name, policy, owner and source tool. The issues will be displayed according to the filter you chose.
Multiple filters can be selected in parallel.