Defects Page
Defects represent vulnerabilities detected by various scanners or user input. The defects page is the centralized place to view all the existing defects
Last updated
Defects represent vulnerabilities detected by various scanners or user input. The defects page is the centralized place to view all the existing defects
Last updated
The defects page allows to search and filter all the existing defects in Enso. This page is commonly used for triaging defects according to their risk, severity and source (security control).
The defects are sorted by default according to their accumulated risk. Defect's risk is calculated based on:
Defect cost, configured separately per severity and security control
Related asset importance, derived from the asset's class
There are few sources that generate defects:
Scanners (SAST, SCA, DAST, IaC, etc.)
Manual defects, created by the user from the assets' defects tab
Customization:
Import processes - importing defects from external files
Policy control - a customized control that reports defects on predefined scenarios (for example when AppSec activity is delayed, etc.)
There are a few actions that can be applied for each defect:
Click the defect's title to drill-down into the defect's full description
The defects' description (details and format) is structured according to the data that the scanner report
Communicating defects to the ticketing system can be done by choosing:
Create a new Jira ticket - a new Jira ticket will be automatically created according to the defect's details. In case there are other required fields, a new tab will be opened, allowing to add the required info
Create and edit Jira ticket - this allows to edit the Jira ticket before submitting it
Attach a Jira ticket - attach a defect to an existing Jira ticket
Add ticket URL - used when the tickets are not managed in Jira, but on another ticketing system
Change the defect’s remediation status to report progress/completion, mark false-positives, etc.
The defect status impacts its cost. For example, defects that are "in progress" get a cost discount
Change the defect's severity to reduce noise or to increase priority.
To perform bulk actions on defects, see the policy rules article
As R&D teams using ticketing systems to manage their work, it's important to move defects to the R&D's to-do list. Click onto generate those tickets based on your defects.