Defects Page

Defects represent vulnerabilities detected by various scanners or user input. The defects page is the centralized place to view all the existing defects

The defects page allows to search and filter all the existing defects in Enso. This page is commonly used for triaging defects according to their risk, severity and source (security control).

Defect risk

The defects are sorted by default according to their accumulated risk. Defect's risk is calculated based on:

  1. Defect cost, configured separately per severity and security control

  2. Related asset importance, derived from the asset's class

Defects origin

There are few sources that generate defects:

  1. Scanners (SAST, SCA, DAST, IaC, etc.)

  2. Manual defects, created by the user from the assets' defects tab

  3. Customization:

    1. Import processes - importing defects from external files

    2. Policy control - a customized control that reports defects on predefined scenarios (for example when AppSec activity is delayed, etc.)

Defect actions

There are a few actions that can be applied for each defect:

View defect information

Click the defect's title to drill-down into the defect's full description

The defects' description (details and format) is structured according to the data that the scanner report

Report defect as a ticket

  • Communicating defects to the ticketing system can be done by choosing:

    • Create a new Jira ticket - a new Jira ticket will be automatically created according to the defect's details. In case there are other required fields, a new tab will be opened, allowing to add the required info

    • Create and edit Jira ticket - this allows to edit the Jira ticket before submitting it

    • Attach a Jira ticket - attach a defect to an existing Jira ticket

    • Add ticket URL - used when the tickets are not managed in Jira, but on another ticketing system

Change the defect status or severity

  • Change the defect’s remediation status to report progress/completion, mark false-positives, etc.

The defect status impacts its cost. For example, defects that are "in progress" get a cost discount

  • Change the defect's severity to reduce noise or to increase priority.

To perform bulk actions on defects, see the policy rules article

Last updated