This guide shows you how to manage the defects of delivery audits. 

Under the Life Cycle module, select Deliveries to access and manage delivery audits, files, defects, and to export audit reports in PDF and CSV format.

Click the Status icon to access the Audit module for every delivery. Also, you can access the Files module by clicking the Files value of the delivery.

Deliveries Audit

Click the Status icon (/) of a delivery to open the Audit results for that delivery, which includes the Overall Result, Checkpoints passed and the reached thresholds, the Audit Score, and detected Defects. For more information on Audit results, visit Audits Management - Audit Results Page.

In addition, you can access  other important modules of your deliveries by clicking the menu icon located next to the module title:

Deliveries Files

You can access Files by selecting the option Files in the menu icon as mentioned previously.

This screen displays a complete list of files included in the delivery. For every file, it shows absolute metrics of each file:

  • Lines of code
  • Useful lines of code
  • Global indicator
  • Defects
  • Effort (h)

 Also, it shows metrics relative to the same file when it was analyzed as part of the application baseline:

  • New defects: Number of new defects of this file as compared to defects when analyzed as part of the baseline
  • New effort (h): Effort associated with these new defects

Deliveries Defects

Click the menu icon located next to the module title and select Defects to open the defects details for the delivery.

The defects are organized in three sections:

  • New defects: This section shows the total number of new defects that the delivery has introduced in the application (as compared to baseline). These new defects may come from two sources:
    • Defects found in the delivery files that did not appear when were analyzed in the baseline, and
    • Defects found in new files, i.e. files that were not part of the baseline
  • Removed defect: This section shows the number of defects that this delivery have removed from the baseline. The scope of the delivery affects how removed defects are calculated:
    • In case of a Partial delivery, removed defects calculus is based on the comparison between the defects found in the delivery files and defects of the same files when analyzed in the baseline.
    • In case of a Complete delivery, removed defects will also include those defects of files that were analyzed in the baseline but are not part of the delivery. As the delivery is complete, the analysis assumes that those files are not part of the application any more so their associated defects have been implicitly removed.
  • Defects: This section shows the total number of defects found in the delivery files.

If there is no baseline analysis for your delivery, all defects will appears as new defects.

You can find more information about the detected defects of the delivery, they provide the Rule name, Rule information, Priority, CWE, Characteristic, Vulnerability type, Language, Effort and additional options.

Deliveries Components

The Components are organized in four sections:

  • New components
  • Removed components
  • Modified components
  • All components

Every section lists components and organized them by Component name, Vulnerabilities number, Version number, Filename, Language, Obsolescence risk, License risk, and Security risk.

The Obsolescence, license, and security risk are identified by a severity label based on their values.

To review more information of the components, expand each one of them to review the list of vulnerabilities, a description, and the severity of each one of them. Each vulnerability and CWEs are linked to its official documentation.

Export PDF or CVS

Select the option PDF or CVS to export the Audit report.

This report includes the Audit, Checkpoint information, and Checkpoint Details.

  • No labels