Defects represent vulnerabilities detected by various scanners or user input. The defects page is the centralized place to view all the existing defects
The defects page allows to search and filter all the existing defects in Enso. This page is commonly used for triaging defects according to their risk, severity and source (security control).
The defects are sorted by default according to their accumulated risk. Defect's risk is calculated based on:
- 1.Defect cost, configured separately per severity and security control
- 2.Related asset importance, derived from the asset's class
There are few sources that generate defects:
- 1.Scanners (SAST, SCA, DAST, IaC, etc.)
- 1.Import processes - importing defects from external files
- 2.Policy control - a customized control that reports defects on predefined scenarios (for example when AppSec activity is delayed, etc.)
There are a few actions that can be applied for each defect:
Click the defect's title to drill-down into the defect's full description
The defects' description (details and format) is structured according to the data that the scanner report
- As R&D teams using ticketing systems to manage their work, it's important to move defects to the R&D's to-do list. Click onto generate those tickets based on your defects.
- Communicating defects to the ticketing system can be done by choosing:
- Create a new Jira ticket - a new Jira ticket will be automatically created according to the defect's details. In case there are other required fields, a new tab will be opened, allowing to add the required info
- Create and edit Jira ticket - this allows to edit the Jira ticket before submitting it
- Attach a Jira ticket - attach a defect to an existing Jira ticket
- Add ticket URL - used when the tickets are not managed in Jira, but on another ticketing system
- Change the defect’s remediation status to report progress/completion, mark false-positives, etc.
The defect status impacts its cost. For example, defects that are "in progress" get a cost discount
- Change the defect's severity to reduce noise or to increase priority.