Understanding the Scans View

The Scans view displays in a table the scans that are available in the ScanCentral DAST database.

You can select the information you want to display, as well as customize other aspects of the table. For more information, see Working with Tables.

The following table describes the columns of information that are available for each scan.

Column Description
Scan Id

Indicates the integer ID in the ScanCentral DAST database for the scan.

Note: Each scan is assigned an integer ID when it is added to the ScanCentral DAST database.

Application

Indicates the application that was selected when the scan was configured.

Version

Indicates the version that was selected when the scan was configured.

Tip: The versions listed in this column are links. You can click a link to open the Application Version Overview in a new tab in Fortify Software Security Center.

Name Indicates the name of the scan. This is the name that was assigned in the scan settings.
Url Identifies the target URL for the scan.
Critical
High
Medium
Low
Indicates the number of findings for each severity category in the scan. For more information, see Understanding Vulnerability Severity.
Started On

Indicates the date and time that the scan started. The start time is stored in the dynamic scan database as UTC time and is converted to the local machine's system time when displayed in the user interface.

Status

Indicates the current status of the scan. Possible statuses are as follows:

  • Queued – The scan has been submitted and is waiting for an available sensor.

  • Pending – The scan has been accepted by a sensor but is waiting for the sensor to acknowledge that it has accepted and started the scan.

  • License Unavailable - No license is available for a sensor to start the scan. The scan remains in the queue until a license is available for use.

    Note: If the Use this sensor only option was not selected when the scan was submitted, the scan will use any available sensor in the assigned pool.

  • Paused – The sensor might have accepted the scan but not yet started it, or the user might have paused the scan so that it is not in a running state.

  • Running – The sensor is actively conducting the scan.

  • Complete – The sensor has finished the scan and results are available. If the Submit for triage option was selected during scan configuration, then the scan has been published to Fortify Software Security Center, where you can perform audit analysis of the findings.

  • Interrupted – Something went wrong with the sensor that was conducting the scan. For example, the sensor heartbeat has expired.

  • Unknown – The scan failed to complete for an unknown reason.

  • Importing – The scan is being imported from the ScanCentral DAST database and published to Fortify Software Security Center.

  • Import Failed – Something went wrong while importing a .fpr or .scan file from the sensor to the ScanCentral DAST database.

  • Import Scan File Queued – The .scan file has been uploaded to ScanCentral DAST and is being saved to the database so that it can be processed by the Utility Service.

  • Pending Scan File Import – The .scan file was successfully saved to the database and is waiting to be processed by the Utility Service.

  • Importing Scan File – The Utility Service is importing the .scan file.

  • Failed to Import Scan File – Something went wrong while uploading and saving the .scan file to the database or during processing of the file.

  • Failed to Start – A sensor accepted the scan, but the scan failed to start. Possible reasons include:

    • The Fortify Software Security Center DAST API is not running.

    • The connection to the ScanCentral DAST database has been lost.

    • Communication with the sensor has been lost.

    • The sensor failed to start.

    • The scan settings contain errors or invalid settings.

  • Pausing – The user has paused the scan, which now displays this transitional state before changing to Not Running.

  • Resuming – The user has resumed the scan, which now displays this transitional state before changing to Running.

  • Completing Scan – The user has paused the scan and subsequently clicked Complete, which stops the scan at that point and processes it as an incomplete scan.

    Tip: You can perform the same analysis and operations on an incomplete scan as you can a completed scan.

  • Resume Scan Queued – The user resumed a paused scan and the scan is waiting for the sensor to become available.

  • Forced Complete – The user paused a scan and subsequently clicked Complete. The scan completed with partial results.

Status Reason

Indicates the reason for Paused, Pausing, Resuming, Resume Scan Queued, Running, and Forced Complete statuses. Possible reasons are Deny Interval, Scan Priority, and Deny Interval User Paused. For more information, see Working with Deny Intervals, Understanding Advanced Scan Prioritization, and Configuring Scan Priority.

The following paragraphs describe the combined status and status reasons:

  • Paused / Deny Interval – The scan was running when a deny interval started. The scan is now paused until the deny interval ends.

  • Paused / Deny Interval User Paused – The scan was paused by a user, but has since entered a deny interval.

  • Paused / Scan Priority – The scan was running when a higher-priority scan started. The scan is now paused until the higher-priority scan completes or another sensor accepts the scan.

  • Pausing / Deny Interval – The scan was running when a deny interval started. The scan now displays this transitional state before changing to Paused Deny Interval.

  • Pausing / Scan Priority – The scan was running when a higher-priority scan started. The scan now displays this transitional state before changing to Paused Scan Priority.

  • Resuming / Deny Interval – The scan was paused for a deny interval, but the deny interval has ended. The scan now displays this transitional state before changing to Running.

  • Resuming / Scan Priority – The scan was paused for a higher-priority scan. The scan now displays this transitional state before changing to Running Scan Priority.

  • Resume Scan Queued / Deny Interval – The scan was paused due to a deny interval which has ended, so the scan is queued to be resumed.

  • Resume Scan Queued / Scan Priority - The scan was paused for a higher-priority scan which has completed, so the scan is queued to be resumed.

  • Running / Deny Interval – The scan was paused for a deny interval. The deny interval has ended and the sensor is actively conducting the scan.

  • Running / Scan Priority – The scan was paused for a higher-priority scan. The higher-priority scan has completed or another sensor has accepted the scan and is actively conducting it.

  • Forced Complete / Deny Interval – The scan was running when a deny interval started. The scan stopped and completed with partial results.

Duration Indicates how long the scan ran before completion. For scans that are not completed, the column displays the last known duration that was received from the sensor.
Requests Indicates the total number of requests sent during the scan.
Macro Playbacks Indicates the number of times that macros have been played during the scan.
Priority Indicates the scan priority from 0 through 10. For more information, see Configuring Scan Priority.
Purge date If data retention is enabled, indicates the date when the scan will be purged from the database. The number in parentheses indicates the number of days until the purge date.
Publish Status

Indicates whether the scan has been published to Fortify Software Security Center. Possible statuses are as follows:

  • Not Published – The .fpr file has not been published.

  • Published – The .fpr file has been published.

  • Failed to Publish – ScanCentral DAST attempted to publish the .fpr file, but it failed. Fortify Software Security Center might be down or there might be a network issue.

Publish Status Reason

Indicates why the .fpr file was not published to Fortify Software Security Center. Only applicable when the Publish Status is Not Published or Failed to Publish.

Possible reason is Artifact is too large.

Important! The files you upload to Fortify Software Security Center must not exceed 2GB.