Support
Scan Results

Viewing Mend SAST scan results in Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

After running a DAST scan of a target configured to retrieve Mend SAST scan results, you can view both the DAST scan results and the SAST scan results retrieved from Mend on the Scan Summary and Issues pages in Invicti Enterprise. You can also track individual issue history and view the scan results in other areas of Invicti Enterprise.

NOTE: The integration between Invicti Enterprise and Mend SAST does NOT initiate a Mend SAST scan. Invicti Enterprise will pull the latest SAST scan results from Mend for a mapped target and display the information in Invicti Enterprise alongside the DAST scan results.

This document explains how to:

Scan Summary

To view Mend SAST scan results in the Scan Summary, follow the steps below:

  1. Navigate to the Scan Summary page for a target you have scanned with Mend SAST enabled.
  • Select Scans > Recent Scans, then click Report next to the scan you want to view. 

TIP: Scans that contain Mend SAST scan results have the Mend logo next to the target name on the Recent Scans page.  

  1. Select the Issues tab in the Technical Report section. The Mend SAST scan results for the target are listed below the DAST scan results.
  2. Click on a vulnerability to view more information.

  1. On the right, the Issue tab displays details from Mend for the selected vulnerability, and you have options to manage the results as you do for DAST scan results. For example:
  • URL: This is the file path and the line number where the SAST scan found the vulnerability. It is also a clickable link to the Mend finding.
  • Status: You can update the status of an issue as Accepted Risk, False Positive, or Fixed.
  • Send To: If you have integrated an issue tracker, you can assign issues to developers by clicking Send To and selecting your integrated issue tracker.

For more information, refer to Reviewing Scan Results and Imported Vulnerabilities.

All Issues

To filter the All Issues page to view only Mend SAST scan results, follow the steps below:

  1. Select Issues > All Issues from the left-side menu.

  1. Click the search icon next to Source Type in the table header.
  2. Set the Field to Source type, the Operator to Equal, and the Value to SAST. Then click Apply.

The Issues page now displays only SAST vulnerabilities retrieved from Mend. To further filter the information, you can add another filter to view only the scan results of a particular target:

  1. Click the search icon next to Target in the table header.
  2. Set the Field to Target, the Operator to Equal, and the Value to the name of the target you want to view. Then click Apply.

The Issues page now displays only the Mend SAST vulnerabilities for your selected target.

Issue History

To view the issue history for a Mend SAST scan result, follow the steps below:

  1. Select Issues > All Issues from the left-side menu.

  1. Click on the title of a Mend SAST vulnerability. (Identifiable by '(SAST)' in the issue title).

  1. Scroll to the bottom of the page where you can review the detection and activity history for the issue.

 

You can also view other information about the issue and make changes, such as updating the status or sending it to an integrated issue tracker. For more information, refer to Updating the Status of an Issue in Invicti Enterprise and Exporting a Vulnerability to an Issue Tracking System.

NOTE: Any changes you make here will not be reflected in your Mend account.