Every STO pipeline execution includes a Security Tests tab that shows the detected issues for that execution. This is the primary interface for navigating, analyzing, and remediating detected issues.
In the Security Testing Orchestration left-hand menu, go to Executions. Then go to the execution and select Security Tests.
The following steps describe the general workflow:
(Optional) Set the Security Execution to filter issues based on target, type, stage, step, or scanner.
These filters are useful for pipelines that run multiple scans. You can hide irrelevant issues and focus only issues of interest. Filtering on a specific target can make it easier to compare results with previous scans of that target.
Select the severity tiles to filter issues by severity. You can also show or hide issues with exemptions.
Drill down to the relevant issues list to view the issues found in the scan:
Only in current scan New issues not found in any previous scan of that target.
Common to <target>:<variant> Issues also found in the last scan of the specified variant.
Common to previous scan
- Issues also found in the last scan (if the scanned target has no baseline), OR
- Issues also found in the last scan of the baseline (if the scanned variant is the baseline).
Common to previous / baseline scan Issues also found in both the last scan of the specified variant AND the last scan of the baseline.
For best results in STO, every target should have a baseline defined. For more information, go to Targets, baselines, and variants in STO.
To investigate an issue in detail, click the issue in the list to open Issue Details (right).
The Issue Details pane includes known details and remediation steps for the detected issue. Note that this pane shows details for all occurrences of the detected issue, so scan down to ensure that you see all occurrences.
You can also do the following: