How to Find Which Tasks Your Scanner Doesn't Cover

Background: Understand: Security Tool Integration

SD Elements can help you identify which security requirements your automated security scanning tool doesn't cover. There are two methods to do this:

  1. Import the results of a real scan to determine which specific tasks the scanner covered. This method is more accurate
  2. Use filters to determine which tasks a class of scanners (i.e. static or dynamic analysis) usually cannot cover. This method is less accurate, but may be the only option if SD Elements does not integrate with your scanner or if you do not yet have scan results to import.

Import Results from a Scanner

Follow the instructions on how to import results from a scanner. Once completed, open the filters sidebar in the Tasks page and filter on Verification: No Verification Status. All remaining tasks in all phases were not covered by your scanner. You may also want to filter for Partial Pass as these are tasks that could not be fully confirmed by your scanner.

Use Filters

Open the filters sidebar in the Tasks page and filter on Verification: No Static Tests to see all tasks that are not typically covered by static analysis tools. Filter on Verification: No Dynamic Tests to see all tasks that are not typically covered by dynamic analysis tools. Note that if you select both filters then you will see all tasks that are either not covered by a static analysis tool or not covered by a dynamic testing tool. Selecting both filters will not yield all tasks are covered by neither type of tool.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request