Grouping issues
The items visible in the Issues view vary depending on the selected issue attribute. The attribute you select from the Group By list sorts issues in all visible folders into subfolders.
Use the issue attributes to group and view the issues in different ways. You can view issues with any of the available issue attributes, and you can create and edit customized groups. The following table describes the available issue attributes.
| Issue Attribute | Description |
|---|---|
|
Analysis |
Groups issues by the audit analysis, such as Suspicious, Exploitable, and Not an Issue. |
|
Analysis Type |
Groups issues by analyzer product, such as SCA, WEBINSPECT, and SECURITYSCOPE (OpenText DAST Agent). |
|
Analyzer |
Groups issues by analyzer group, such as Configuration, Control Flow, Data Flow, Pentest, Semantic, and Structural. |
| App Defender Protected |
Groups issues by whether Application Defender can protect the vulnerability category. |
|
Category |
Groups issues by vulnerability category. This is the default grouping. |
|
Category Analyzer |
Groups issues by category and then by analyzer. |
| <custom_tagname> | Groups issues by custom tag. |
|
File Name |
Groups issues by file name. |
|
Fortify Priority Order |
Groups issues by Critical, High, Medium, and Low based on the issue priority. |
| Kingdom | Groups issues by the Seven Pernicious Kingdoms classification. |
| Manual | Groups issues by whether they were manually created by penetration test tools, and not automatically produced by a web crawler such as OpenText DAST. |
|
<metadata_listname> |
Groups issues by the alternative metadata external list names (for example, OWASP Top 10 <year>, CWE Top 25 <year>, PCI SSF <version>, STIG <version>, and others). |
|
Shows which issues are new since the last scan. For example, if you run a new scan, any issues that are new are displayed in the tree under the Issue New group and the others are displayed in the Issue Updated group. Issues not found in the latest scan are displayed in the Issue Removed group. |
|
| New Issue by Category | Groups issues that are new since the last scan and then by category. See also New Issue. |
|
Package |
Groups issues by package or namespace. Nothing is shown for projects to which this option does not apply, such as C projects. |
| Priority by Category |
Groups issues by Fortify Priority Order and then by category. |
| Shared Trace Node | Groups issues by the most common paths determined by the Dataflow Analyzer. This grouping helps to maximize the number of issues that you can address by updating one location in the code. |
|
Sink |
Groups issues that share the same dataflow sink function. |
| SmartView | Groups issues with a multiple-level grouping based on the last setting applied in SmartView. By default, groups issues by category, and then by Shared Trace Nodes. |
|
Source |
Groups issues that share the same dataflow source functions. |
| Source File Type |
Groups issues by file type. For dataflow issues, the file contains the sink function. Issues in files with different file extensions that are the same source file type are grouped together (for example, issues in files with the extensions: |
|
Taint Flag |
Groups issues by the taint flags that they contain. |
|
<none> |
Displays a flat view without any grouping. |
|
Edit |
Select Edit to create a custom grouping option. |
The following table describes additional grouping options that are available when you create a custom grouping option (see Creating a Custom Group By Option).
| Option | Description |
|---|---|
|
Issue State |
Groups audited issues by whether the issue is an open issue or not an issue based on the level of analysis set for the primary tag. Values equivalent to Suspicious and Exploitable are considered open issue states. |
| Primary Context |
Groups issues where the primary location or sink node function call occurs in the same code context. |
| Source Context |
Groups dataflow issues that have the source function call contained in the same code context. |
| Source File | Groups dataflow issues by the source code file where the taint originated. |
| Status | Groups issues by the audit status (Reviewed, Unreviewed, or Under Review) |
| URL | Groups dynamic issues by the request web address. |